Hi, I had a typical multi-ISP setup with just 1 LAN. Now I have the same thing except I added a DMZ and both subnets (LAN & DMZ) need to be masqueraded in order to reach the web.
Ping tests from DMZ to NET fail (LOC to NET work as usual): icmp requests seem to go out to the correct ISP and icmp replies are received from the same interface and reach the shorewall system but are not sent back to the DMZ host. So the failing fragment is the ICMP reply from $FW to DMZ. It could be a routing issue but I don't see it. Please have a look at: http://213.96.91.201/temp/from_192.168.228.2_to_209.85.229.99_shorewall_dump.gz http://213.96.91.201/temp/from_192.168.228.2_to_209.85.229.99_tcpdump_eth1.txt http://213.96.91.201/temp/from_192.168.228.2_to_209.85.229.99_tcpdump_eth5.txt Any ideas? Thanks, Vieri ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
