On 08/13/2013 08:10 AM, Ismael Milach wrote: > Hey guys, > > Here's the situation, I've 3 networks, the host with IP, say > 145.166.235.252 is connected to FW's interface eth2 (dmz) and the hosts > attached via eth0 (net) are able to access it using that address. > > interfaces > net eth0 detect > loc eth1 detect > dmz eth2 detect > > > Here's fw's routing table, and 145.166.235.1 would be the ISP's router > 0.0.0.0 145.166.236.1 0.0.0.0 UG 0 0 0 eth0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 145.166.235.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 145.166.235.224 0.0.0.0 255.255.255.224 U 0 0 0 eth2 > 145.166.235.252 0.0.0.0 255.255.255.255 UH 0 0 0 eth2 > > /etc/shorewall/proxyarp > 145.166.235.252 eth2 eth0 No > > > From the host 145.166.235.252 I can access the firewall, the IPSs > gateway, but I can't get beyond it. > > host's routing table > 145.166.235.224 0.0.0.0 255.255.255.224 U 0 0 0 eth1 > 0.0.0.0 145.166.235.253 0.0.0.0 UG 0 0 0 eth1 > > 253 would be fw's eth2 > > ######from the host to the ISP ######### > PING 145.166.235.1 (145.166.235.1) 56(84) bytes of data. > 64 bytes from 145.166.235.1 <http://145.166.235.1>: icmp_req=1 ttl=254 > time=0.854 ms > ############################# > > I think it doesn't have anything to do with shorewall misconfig but I > hope you guys can give me some pointers here on what I'm missing... ip > forwarding is enabled, I tried to use NAT and it worked using masq on a > 192.168.0.0/24 <http://192.168.0.0/24> local network, through fw's eth1. > > The ping is not being rejected either. > > I'll still try a traceroute from outside later... > > Any help would be appreciated. >
You need to look at the ping traffic on eth0. That will show you if the upstream router has the correct MAC address for the DMZ host. tcpdump -nei eth0 icmp -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
