Menu
▾
▴
[IPCop-user] ICMP (Ping) issue from Green to VPN
|
From: Matthew G. <gr...@gm...> - 2016-02-20 00:10:24
|
All, I have the latest IPCOP 2.1.9 and am having an odd issue. I have multiple networks set up - green for trusted, blue for wireless, orange for DMZ, purple for VPN, and red for untrusted. >From the green subnet I can ping to all the other subnets and get a response EXCEPT for the VPN. For example, let's say I have the following setup: 10.10.10.10 = green IP 10.255.255.12 = VPN IP By default, 10.10.10.10 cannot ping 10.255.255.12 and vice versa. That is fine. Here's where it gets weird. If I set a firewall rule to allow icmp from that green ip to the vpn IP (10.10.10.10 > 10.255.255.12), pings still will not go through either direction. If I set a firewall rule to allow icmp from the vpn IP to my green IP (10.255.255.12 > 10.10.10.10), pings work from the vpn to the green but not green to vpn (as I would expect). The ONLY way I can get pings to go through from my green IP to my vpn is to totally open up all connections from the vpn to the green IP. In other words, I allow all ports to traverse from 10.255.255.12 > 10.10.10.10 and ONLY THEN can I ping from 10.10.10.10 to 10.255.255.12. When it is not working, I am not seeing any firewall logs for dropped packets. TCPDUMP sees ICMP coming in the green interface, going out the DMZ interface, coming back in the DMZ interface, but not going back to the green... In other words, the firewall is dropping the icmp but not logging. Any ideas? Matt |
