On Sat, Jul 11, 2020 at 9:49 PM Tom Eastep <eastep...@gmail.com> wrote: > > On 7/11/20 2:40 AM, Vieri Di Paola wrote: > > What was your 'shorewall iptrace command?
If I just run 'shorewall iptrace' with no filter, won't that just trace all packets? > > I saved a tcpdump taken on the Shorewall system to a > > file and uploaded it here: > > > > > > https://drive.google.com/file/d/1waEUIIMHsPK0c-xAEyKkT2XSgNWrj5t3> > /view?usp=sharing > > > > I can see the reply in this dump, but frankly I don't know why > > it's not reaching the host at 10.215.246.24. The only thing I > > noticed in this dump is that the destination MAC is > > e8:ea:6a:0c:4c:1c. However, I see another MAC on the Shorewall > > gateway: OK, so this is really weird. Ping from host at 10.215.246.24 to host at 10.215.144.251: 1) echo request #1: src MAC is correct, dst MAC is that of lan.1 interface in Shorewall Firewall 2) echo request #2: src MAC is that of lan.1 interface in Shorewall Firewall, dst MAC is correct 3) first and only echo reply: src MAC is correct, dst MAC ( e8:ea:6a:0c:4c:1c ) is that of an interface on an older Shorewall router. So, that means that this particular client (an HP iLO system based on Linux) is still sending replies to an old Shorewall gateway I replaced 20 days ago. The interface to which this MAC addr belongs to isn't even online. I haven't found this MAC addr in any intermediate switch (ARP tables) so I'm guessing it must be in the client's ARP cache? Does this make sense? What could I try before asking the HP iLO admin to reboot that system? Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
