On Ked, December 5, 2006 17:59, Tom Eastep wrote: > I don't know how many times I have to point this out but I'll do it again: > > You can always eliminate Shorewall in simple cases like this by > doing "shorewall clear" and testing again. Be sure to "shorewall start" > after testing.
this is our real firewall so it's not that simple. > Looks to me like a bad cable or hub/switch port. It appears that > 172.16.10.2 > isn't receiving from 172.16.10.1. You could, of course, confirm that by > packet > sniffing from 172.16.10.2. Or it could possibly be an incorrect netmask > (255.255.255.255) on 172.16.10.2. Or it could be that there is a route to > 172.16.10.1 out of another interface on 172.16.10.2. Or ... > > As an aside -- most people get very frustrated when bringing up a > configuration > like you are attempting. Getting 172.16.10.2 to communicate with the other > public servers on that LAN is a real challenge and you will run into some > interesting problems. I don't recommend such a configuration and > consequently > have not documented how to do it. ok so the full story, that it's our dmz zone and the firewall is the real firewall. until now there is only public ip address in this zone. but now would like to put a new machine with virtulization. and for the dom0 (in xen terminology) or hardware node (in openvz) i'd to give the private address while in the virtual server on it use public address (to not waste our public ip address). so the hypervizor don't have to access to any other machine in the network just to the firewall. i hope this clrear the setup. this machine works in the internal lan and now we connected it to the dmz after that this happend. i assume there is no hardware problem since if i ping from the new server the firewall and run the tcpdump _on_ the firewall then i've got the above result, so i assume threre is at least etherenet level communications. but i'll check the hardwares tomorrow. yours. -- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
