From: Matt N. <li...@ne...> - 2003-06-03 04:24:01
|
>>>>Your firewall is open between eth0 and eth1 -- All traffic is accepted >>>>in both directions. >>>>Looks like tcpdump time... >>>Nope... Both sides (the firewall and the Windows machines) have a >>>netmask of 255.255.255.0... >>I don't know if this makes a difference but when I ping 172.16.1.1 >>(eth1's IP) from 172.16.0.254 (a win box) I get the following... >>I can however ping to/from the firewall and to the internet (IE ping >>www.google.com works as expected) >Something is really fishy here -- pinging 172.16.1.1 from 172.16.0.254 is >a loc->fw connection. If you can ping one fw IP, you should be able to >ping them all. Alright I lied... I don't know if I had the firewall down at one point (cause I did at several points...) and I apologize. Tonight looking at it... (after a reboot to a "default" status) I can't ping from the firewall to local either. I can however, ping from local to net or from fw to net. I can ping within a given local subnet. I can't ping the firewall from the local or the local from the firewall. If I issue a shorewall clear I can ping from the firewall to local, local to firewall, local to local (between subnets on each NIC), but (obviously) I can't do anything to the net except from the firewall itself. Matt |