On 09/18/2018 05:51 AM, Eric Teeter wrote: > I have installed Shorewall version 5.2.0.4 on Fedora 28. I'm trying to > get my DMZ working with a Cisco SGE2010P with VPLN. > > I can ping from (DMZ) IP 192.168.2.221 to Shorewall (NET) 192.168.2.253 > , but I can not ping any were else from this machine. For example eno2 > (192.168.1.253). > > I can ping every were on my LOC network & to yahoo.com, but not to > (machine on DMZ)192.168.2.221. > > Are there any settings that need to be changed? > > I have enclosed my Shorewall Dump as well as all config files. > > Shorewall cards; IP of net is eno1 IP changed for my protection, loc is > eno2, dmz is eno3. > > eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet aa,bb.cc.dd netmask 255.255.254.0 broadcast 24.159.241.255 > ether d4:be:d9:f4:e0:62 txqueuelen 1000 (Ethernet) > > eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.1.253 netmask 255.255.255.0 broadcast 192.168.1.255 > ether d4:be:d9:f4:e0:64 txqueuelen 1000 (Ethernet) > > eno3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.2.253 netmask 255.255.255.0 broadcast 192.168.2.255 > ether d4:be:d9:f4:e0:66 txqueuelen 1000 (Ethernet) >
Hi Eric, Sorry for the delay in answering - I've been traveling in Europe for the last three weeks. In the dump you forwarded, I see NO traffic at all from the DMZ (en03). Did you attempt any connections before taking the dump? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users