From: <Bil...@kp...> - 2005-02-25 21:15:24
|
Tom Eastep wrote: > >>The curious observation was a ping to suse.com from the laptop gave: >> >>Feb 23 08:23:39 machinename kernel: Shorewall:wlan2fw:ACCEPT:IN=eth3 OUT= >>MAC=00:02:b3:1c:39:0d:00:02:2d:24:76:bc:08:00 SRC=xx.xx.18.68 >>DST=xx.xx.18.50 LEN=112 TOS=0x00 PREC=0xC0 TTL=255 ID=19672 PROTO=ICMP >>TYPE=3 CODE=2 [SRC=xx.xx.18.50 DST=192.168.18.68 LEN=84 TOS=0x00 PREC=0x00 >>TTL=64 ID=5913 PROTO=ICMP TYPE=0 CODE=00 ID=43536 SEQ=18 ] >> >>.68 was the leased address given to the laptop >>.50 is the static IP for eth3 of this box >>fwiw .51 is the static IP of the cisco > > > Bill -- Why are you trying to obfuscate things with the xx.xx > nonsense??? I'm not going to help you further if I have to look at crap > like that, especially since I suspect that these are all internal IP > addresses. My objection stems from the fact that some of the addresses have been obfuscated but one hasn't!! So if xx.xx == 192.168 then there is one explanation and if xx.xx != 192.168 then something else is going on. You may be right that the AP is returning a "protocol not reachable" ICMP to the ping reply -- running Ethereal on the Laptop while you are trying to ping would solve the mystery though... -Tom ===================================== Tom - Sorry - Yes the addresses are internal, wasn't trying to obfuscate, I just didn't think they would matter, and I missed one. I re-read and re-read the docs again, and gave up on what I was doing. I was trying to set "wlan" as a separate zone, rather than combining with "loc" I stripped out all of that and went back to the "standard" example you have at the end of a two-interface setup. Ran tcpdump on the laptop and discovered my errors: Brain fart - had masq for eth3 backwards (who knows why) routeback option is NOT what I wanted. Now working... I have the maclist option now on, tonight I will turn on WEP. We were replacing some switches last night, so did not respond last night. As usual, thanks for your effort. The Sufficiently Talented Fool - Bill |