On 01/09/2018 10:30 PM, Thomas wrote: > Hi Tom, > > I tried to > - ssh from 192.168.1.48 to 10.0.0.8 -> failure
I suspect that this is strictly a routing issue. Does 192.168.1.48 have
a route to 10.0.0.0/24 via 192.168.1.14? Does the router? If not, how
can 192.168.1.48 possibly send packets to 10.0.0.8?
> - update repos from 10.0.0.8 -> failure
It appears that traffic outbound from 10.0.0.0/24 should go out of eno1.
If on the Shorewall system, you:
tcpdump -nei eno1 -p icmp
then on 10.0.0.8
ping -n 8.8.8.8
what does tcpdump show?
> vmbr0 is 192.168.1.14 and this is network fb.
> 192.168.1.0/24 is NATed by router.
But again, if traffic from 10.0.0.0/24 or 192.168.100.0/24 were to be
sent via vmbr0, the router would be unable to route the response packets
unless either:
a) It has routes to those subnets via 192.168.1.14, or
b) The shorewall box masquerades those subnets
> Any outgoing communication in this network is working w/o issues.
>
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
