Soooo ... if Shorewall is acting as your "bridge", what does this mean?
It means that the Shorewall device has "an IP" on both networks ... AND it's configured to act as Bridge. I would have to check my Firewall settings to remember how I did that. My Firewall acts as my ROUTER which is essentially a "SMART BRIDGE". For my setup ... I built a Firewall and it's configured with a Class C that I have subdivided into subnets. For each Subnet, my Firewall needs to "have an IP in each network" in order to "Bridge" data from one network to another. I also have ports "open" for Remote access and I built a VPN using Wireguard to allow Remote access with Encryption. Is this good enough? Or do you need something more explicit? Bill On Mon, Jan 24, 2022 at 2:42 PM William Papolis <wpapo...@gmail.com> wrote: > When you move across a "Network" to another "Network", you need a "Bridge" > > Is your Firewall acting as a Bridge across those two "Networks"? > > I'm assuming those IP's are on your "internal" network. > > Bill > > On Mon, Jan 24, 2022 at 1:55 PM Vieri Di Paola <vieridipa...@gmail.com> > wrote: > >> Hi, >> >> I'm puzzled as to why I cannot ping a host with IP addr. >> 10.215.144.251 from a host with IP addr. 10.215.111.210. They are two >> different vlans, but traffic should be allowed. >> The tcpdump on the FW shows that the ICMP replies are ot seen from FW >> to lan.1. I just don't know why. >> >> This is my rule: >> >> ACCEPT lan1:10.215.111.210 lan18:10.215.144.251-10.215.144.253 >> all >> >> # tcpdump -n -i lan.18 host 10.215.144.251 >> dropped privs to pcap >> tcpdump: verbose output suppressed, use -v[v]... for full protocol decode >> listening on lan.18, link-type EN10MB (Ethernet), snapshot length 262144 >> bytes >> 13:38:24.465826 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, >> id 1, seq 3381, length 40 >> 13:38:24.466057 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply, >> id 1, seq 3381, length 40 >> 13:38:29.452923 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, >> id 1, seq 3382, length 40 >> 13:38:29.453124 IP 10.215.144.251 > 10.215.111.210: ICMP echo reply, >> id 1, seq 3382, length 40 >> ^C >> 4 packets captured >> 4 packets received by filter >> 0 packets dropped by kernel >> >> # tcpdump -n -i lan.1 host 10.215.144.251 >> dropped privs to pcap >> tcpdump: verbose output suppressed, use -v[v]... for full protocol decode >> listening on lan.1, link-type EN10MB (Ethernet), snapshot length 262144 >> bytes >> 13:38:39.453736 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, >> id 1, seq 3384, length 40 >> 13:38:44.462989 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, >> id 1, seq 3385, length 40 >> 13:38:49.453419 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, >> id 1, seq 3386, length 40 >> 13:38:54.462301 IP 10.215.111.210 > 10.215.144.251: ICMP echo request, >> id 1, seq 3387, length 40 >> ^C >> 4 packets captured >> 17 packets received by filter >> 0 packets dropped by kernel >> >> This is a dump taken while pinging: >> >> >> https://drive.google.com/file/d/1vEuySlF4SQVMREJBztncRy2a2P2SuD2K/view?usp=sharing >> >> Any ideas? >> >> Regards, >> >> Vieri >> >> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
