Ok, now, make sure the result of the following is 1. If it's 0, then you'll
need to enable ip forwarding.
# cat /proc/sys/net/ipv4/ip_forward
The firewall does know about its interfaces, which is why you saw that it
was able to ping. It just doesn't know that you want it to masquerade one
of your interfaces.
Are you sure you want to be able to Ping from your private interface? Just
asking to get an idea what you're doing.
On Mon, Aug 4, 2014 at 6:21 AM, Dale Greenway <[email protected]> wrote:
> Hello Johnny
>
> > Check tcpdump while the command "ping -c1 -I 172.16.1.10
> google-public-dns-a.google.com [http://google-public-dns-a.google.com]";
> is being run. You'll see that google-public-dns-a.google.com [
> http://google-public-dns-a.google.com] is receiving
> > a ICMP request from 172.16.1.10. The problem is 172.16.1.10 belongs to a
> private network so google doesn't know how to route back to you.
>
> Yeah, that's what I see. From the OP:
>
> >> When I bind the ping to the internal IP address
> >>
> >> ping -c1 -I 172.16.1.10 google-public-dns-a.google.com
> >>
> >> it times out. And you only see ICMP traffic in one direction
> >>
> >> tcpdump -i eth0 | grep google-public-dns-a.google.com [
> http://google-public-dns-a.google.com]
> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> >> listening on eth0, link-type EN10MB (Ethernet), capture size 65535
> bytes
> >> 21:10:41.011189 IP 172.16.1.10 > google-public-dns-a.google.com [
> http://google-public-dns-a.google.com]: ICMP echo request, id 9556, seq
> 1, length 64
>
> only the request.
>
> Doing this makes sense now that you describe it. I thought the firewall
> 'knew' about its own interfaces & IPs and didn't need that. I changed
>
> > # /etc/shorewall/masq
>
> > eth0 172.16.1.10
>
> and restarted, but after doing that, there's no change in the result.
> Just the 'request', with no 'reply'.
>
> What I'm doing is just step by step getting the simplest things working
> 1st before I graduate to a full setup. So for now it's just show I can
> ping to the outside world from each IP address on my host.
>
> Dale
>
> ____________________________________________________________
> FREE ONLINE PHOTOSHARING - Share your photos online with your friends and
> family!
> Visit http://www.inbox.com/photosharing to find out more!
>
>
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
