On 7/10/20 1:51 AM, Vieri Di Paola wrote: > On Fri, Jul 10, 2020 at 3:20 AM Tom Eastep <teas...@shorewall.net> wrote: > >> Clearly the firewall is dropping the replies, but I can see no reason >> why it should. You could try using 'shorewall iptrace' to try to >> understand where. > > This is the trace I could get: > > # grep -i trace /var/log/messages |grep 10.215.144.251 > Jul 10 10:38:34 inf-fw1 kernel: TRACE: raw:PREROUTING:policy:13 > IN=lan.1 OUT= MAC=ac:1f:6b:f5:b7:1b:00:50:56:b6:1f:15:08:00 > SRC=10.215.246.24 DST=10.215.144.251 LEN=60 TOS=0x00 PREC=0x00 TTL=128 > ID=21549 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=26368 ... > Jul 10 10:39:07 inf-fw1 kernel: TRACE: mangle:POSTROUTING:policy:1 IN= > OUT=lan.1 SRC=10.215.246.24 DST=10.215.144.251 LEN=60 TOS=0x00 > PREC=0x00 TTL=127 ID=21632 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=27904 > > This is an updated dump: > > https://drive.google.com/file/d/1ixZz0m7DaTDK54Wiu_sJMLUQxE7fjiVl/view?usp=sharing >
You have captured nothing but echo requests. We need to see the echo replies. And please try to look at it yourself before sending it to me -- I'm not your personal IP troubleshooter. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
