When you move across a "Network" to another "Network", you need a "Bridge"
Is your Firewall acting as a Bridge across those two "Networks"? I'm assuming those IP's are on your "internal" network. Bill On Mon, Jan 24, 2022 at 1:55 PM Vieri Di Paola <vieridipa...@gmail.com> wrote: > Hi, > > I'm puzzled as to why I cannot ping a host with IP addr. > 10.215.144.251 from a host with IP addr. 10.215.111.210. They are two > different vlans, but traffic should be allowed. > The tcpdump on the FW shows that the ICMP replies are ot seen from FW > to lan.1. I just don't know why. > > This is my rule: > > ACCEPT lan1:10.215.111.210 lan18:10.215.144.251-10.215.144.253 all > > # tcpdump -n -i lan.18 host 10.215.144.251 > dropped privs to pcap > tcpdump: verbose output suppressed, use -v[v]... for full protocol decode > listening on lan.18, link-type EN10MB (Ethernet), snapshot length 262144 > bytes > 13:38:24.465826 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, > id 1, seq 3381, length 40 > 13:38:24.466057 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply, > id 1, seq 3381, length 40 > 13:38:29.452923 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, > id 1, seq 3382, length 40 > 13:38:29.453124 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply, > id 1, seq 3382, length 40 > ^C > 4 packets captured > 4 packets received by filter > 0 packets dropped by kernel > > # tcpdump -n -i lan.1 host 10.215.144.251 > dropped privs to pcap > tcpdump: verbose output suppressed, use -v[v]... for full protocol decode > listening on lan.1, link-type EN10MB (Ethernet), snapshot length 262144 > bytes > 13:38:39.453736 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, > id 1, seq 3384, length 40 > 13:38:44.462989 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, > id 1, seq 3385, length 40 > 13:38:49.453419 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, > id 1, seq 3386, length 40 > 13:38:54.462301 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, > id 1, seq 3387, length 40 > ^C > 4 packets captured > 17 packets received by filter > 0 packets dropped by kernel > > This is a dump taken while pinging: > > > https://drive.google.com/file/d/1vEuySlF4SQVMREJBztncRy2a2P2SuD2K/view?usp=sharing > > Any ideas? > > Regards, > > Vieri > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
