> Hi, > > I'm trying to update to shorewall 5.1 with a config that is *supposedly* > working with 5.0. > > In any case, I'm trying to ping from a host in lan zone with IP addr. > 10.215.144.48 to a host in IBS zone with IP addr. 10.215.9.172. > ICMP traffic should be allowed but the client isn't receiving any replies. > I'm attaching the shorewall dump. > > /var/log/shorewall/info.log only has messages of this kind when restarted: > > Jun 15 07:52:10 inf-fw2 root[32520]: Shorewall Stopped > Jun 15 07:52:11 inf-fw2 root[900]: Shorewall started > > /var/log/shorewall-init.log doesn't seem to contain any error messages. > > Please note that this shorewall box was supposed to replace another one > with the same IP address (it's the default gateway/firewall). > So I merely unplugged the ethernet cables from the "old" shorewall box and > plugged them into the new one. > It didn't occurr to me to try and ping $FW from a lan host or connect via > ssh. > However, from within the $FW console I could ping to any host IP addresses > in all "zones". > > > The switch happened at 07:45:05 and had to revert to the old FW at > 07:52:11 because the users were already complaining. > > Could there be an arp cache issue?
Exactly, what about the rest of the network, switches/routers, how do they know about the FW change? (I guess the easiest solution would be to simply reboot those devices after the FW change) Simon ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
