On 9/18/2018 2:51 PM, Eric Teeter wrote: > I have installed Shorewall version 5.2.0.4 on Fedora 28. I'm trying to > get my DMZ working with a Cisco SGE2010P with VPLN. > > I can ping from (DMZ) IP 192.168.2.221 to Shorewall (NET) 192.168.2.253 > , but I can not ping any were else from this machine. For example eno2 > (192.168.1.253). > > I can ping every were on my LOC network & to yahoo.com, but not to > (machine on DMZ)192.168.2.221. > > Are there any settings that need to be changed? > > I have enclosed my Shorewall Dump as well as all config files. > > Shorewall cards; IP of net is eno1 IP changed for my protection, loc is > eno2, dmz is eno3. > > eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet aa,bb.cc.dd netmask 255.255.254.0 broadcast 24.159.241.255 > ether d4:be:d9:f4:e0:62 txqueuelen 1000 (Ethernet) > > eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.1.253 netmask 255.255.255.0 broadcast 192.168.1.255 > ether d4:be:d9:f4:e0:64 txqueuelen 1000 (Ethernet) > > eno3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.2.253 netmask 255.255.255.0 broadcast 192.168.2.255 > ether d4:be:d9:f4:e0:66 txqueuelen 1000 (Ethernet) >
Did you look at: http://shorewall.org/troubleshoot#Connections Does ping work when Shorewall is cleared ('shorewall clear'). http://shorewall.org/troubleshoot#Ping -Matt -- Matt Darfeuille _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
