Adrian Chapela wrote: >Yes, I know... but Why can't I see the icmp packets goin throw the >tunnel interface ?? I see a GRE packet-- > 12:56:16.397645 IP >77.209.87.193 > semsor10.local: GREv0, length 88: IP 172.16.1.2 > >172.16.1.1: ICMP echo request, id 63499, seq 151, length 64 > >This is a encapsuled packet of a ping from 172.16.1.2 to 172.16.1.1 >and this is the response: > >12:56:16.397802 IP semsor10.local > 77.209.87.193: ICMP semsor10.local >protocol 47 port 2048 unreachable, length 116 > >This is the problem... Why is the eth0 responding an answer to another >interface ??
It isn't ! interfaces do not "respond to another interface" - they only send packets given them by the protocol stacks above. 77.209.87.193 is not flagged as being at the other end of tunnel0, therefore it is routed via eth0 - and if you look, it is NOT a response to the ping, it is a "destination unreachable" response to the encapsulated packet. What have you set as the public address for the other end of the tunnel (REMOTE_INET_ADDRESS in your original message) ? Is it 77.209.87.193 or 172.16.1.2 ? ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
