There is something I do not understand: I use shorewall 1.2.10 + the two-interfaces sample with that setup I cannot ping the internet from the firewall. So I put ACCEPT fw net icmp 8 in rules and shorewall restart Then I can ping OK from fw to net Now I comment out this again in rules I shorewall restart I can still ping the net from fw ? Why ?
On Sat, 13 Apr 2002, Jacques Nilo wrote:> There is something I do not understand: > I use shorewall 1.2.10 + the two-interfaces sample > with that setup I cannot ping the internet from the firewall. >Hmm - I left out the proper rule.> So I put > ACCEPT fw net icmp 8 > in rules > and shorewall restart > > Then I can ping OK from fw to net >Yes -- that is as it should be.> Now I comment out this again in rules > I shorewall restart > I can still ping the net from fw ? > Why ?Probably because you are pinging the same IP address and the connection tracking entry from the last time you pinged is still there. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Sat, 13 Apr 2002, Jacques Nilo wrote:> There is something I do not understand: > I use shorewall 1.2.10 + the two-interfaces sample > with that setup I cannot ping the internet from the firewall. > > So I put > ACCEPT fw net icmp 8 > in rules > and shorewall restartI''ve updated the two- and three-interface samples to ping from the firewall to the net. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
> > Now I comment out this again in rules > > I shorewall restart > > I can still ping the net from fw ? > > Why ? > > Probably because you are pinging the same IP address and the connection > tracking entry from the last time you pinged is still there. >That was it. Thanks. Jacques