Tibbs, Richard wrote:
Yes, the external iface was changed to a 190.x.x.x address (there is not
a norfc1918 on any iface in Shorewall... Turns out that is an unassigned
block.) with the lab gw routr as gateway.
Both IP addresses on the lab fw are static, and a single machine on
internal net has static IP as well. I believe NAT is enabled on the lab
fw, so internal hosts will NAT/PAT/Masquerade to the firewall external
IP.
The lab gw also NATs... would this be a problem?
No
Shorewall logs show nothing dropped.
Yes, I think next step will be tcpdump on bering unless anyone has
another idea.
The fact that icmp echo requests go to the Cisco makes me think that
Bering is at least routingwise OK.
- can you access the Bering Box from the internal net
- can you access the Cisco uplink
- do you have the cisco as default gateway
cheers
Erich
-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
