On Wed, 2011-06-15 at 07:09 -0700, Vieri Di Paola wrote: > Hi, > > I had a typical multi-ISP setup with just 1 LAN. Now I have the same thing > except I added a DMZ and both subnets (LAN & DMZ) need to be masqueraded in > order to reach the web. > > Ping tests from DMZ to NET fail (LOC to NET work as usual): > icmp requests seem to go out to the correct ISP and icmp replies are received > from the same interface and reach the shorewall system but are not sent back > to the DMZ host. So the failing fragment is the ICMP reply from $FW to DMZ. > It could be a routing issue but I don't see it. > > Please have a look at: > > http://213.96.91.201/temp/from_192.168.228.2_to_209.85.229.99_shorewall_dump.gz > http://213.96.91.201/temp/from_192.168.228.2_to_209.85.229.99_tcpdump_eth1.txt > http://213.96.91.201/temp/from_192.168.228.2_to_209.85.229.99_tcpdump_eth5.txt > > Any ideas?
You forgot to add eth1 to the COPY column in your providers file. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
