________________________________ From: Tom Eastep <teas...@shorewall.net> >> I will be running the following command as soon as I can: >> >> # tcpdump -nni enp6s0 icmp
> > That should do it, I'm really sorry to keep this thread alive for so long, but I'm in a nasty predicament. Here's the test I performed while trying to ping from "lan" host at 10.215.144.48 to 8.8.8.8, 172.16.0.2, and 10.215.144.92 (all these are out on the WAN interface): # tcpdump -nni enp6s0 icmp 07:20:55.508319 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 1950, length 40 07:20:55.508332 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 1951, length 40 07:21:00.500377 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 1969, length 40 07:21:00.500408 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 1968, length 40 07:21:05.507934 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 1987, length 40 07:21:05.507966 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 1988, length 40 07:21:10.499942 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 2006, length 40 07:21:10.499973 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 2007, length 40 07:21:15.507474 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 2025, length 40 07:21:15.507491 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 2026, length 40 07:21:20.499413 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 2044, length 40 07:21:20.499427 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 2045, length 40 07:21:25.507017 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 2062, length 40 07:21:25.507030 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 2063, length 40 07:21:30.498980 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 2080, length 40 07:21:30.499035 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 2081, length 40 07:21:35.506473 IP 10.215.144.48 > 8.8.8.8: ICMP echo request, id 1, seq 2100, length 40 07:21:35.506484 IP 10.215.144.48 > 172.16.0.2: ICMP echo request, id 1, seq 2099, length 40 There's nothing regarding 10.215.144.92 here, but I'm guessing it could be an arp cache issue on the lan host at 10.215.144.48 because I'm not getting any ICMP requests for that destination on $FW's "lan" interface. I did however delete the arp cache on that host before trying to ping again... oh, well. However, the other two destinations (8.8.8.8 and 172.16.0.2) are listed above. Also note that: - I can ping 8.8.8.8 and 172.16.0.2 (as well as 10.215.144.92 which is on the "other" shorewall gateway) from $FW itself just fine. All 3 dst are on WAN interface. - The "lan" host at 10.215.144.48 has default gateway 10.215.144.91 (which is on the $FW) and it can successfully ping the latter address. - lan-ibs and lan-caib traffic is OK With that in mind, I'm supposing there shouldn't be an arp cache issue here. Furthermore, the arp cache timeout setting of the switch between $FW and the other shorewall gateway is 10 seconds. I also tried changing the wan NIC on $FW just to dicard hardware/driver issues. I used one of the 4 ports on the Intel NIC which is already working OK for the ibs and caib zones. Same results, no joy. Any help is greatly appreciated, as always, but especially now. Thanks, Vieri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
