Nobody is perfekt wrote: > Hello! > short ask. > > i have moved 3 hosts from the net zone (paralell to firewall) to dmz > analog to http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP. > > but ping dont respond anymore ( from net nor local) , only arping. > with disabled shorewall no problem with icmp ping .... > > should be that normal? maybe some config on shorewall.conf or sysctl? > > I dont found any DROP or REJECT for icmp ping on logfiles. > all services answer on the host in dmz (what should be).
This usually means that the upstream's ARP cache has stale entries. See http://www.shorewall.net/ProxyARP.htm and look for 'ARP Cache". If that isn't the issue, then using a packet sniffer like tcpdump is the best way to troubleshoot these problems. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
