> Now to the problem: I CANNOT ping the internal machines (with the > official IP address) from outside, but I CAN ping them from the GW. > Looks like a NAT problem, BUT: a tcpdump shows something else. > > (eth1 is the inner NIC, 172.16.1.128 is the inner machine, so correct > NAT I think)
Hmm... probably need more info to solve this one. My first guess would be to check to see if your inner machine (172.16.1.128) has some kind of firewall rule on it that blocks ping attempts from machines outside the network. Maybe show us the rules running on the GW *and* the inner machine by: iptables -t filter -L iptables -t nat -L Also, check out the netfilter lists at www.netfilter.org if you need more help. ryan [EMAIL PROTECTED] -- [EMAIL PROTECTED] mailing list
