On 7/11/20 2:40 AM, Vieri Di Paola wrote: > > Well, that **IS** the issue. If I run the following on the > Shorewall Firewall which is the default gateway: > > # tcpdump -n -i lan.1 "host 10.215.246.24 and host 10.215.144.251 > and icmp or ( arp and ( host 10.215.144.251 or host 10.215.246.24 ) > )" dropped privs to tcpdump tcpdump: verbose output suppressed, use > -v or -vv for full protocol decode listening on lan.1, link-type > EN10MB (Ethernet), capture size 262144 bytes 11:10:15.279599 IP > 10.215.246.24 > 10.215.144.251: ICMP echo request, id 512, seq > 35584, length 40 11:10:15.279641 ARP, Request who-has > 10.215.144.251 tell 10.215.144.91, length 28 11:10:15.279860 ARP, > Reply 10.215.144.251 is-at 94:40:c9:26:dc:80, length 46 > 11:10:15.279880 IP 10.215.246.24 > 10.215.144.251: ICMP echo > request, id 512, seq 35584, length 40 11:10:15.279996 IP > 10.215.144.251 > 10.215.246.24: ICMP echo reply, id 512, seq 35584, > length 40 11:10:20.671694 IP 10.215.246.24 > 10.215.144.251: ICMP > echo request, id 512, seq 35840, length 40 11:10:20.671731 IP > 10.215.246.24 > 10.215.144.251: ICMP echo request, id 512, seq > 35840, length 40 11:10:20.671866 IP 10.215.144.251 > 10.215.246.24: > ICMP echo reply, id 512, seq 35840, length 40 11:10:26.171698 IP > 10.215.246.24 > 10.215.144.251: ICMP echo request, id 512, seq > 36096, length 40 11:10:26.171734 IP 10.215.246.24 > 10.215.144.251: > ICMP echo request, id 512, seq 36096, length 40 11:10:26.171875 IP > 10.215.144.251 > 10.215.246.24: ICMP echo reply, id 512, seq 36096, > length 40 11:10:31.671544 IP 10.215.246.24 > 10.215.144.251: ICMP > echo request, id 512, seq 36352, length 40 11:10:31.671567 IP > 10.215.246.24 > 10.215.144.251: ICMP echo request, id 512, seq > 36352, length 40 11:10:31.671807 IP 10.215.144.251 > 10.215.246.24: > ICMP echo reply, id 512, seq 36352, length 40 > > I can see the duplicated echo requests and a single echo reply. > > However, if I run 'shorewall iptrace", and then I grep all > occurrences of 'TRACE' I can only see echo requests with > SRC=10.215.246.24.
What was your 'shorewall iptrace command? > >> And please try to look at it yourself before sending it to me -- >> I'm not your personal IP troubleshooter. > > I did, and I'm lost here as 'shorewall iptrace' did not show the > replies. So I saved a tcpdump taken on the Shorewall system to a > file and uploaded it here: > > > https://drive.google.com/file/d/1waEUIIMHsPK0c-xAEyKkT2XSgNWrj5t3> /view?usp=sharing > > I can see the reply in this dump, but frankly I don't know why > it's not reaching the host at 10.215.246.24. The only thing I > noticed in this dump is that the destination MAC is > e8:ea:6a:0c:4c:1c. However, I see another MAC on the Shorewall > gateway: > > # ip neigh show | grep 10.215.246.24 10.215.246.24 dev lan.1 lladdr > 00:50:56:b6:1f:15 REACHABLE > > And, still on the Shorewall gateway: > > # ip neigh show | grep e8:ea:6a:0c:4c:1c # ip a s | grep > e8:ea:6a:0c:4c:1c > > So I'm searching for that MAC addr. In the first reply packet, the destination MAC should be that of the lan.1 interface. In the second reply packet, it should be that of the ping client. If the destination MAC you are seeing in the reply is not that of the lan.1, then it is unclear why you are able to see it in the tcpdump. > I know that the host at > 10.215.246.24 is a vmware virtual machine so that MAC could be one > of its interfaces. Even if it were, what could I try next? Could > the echo replies be reaching the vmware host but not the VM > somehow? The echo replies are not being forwarded by the Shorewall box. > Also, why are we seeing duplicate requests and when the ping > completes, duplicate replies? > Because both hosts are accessed through lan.1 but are on different IP networks. So when things are working correctly, tcpdump shows both the incomming and outgoing packets. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
