Hi, I'm attachng a shorewall dump while trying to ping a shorewall firewall interface at 192.168.212.1 from a host within the "dmz" zone with IP address 192.168.212.93.
I get inconsistent ICMP replies. A tcpdump on the shorewall firewall itself shows this: # tcpdump -n -i enp5s0 host 192.168.212.93 and icmp dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp5s0, link-type EN10MB (Ethernet), capture size 262144 bytes 14:59:20.513984 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 746, length 40 14:59:20.514156 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 746, length 40 14:59:21.517489 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 747, length 40 14:59:21.517653 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 747, length 40 14:59:22.521495 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 748, length 40 14:59:22.521681 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 748, length 40 14:59:23.525488 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 749, length 40 14:59:23.525616 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 749, length 40 14:59:24.529495 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 750, length 40 14:59:24.529665 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 750, length 40 14:59:25.533542 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 751, length 40 14:59:25.533698 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 751, length 40 14:59:26.537567 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 752, length 40 14:59:26.537724 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 752, length 40 14:59:27.541601 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 753, length 40 14:59:27.541797 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 753, length 40 14:59:28.545663 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 754, length 40 14:59:28.545819 IP 192.168.212.1 > 192.168.212.93: ICMP echo reply, id 1, seq 754, length 40 14:59:29.549700 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 755, length 40 14:59:38.626915 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 756, length 40 14:59:43.512067 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 757, length 40 14:59:48.512169 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 758, length 40 14:59:53.512369 IP 192.168.212.93 > 192.168.212.1: ICMP echo request, id 1, seq 759, length 40 Why is my shorewall system not always replying? Here's the shorewall dump: https://drive.google.com/open?id=1oLsOAUdehsxKcvKZ2Z-vCzJS9lVv_5RQ Thanks, Vieri _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
