See other comments inline below. Tried tcpdump on bering via the cmd tcpdump -i eth0 icmp -q
I get no output for several pings from the internal machine to both successful and unsuccessful (e.g. a router beyond the lab gw, which I can ping from the lab gw, but not from bering or the internal host). Thought with -q I would get output but apparently not. Upon ctrl-C tcpdump says xx packets received by filter 0 packets dropped by kernel. That seems to absolve bering unless there is something I haven't thought of. Rick. -----Original Message----- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Friday, June 03, 2005 1:11 PM To: Tibbs, Richard Cc: LEAF Users Subject: Re: [leaf-user] Logging route table actions Tibbs, Richard wrote: > Yes, the external iface was changed to a 190.x.x.x address (there is not > a norfc1918 on any iface in Shorewall... Turns out that is an unassigned > block.) with the lab gw routr as gateway. > Both IP addresses on the lab fw are static, and a single machine on > internal net has static IP as well. I believe NAT is enabled on the lab > fw, so internal hosts will NAT/PAT/Masquerade to the firewall external > IP. > > The lab gw also NATs... would this be a problem? No > > Shorewall logs show nothing dropped. > Yes, I think next step will be tcpdump on bering unless anyone has > another idea. > The fact that icmp echo requests go to the Cisco makes me think that Bering is at least routingwise OK. - can you access the Bering Box from the internal net Yes--R. - can you access the Cisco uplink Yes, I can ping both interfaces of the cisco lab gw. Just not beyond.--R. - do you have the cisco as default gateway Yes, on bering external IF.--R. cheers Erich ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
