Hi, I set up a test environment in order to pinpoint issues before going live. I have a live Shorewall gateway connected to a test Shorewall Firewall/router (from now on $FW) through a NIC. I then have test hosts in different zones, and I'm trying to ping them.
On the Shorewall Gateway, there is no ICMP traffic according to: # tcpdump -n -i enp11s0 icmp On $FW I can ping any host Ip address, including the ones listed below. No issues there. However, the following ping requests fail from a host in the LAN zone with IP address 10.215.144.48 to: - 10.215.144.92 (on the Shorewall Gateway, in $FW's WAN zone) - 172.16.0.12 (on the Shorewall Gateway, in $FW's WAN zone) - 192.168.212.92 (in $FW's DMZ zone) The following ping requests succeed from a host in the LAN zone with IP address 10.215.144.48 to: - 10.215.144.91 ($FW, LAN NIC IP addr.) - 172.16.0.11 ($FW, WAN NIC IP addr.) The only unreplied ARP request I see in $FW is "who-has 10.215.144.92 tell 10.215.144.48" on the LAN interface. On the Shorewall Gateway I do not see any output when running this command: # tcpdump -n -i enp11s0 arp and host 10.215.144.48 Note that the Shorewall Gateway rules allow ICMP traffic. I'm attaching the dump to see if you can help me find where I made a mistake. Thanks, Vieri
swdump.test.gz
Description: application/gzip
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
