Well, it worked by using the same address on both eth0 and eth2 (as Tom did
here:
http://shorewall.net/XenMyWay.html ). I think that'll do it for me, just
have to tweak some other stuff.
Ismael
ps - btw sir, that's an outstanding piece of network documentation, thank
you.
2013/8/13 Ismael Milach <[email protected]>
>
> You need to look at the ping traffic on eth0. That will show you if the
>> upstream router has the correct MAC address for the DMZ host.
>>
>> tcpdump -nei eth0 icmp
>>
>
>
> Here's what it does, first the ping to the ISP"s router.
> #####
> 14:09:04.857621 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
> (0x0800), length 98: 145.166.235.252 > 145.166.235.1: ICMP echo request,
> id 16576, seq 1, length 64
> 14:09:04.858157 00:04:96:27:ae:41 > 9c:8e:99:2c:e3:1c, ethertype IPv4
> (0x0800), length 98: 145.166.235.1 > 145.166.235.252: ICMP echo reply, id
> 16576, seq 1, length 64
>
> 14:09:05.856573 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
> (0x0800), length 98: 145.166.235.252 >
> 145.166.235.1: ICMP echo request, id 16576, seq 2, length 64
> 14:09:05.857062 00:04:96:27:ae:41 > 9c:8e:99:2c:e3:1c, ethertype IPv4
> (0x0800), length 98: 145.166.235.1 > 145.166.235.252: ICMP echo reply, id
> 16576, seq 2, length 64
> #######
>
>
> then while pinging to the internet with no reply
> ####
> 14:09:15.829227 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
> (0x0800), length 98: 145.166.235.252 > 8.8.8.8: ICMP echo request, id
> 16577, seq 1, length 64
> 14:09:16.835848 9c:8e:99:2c:e3:1c > 00:04:96:27:ae:41, ethertype IPv4
> (0x0800), length 98: 145.166.235.252 > 8.8.8.8: ICMP echo request, id
> 16577, seq 2, length 64
> ####
>
> 9c:8e:99:2c:e3:1c is the firewall's eth2. So I commented out the proxyarp
> line and it didn't change anything, indeed.
>
> Thanks again Tom, I'll look at it later, probably doing it from the
> scratch.
>
> Ismael
>
>
>
>
>
>
>> -Tom
>> --
>> Tom Eastep \ When I die, I want to go like my Grandfather who
>> Shoreline, \ died peacefully in his sleep. Not screaming like
>> Washington, USA \ all of the passengers in his car
>> http://shorewall.net \________________________________________________
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
