Tim Nelson wrote: > I'd throw a nice big "ALLOW ANY PROTOCOL ANY DESTINATION ANYWHERE AND > EVERYWHERE" at the top of your rules and see if the problem is fixed. If not, > you've got bigger problems. If so, check your rules a bit more carefully. >
ouch! don't you come near my firewalls! if you really really had to, make rules which allow from any of YOUR ip addresses to any, with a protocol/service you can trust (ssh, dns). quite often these problems are caused because if you have multiple possible routes between networks, and the routing is asymmetric, then stateful inspection will kill things. using "tcpdump -l -n -i interface icmp" and ensuring that packets enter/leave on the same interface will help - test all interfaces to make sure the ingress and egress interfaces are correct! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
