On Mon, 10 Jun 2002 22:53:25 EDT Nachman Yaakov Ziskind wrote:
> ... I need some basic pointers here. Specifically, I flushed all the rules > (iptables -F) and changed the policy of all the builtins to ACCEPT: [snip] > So, why I can I not ping out eth0? > > # ping 10.1.2.248 > PING 10.1.2.248 (10.1.2.248): 56 data bytes > > # tail syslog > > Jun 10 22:50:03 yoreach kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > MAC=00:10:5a:e1:e3:8b:00:20:6f:05:f9:6d:08:00 SRC=10.1.2.248 DST=10.1.2.203 > LEN=44 TOS=0x00 PREC=0x00 TTL=60 ID=5663 PROTO=TCP SPT=23 DPT=1025 WINDOW=409 >6 > RES=0x00 ACK SYN URGP=0 > > So, what am I missing? The above iptables log entry is not from the ping (it's TCP not ICMP), but it *may* still hold the answer to your question. The rule that dropped the packet above is "Shorewall:rfc1918" which probably means you have a "norfc1918" entry in the eth0 line of your /etc/shorewall/interfaces file. Your ping to 10.1.2.248 *might* be dropped by that rule as well. Not being intimately familiar with iptables and the inner workings of shorewall, I'm a bit confused why a rfc1918 chain would override the default policy. Did you run "shorewall restart" after making your changes? --Brad _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
