I don't know if this can help, but the SOC VM admin is claiming that only ARP traffic is seen there when there should also be plenty of TCP/UDP traffic.
So I've increased shorewall logging and noticed that some packets are being rejected. The SOC VM is a ssh and http server, but I cannot access these ports from $FW. kernel: Shorewall:OUTPUT:ACCEPT:IN= OUT=soc.50 SRC=192.168.245.1 DST=192.168.245.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=56827 DF PROTO=TCP SPT=36702 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 kernel: Shorewall:INPUT:REJECT:IN=soc.50 OUT= MAC=ac:1f:6b:f5:b7:1a:00:50:56:92:76:e5:08:00 SRC=192.168.245.2 DST=192.168.245.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=36702 WINDOW=14480 RES=0x00 ACK SYN URGP=0 Here's the SW dump while trying to connect via ssh and http from 192.168.245.1 (FW) to 192.168.245.2 (soc50): https://drive.google.com/file/d/1qCtaE9VNG_qzD-_uZltWZjwun4_I61vf/view?usp=sharing What am I missing? _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
