Thanks for reply. Both of you. I pinged from client to router, on both routers interfaces 172.16.0.254 and 192.168.0.254.
# tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 > 192.168.0.254: icmp: echo request (DF) Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 > 172.16.0.254: icmp: echo request (DF) Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 > 212.58.250.36.443: udp 16 Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 > 212.58.250.36.443: udp 16 Going back to what Martin said, I can ping to either client, on either subnet, from router. I can even ping through router from 172 subnet to 192 subnet, just not the other way. And it doesn't look like there are any rules in the Iptables ruleset. Does it look like what you suggested it might be Christiano? Thanks. Christiano Farina Haesbaert wrote: > > First try to make a ping from client--->server, then call tcpdump icmp on > the server and check the source address reaching it, make sure that the > source ip is the client's IP. > > I bet some node of your network is doing NAT, and the server is > responding > the ICMP packets to the equipment doing the nat, not the machine issuing > the > ping. > > Best regards > > > -- View this message in context: http://www.nabble.com/Router-ping-one-way-only-tp21569634p21573037.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
