Hi, I'm puzzled as to why I cannot ping a host with IP addr. 10.215.144.251 from a host with IP addr. 10.215.111.210. They are two different vlans, but traffic should be allowed. The tcpdump on the FW shows that the ICMP replies are ot seen from FW to lan.1. I just don't know why.
This is my rule: ACCEPT lan1:10.215.111.210 lan18:10.215.144.251-10.215.144.253 all # tcpdump -n -i lan.18 host 10.215.144.251 dropped privs to pcap tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on lan.18, link-type EN10MB (Ethernet), snapshot length 262144 bytes 13:38:24.465826 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, id 1, seq 3381, length 40 13:38:24.466057 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply, id 1, seq 3381, length 40 13:38:29.452923 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, id 1, seq 3382, length 40 13:38:29.453124 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply, id 1, seq 3382, length 40 ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel # tcpdump -n -i lan.1 host 10.215.144.251 dropped privs to pcap tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on lan.1, link-type EN10MB (Ethernet), snapshot length 262144 bytes 13:38:39.453736 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, id 1, seq 3384, length 40 13:38:44.462989 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, id 1, seq 3385, length 40 13:38:49.453419 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, id 1, seq 3386, length 40 13:38:54.462301 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, id 1, seq 3387, length 40 ^C 4 packets captured 17 packets received by filter 0 packets dropped by kernel This is a dump taken while pinging: https://drive.google.com/file/d/1vEuySlF4SQVMREJBztncRy2a2P2SuD2K/view?usp=sharing Any ideas? Regards, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
