Hi, I know Tom has retired, but I'm sure there are plenty of experts here who can lend me a hand.
My configuration is driving me bonkers. It's a bit complex, but I've isolated the failing behavior (I can reproduce it). Here's an overview of what happens: I have 3 switch ports configured to allow all traffic (no vlan restrictions). If I connect two hosts to these ports they can ping each other just fine. Host 1: 192.168.215.101/24, default gw 192.168.215.1 Host 2: 192.168.215.102/24, default gw 192.168.215.1 I then connect one of the NICs of my shorewall firewall to the third port on this switch. In the meantime, hosts 1 and 2 are still pinging one another just fine (continuous pings). However, as soon as I open another teminal in either host 1 or host 2, and issue a ping to the shorewall gateway (192.168.215.1) then I get ping failures between hosts 1, 2 and the shorewall box. Even if I stop pinging the shorewall gateway, hosts 1 and 2 still fail to ping each other! If I then physically disconnect the shorewall box from the third switch port then hosts 1 and 2 immediately resume pinging properly. I took a shorewall dump during the failure: https://drive.google.com/open?id=1BNF0oWCN9NGzFYqhM7bZUiFlYITLetX0 The shorewall NIC is a Linux bridge of vlan interfaces. There's obviously something dead wrong with my network configuration on the shorewall box, but I can't seem to figure out what it is. I ran tcpdump on the bridge interface during the failure, and could see lines such as: ARP, Request who-has 192.168.215.1 tell 192.168.215.102, length 46 ARP, Reply 192.168.215.1 is-at 00:e3:c0:5f:81:5d, length 28 IP 192.168.215.101 > 192.168.215.102: ICMP echo request, id 1, seq 28135, length 40 I'm guessing this ICMP request (line above) might not have a reply, and that's what I'm seeing on hosts 1 and 2 (ping failures). Anyway, I also grabbed some traffic with tcpdump during the failure. On lanbr interface (bridge): https://drive.google.com/open?id=1iL60aFWLl08UK695F0_ev5jTTTh7acjX On enp8s5: https://drive.google.com/open?id=1RTo0_y_I0BJXT0ZILgvyBr-wDQu1V7Xu On enp8s5.1: https://drive.google.com/open?id=1wohA1GOTbTtyAZuuiZgXsUnQgy8ANqhv Any suggestions? Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
