Thanks, Bill. As shown in the dump, my Shorewall system is a router. I think the problem may lie in routing rules/netmasks/ARP. I have other hosts in the same vlans as in my first example that perfectly reply to ICMP. For instance, host in vlan 1 with IP addr. 10.215.111.210 can successfully ping (request & reply) a host in vlan 18 with IP addr. 10.215.144.129. Same dst IP addr. range, same dst vlan, etc., but in my first post, the ICMP replies were reaching the SW FW but not the SRC host in vlan 1. Very odd.
I'm trying to search for the difference between the DST host with IP addr. 10.215.144.129 and the one with IP addr. 10.215.144.251. Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
