Vieri,
Congrats, buddy! You figured it out. Yes, it wasn’t a Shorewall issue, as I
also suspected!
In my experience I always learn a ton troubleshooting issues like this! I’m
sure you know way more now!
🙌
Bill
Sent from my iPhone
> On Feb 5, 2022, at 11:55 AM, Vieri Di Paola wrote:
>
>
Just in case someone comes across a similar issue, there was
absolutely nothing wrong with the shorewall router. The only problem
was with 3 specific hosts which were all HPE iLO 5 systems. I tried
arping to try to update their ARP caches as accessing them via ssh
didn't really give me any useful t
Vieri, did u get this figured out yet?
If not, I can provide “step-by-step” instructions. Is that what u want?
Bill
Sent from my iPhone
> On Jan 26, 2022, at 8:09 AM, Vieri Di Paola wrote:
>
> On Tue, Jan 25, 2022 at 2:08 PM William Papolis wrote:
>>
>> I don’t want to diss on Shorewall, i
On Tue, Jan 25, 2022 at 2:08 PM William Papolis wrote:
>
> I don’t want to diss on Shorewall, in a Shorewall forum
then please don't.
> Maybe there are reasons Shorewall is better? I don’t know what they are
Tom was -- I sure as hell miss him.
___
S
Like u said, Shorewall tries to consolidate “IP ROUTING” and “system
configuration“ into one place with their own Shorewall syntaxt”.
I don’t want to diss on Shorewall, in a Shorewall forum, but if u have to learn
“IP ROUTING” and “system configuration” to make Shorewall “work”, then what’s
th
What device are you using to configure your vLANs?
Likely your switch, right?
Switches can do “bridging” too.
I would “look there”, if you feel that some bridging is happening that your
switch is facilitating.
Without a network map, I don’t see how I can help.
It sounds like u got a lot going
On Tue, Jan 25, 2022 at 1:21 AM William Papolis wrote:
>
> This isn't a "Shorewall" issue.
>
> It's an "IP ROUTING" issue.
>
> Look at my last response.
Shorewall also sets network system parameters such as arp filtering,
ip routing, etc.
So this could be a "Shorewall issue" because Shorewall cha
This isn't a "Shorewall" issue.
It's an "IP ROUTING" issue.
Look at my last response.
Bill
On Mon, Jan 24, 2022 at 6:37 PM Vieri Di Paola
wrote:
> In the failing scenario where a host in vlan 1 with IP addr.
> 10.215.111.210 cannot ping a host in vlan 18 with IP addr.
> 10.215.144.251 this i
Yep, you're right. You just need to look at your NIC (Network Interface
Card) configuration.
Make sure your Shorewall device has an IP for both "Networks".
# sudo pico /etc/network/interfaces... on DEBIAN to edit
your network config
Then do ...
# sudo route -n
In the failing scenario where a host in vlan 1 with IP addr.
10.215.111.210 cannot ping a host in vlan 18 with IP addr.
10.215.144.251 this is what I see on the SW FW:
# tcpdump -n -i lan -e vlan and host 10.215.144.251
dropped privs to pcap
tcpdump: verbose output suppressed, use -v[v]... for ful
On Tue, Jan 25, 2022 at 12:22:17AM +0100, Vieri Di Paola wrote:
> Any ideas as to why I'm seeing this?
>
> Why is interface "ext" receiving the ICMP replies in the first case?
Like last time, I don't understand why you started a new email thread.
It should be easier for you to reply to the same
Thanks, Bill.
As shown in the dump, my Shorewall system is a router.
I think the problem may lie in routing rules/netmasks/ARP.
I have other hosts in the same vlans as in my first example that
perfectly reply to ICMP.
For instance, host in vlan 1 with IP addr. 10.215.111.210 can
successfully ping
S ... if Shorewall is acting as your "bridge", what does this mean?
It means that the Shorewall device has "an IP" on both networks ... AND
it's configured to act as Bridge. I would have to check my Firewall
settings to remember how I did that. My Firewall acts as my ROUTER which is
essentiall
When you move across a "Network" to another "Network", you need a "Bridge"
Is your Firewall acting as a Bridge across those two "Networks"?
I'm assuming those IP's are on your "internal" network.
Bill
On Mon, Jan 24, 2022 at 1:55 PM Vieri Di Paola
wrote:
> Hi,
>
> I'm puzzled as to why I cann
14 matches
Mail list logo
