On 20.08.17 07:50, Ray via luv-main wrote: > On 19.08.2017 20:23, Erik Christiansen via luv-main wrote: > > A forward route is only half the story. What do ping and traceroute > > report? Here, my modem is on the same subnet: > > > > This test shows that there is only a connection in one direction, ie no > return path.
That's kinda what I expected. It is the likeliest omission when setting bridging routes. If you can ping the inboard host and the router from the firewall, then that confirms that the problem is entirely in the routes you have(n't) set to bridge the two subnets. Please feel free to post the output of "netstat -rn", or "ip route". Its output might be preferable, as it's more descriptive: $ ip route default via 192.168.1.1 dev eth0 proto static 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 You'll need to see a similar default route to the router, plus a similar second route for traffic to the outboard subnet. That'll pass a ping through the firewall to the router, but not back. So you need a third path, to the inboard subnet. That must be on the _other_port_ in your case. To allow a /24 netmask to discriminate between inboard and outboard bound traffic you will need to move either the router and eth0 to another subnet, e.g. 192.168.2.0, or do that for your inboard hosts and eth1. Then the firewall has a way to tell which packets should go to which port. (Your bridge will then have two ends.) There is a fourth path needed - in the router. But if it returns pings from the firewall, then that's already there. Once that's all in place, a traceroute will show you the improvement. It's all a lot easier the second time. Erik _______________________________________________ luv-main mailing list [email protected] https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
