On Tue, 2010-02-09 at 08:24 +0800, Wilson Kwok wrote: > Hello Tom > > I'm trying to ping 210.0.214.127 from external host, it's request time > out, but I can ping 210.0.214.119, I accepted in policy and rules file > before try to ping. > > Policy: > net dmz DROP info > net $FW ACCEPT info > net loc DROP info > net all DROP info > > Rules: > Ping/ACCEPT net $FW >
Wilson, I give you complete instructions for diagnosing the problem; did you follow them? If so, what was the result. I can't help you if you ignore what I tell you and go off doing something else. Because you are forwarding 210.0.214.127 to your dmz, you would need this rule: Ping/ACCEPT net dmz BUT YOU DON'T NEED ANY RULES TO FOLLOW THE INSTRUCTIONS THAT I GAVE YOU. We are trying to determine if the packets are even reaching your firewall and if so, do they have the correct L2 address. All the rules in the world won't fix the problem if the packets aren't even reaching your firewall. You are wasting both your time and mine. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
