>Did you compress the attachment? The list has a maximum attachment size.
Yes I did (ZIP format - 32KB). I also checked and my hw router supports NAT-T which is enabled. > >That's very shaky logic. Have you LOOKED at the traffic with a traffic >sniffer like tcpdump or Wireshark? Yes. I used tcpdump. >Once more -- the packet that is getting blocked is coming from your >internal network and it is addressed to your firewall!!! >So if your external and internal interfaces aren't bridged then the >packet must be coming from the Zyxel in your local network. >Try this test: >a) from your Shorewall box, ping 192.168.1.180 (The Zyxel). >b) type "arp -na". >Is 00:40:f4:b2:94:96 the MAC address associated with 192.168.1.180 in >the output from 'arp'? No. I get different MAC. (00:19:CB:2C:DF:87) So the MAC mentioned above must be from hw router from other side. Scorpy ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
