Tom -- Replying to:
> Sounds like a stale ARP cache problem in the upstream router. > I presume that "shorewall clear" doesn't improve the situation? I didn't try "shorewall clear", but I'll try that tonight when I get home and can do some more experimenting. I =did= try an "arping -U" command to update the upstream router's ARP cache, in case that might have been the problem. FWIW, I haven't run into stale ARP cache issues previously at my location; changing the network card in my current firewall, at various times in the past, never interrupted traffic. I would also have thought (possibly naively?) that even if there had been a stale ARP cache issue, it wouldn't have affected things if I were originating connections from my firewall (as opposed to outside hosts trying to connect to me). Anyway, I'll try experimenting with this tonight. I suppose I could run "tcpdump" to see everything coming in from my Internet connection; this should show me if replies are being sent to the wrong MAC address. If all else fails, I could physically move the external network card from my production firewall into the new firewall -- though, hopefully understandably, I'd only want to do that as a last resort. Do any other possibilities come to your mind, in case it turns out not to be a question of a stale ARP cache? Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED] http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
