> You need to look at the ping traffic on eth0. That will show you if the
> upstream router has the correct MAC address for the DMZ host.
>
> tcpdump -nei eth0 icmp
>
Here's what it does, first the ping to the ISP"s router.
#####
14:09:04.857621 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
(0x0800), length 98: 145.166.235.252 > 145.166.235.1: ICMP echo request, id
16576, seq 1, length 64
14:09:04.858157 00:04:96:27:ae:41 > 9c:8e:99:2c:e3:1c, ethertype IPv4
(0x0800), length 98: 145.166.235.1 > 145.166.235.252: ICMP echo reply, id
16576, seq 1, length 64
14:09:05.856573 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
(0x0800), length 98: 145.166.235.252 >
145.166.235.1: ICMP echo request, id 16576, seq 2, length 64
14:09:05.857062 00:04:96:27:ae:41 > 9c:8e:99:2c:e3:1c, ethertype IPv4
(0x0800), length 98: 145.166.235.1 > 145.166.235.252: ICMP echo reply, id
16576, seq 2, length 64
#######
then while pinging to the internet with no reply
####
14:09:15.829227 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
(0x0800), length 98: 145.166.235.252 > 8.8.8.8: ICMP echo request, id
16577, seq 1, length 64
14:09:16.835848 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
(0x0800), length 98: 145.166.235.252 > 8.8.8.8: ICMP echo request, id
16577, seq 2, length 64
####
9c:8e:99:2c:e3:1c is the firewall's eth2. So I commented out the proxyarp
line and it didn't change anything, indeed.
Thanks again Tom, I'll look at it later, probably doing it from the scratch.
Ismael
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
