On 2/1/2021 2:23 PM, Richard Emling wrote: > Hi. > > I have a 2 interface configured Raspi guarding a part of our network. > This Pi is connected to a Fritz! Box, thats again linked to another > remote Fritz! Box via the Fritz! VPN service. > At the remote place resides a raspi I would like to ssh into. > What do I have to add to my rules file, to be able to do so? > The guarded part of the network has a 192.168.180 ip range, > the Fritz! Box at my side works with 192.168.179 and the remote Fritz! > Box is set to 192.168.10. > > When I try to ping the remote Raspi from behind the firewall, I get: > > richard@s2:~$ ping 192.168.10.126 > PING 192.168.10.126 (192.168.10.126) 56(84) bytes of data. > From 192.168.179.2 icmp_seq=1 Destination Host Unreachable > From 192.168.179.2 icmp_seq=2 Destination Host Unreachable > From 192.168.179.2 icmp_seq=3 Destination Host Unreachable > From 192.168.179.2 icmp_seq=4 Destination Host Unreachable > ^C > --- 192.168.10.126 ping statistics --- > 5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 59ms > pipe 4 > > 192.168.179.2 is the ip, my Fritz! Box assigned to the Raspi hosting the > Shorewall from the interface facing to the unprotected side. > So it seems, as something gets blocked there. > > When I again connect a computer to the Fritz! Box Ping and SSH to the > remote Pi work just fine. >
Have a look at (1) and (2). If it still does not work, we will need a dump collected as described at(3). Note that I can not guarantee when/if the dump will be looked at or if I will be able to help you. 1) https://shorewall.org/troubleshoot.htm#Connections 2) https://shorewall.org/FAQ.htm 3) https://shorewall.org/support.htm#Guidelines -- Matt Darfeuille <m...@shorewall.org> Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
