Hi,

I'm puzzled as to why I cannot ping a host with IP addr.
10.215.144.251 from a host with IP addr. 10.215.111.210. They are two
different vlans, but traffic should be allowed.
The tcpdump on the FW shows that the ICMP replies are ot seen from FW
to lan.1. I just don't know why.

This is my rule:

ACCEPT    lan1:10.215.111.210    lan18:10.215.144.251-10.215.144.253    all

# tcpdump -n -i lan.18 host 10.215.144.251
dropped privs to pcap
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lan.18, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:38:24.465826 IP 10.215.111.210 > 10.215.144.251: ICMP echo request,
id 1, seq 3381, length 40
13:38:24.466057 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply,
id 1, seq 3381, length 40
13:38:29.452923 IP 10.215.111.210 > 10.215.144.251: ICMP echo request,
id 1, seq 3382, length 40
13:38:29.453124 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply,
id 1, seq 3382, length 40
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

# tcpdump -n -i lan.1 host 10.215.144.251
dropped privs to pcap
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lan.1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:38:39.453736 IP 10.215.111.210 > 10.215.144.251: ICMP echo request,
id 1, seq 3384, length 40
13:38:44.462989 IP 10.215.111.210 > 10.215.144.251: ICMP echo request,
id 1, seq 3385, length 40
13:38:49.453419 IP 10.215.111.210 > 10.215.144.251: ICMP echo request,
id 1, seq 3386, length 40
13:38:54.462301 IP 10.215.111.210 > 10.215.144.251: ICMP echo request,
id 1, seq 3387, length 40
^C
4 packets captured
17 packets received by filter
0 packets dropped by kernel

This is a dump taken while pinging:

https://drive.google.com/file/d/1vEuySlF4SQVMREJBztncRy2a2P2SuD2K/view?usp=sharing

Any ideas?

Regards,

Vieri


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to