Hi, I used to ping correctly from the shorewall FW to a remote host's IP address in particular zone (CAIB, see below).
Somehow, this ping is failing now, and I don't know if it's a config error on my behalf or that the remote host stopped replying. This is the failing ping performed on $FW: # ping -I 10.215.246.91 10.215.236.123 -c 1 PING 10.215.236.123 (10.215.236.123) from 10.215.246.91 : 56(84) bytes of data. --- 10.215.236.123 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms Still on $FW, I can ping the same IP address from a differnet source IP address: # ping -I 10.215.144.91 10.215.236.123 -c 1 PING 10.215.236.123 (10.215.236.123) from 10.215.144.91 : 56(84) bytes of data. 64 bytes from 10.215.236.123: icmp_seq=1 ttl=60 time=2.08 ms --- 10.215.236.123 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.084/2.084/2.084/0.000 ms I have this in rtrules: # grep "10.215.232.0/21" rtrules 10.215.144.0/23 10.215.232.0/21 IBS 11420 - 10.215.232.0/21 CAIB 11615 where IBS and CAIB are providers for the same 10.215.232.0/21 network (can be used as load-balanced links or failover). # shorewall show routing | grep 10.215.232.0 11420: from 10.215.144.0/23 to 10.215.232.0/21 lookup IBS 11615: from all to 10.215.232.0/21 lookup CAIB Note that pinging 10.215.236.123 from a LAN host with IP address 10.215.246.* is successful. On $FW: # traceroute -s 10.215.246.91 10.215.236.123 traceroute to 10.215.236.123 (10.215.236.123), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * *^C # traceroute -s 10.215.144.91 10.215.236.123 traceroute to 10.215.236.123 (10.215.236.123), 30 hops max, 60 byte packets 1 172.28.17.110 (172.28.17.110) 0.694 ms 1.396 ms 1.408 ms 2 10.128.12.0 (10.128.12.0) 2.096 ms 2.558 ms 2.816 ms 3 172.20.30.2 (172.20.30.2) 1.770 ms 1.763 ms 1.732 ms 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 *^C # traceroute -s 172.20.11.62 10.215.236.123 traceroute to 10.215.236.123 (10.215.236.123), 30 hops max, 60 byte packets 1 172.20.11.50 (172.20.11.50) 0.518 ms 0.612 ms 0.569 ms 2 172.20.4.210 (172.20.4.210) 2.008 ms 2.009 ms 1.966 ms 3 10.215.4.242 (10.215.4.242) 6.316 ms 6.314 ms 6.317 ms 4 172.20.4.14 (172.20.4.14) 8.094 ms 8.028 ms 8.549 ms^C I'm attaching a shorewall dump while performing the ping from $FW (10.215.246.91) to 10.215.236.123. Thanks, Vieri
swdump.gz
Description: application/gzip
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
