Wynne, Ray did a good job with the general, low-level debugging suggestions. Unless you've made drastic setup changes, I expect IP forwarding to already be enabled. If that's the case, the next place to check is firewall rules and policies. The best advice I can give is to keep a close eye on /var/log/syslog while debugging. Both
tail -f /var/log/syslog and shorewall status can be invaluable. You may also want to check the value of FORWARDPING in /etc/shorewall/shorewall.conf and "noping" and "filterping" in /etc/shorewall/interfaces. Failed pings are also documented well in the shorewall docs. Search for "ping" in the FAQs and Troubleshooting documents at http://shorewall.net/ for details. Hope that helps get you started. --Brad On Thu, 09 Jan 2003 22:23:21 PST Wynne Crompton wrote: > Hi, > > I'm a newbie, but would be grateful for help with the following: > > I set up the following isolated network in order to help learn/test my > set-up of Bering 2.0.3: > > HOST 'far' IP 1.2.3.1 running RH Linux 6.2 > | > | > | > 1.2.3.4/24 > Bering firewall > 192.168.1.254/24 > | > | > | > HOST 'near' IP 192.168.1.2 running RH Linux 7.3 > > > The Bering/Shorewall set-up is almost standard - I only changed what I > believe is the necessary minimum. > In th elong run I want to set up a link between two networks and do 1-to-1 > NAT (SNAT) for connections > from specific machines on one network (with private IPs) to the other (with > some allocated IPs on the second network > for these machines). > Some configuration file content and output debug from the three machines is > appended. I apologise if this doesn't include something that's particularly > significant... > > In a nutshell, I can ping the firewall from both near and far. I can also > ping near > and far from the firewall. However I cannot ping far from near, but do not > understand > why not - Help please! [setup details snipped] ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
