On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote: > Thanks for reply. Both of you. > > I pinged from client to router, on both routers interfaces 172.16.0.254 and > 192.168.0.254. > > # tcpdump -n -e -ttt -i pflog0 > tcpdump: listening on pflog0, link-type PFLOG > Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 > > 192.168.0.254: icmp: echo request (DF) > Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 > > 172.16.0.254: icmp: echo request (DF) > Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 > > 212.58.250.36.443: udp 16 > Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 > > 212.58.250.36.443: udp 16 > > Going back to what Martin said, I can ping to either client, on either > subnet, from router. I can even ping through router from 172 subnet to 192 > subnet, just not the other way. And it doesn't look like there are any rules > in the Iptables ruleset.
It smells of routing. Check the tables on each client and see if they're going through a different gateway than you expect. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
