<html><div style=''background-color:''><DIV> <DIV> <DIV>Everyone -</DIV> <DIV> </DIV> <DIV>I have a VPN site-to-site connection up and running. Everything works fine. I can map machine drives etc. There is one thing which I cant do is "PING." I can PING only from the both the SITE boxes only. Any machines behind both the SITE BOXES I cannot ping any boxes in any direction. I am looknig at my param file which dictates how my interfaces are suppose to behave.</DIV> <DIV> </DIV> <DIV>I have this on both the sides except on the other side i have a 10.10.10.x.</DIV> <DIV> </DIV> <DIV># External Interface Information<BR>NET_IF=eth0<BR>NET_OPTIONS=dhcp,norfc1918</DIV> <DIV> </DIV> <DIV># Internal Interface<BR>LOC_IF=eth1<BR>LOC_SUBNET=10.10.20.0/24<BR>LOC_BROADCAST=10.10.20.255</DIV> <DIV> </DIV> <DIV>Anyone experience this ping problem before?</DIV> <DIV>thanks</DIV> <DIV>hallian</DIV> <DIV> </DIV></DIV></DIV></div><br clear=all><hr>Protect your PC - <a href="http://g.msn.com/8HMPEN/2024">Click here</a> for McAfee.com VirusScan Online </html>
--On Monday, December 23, 2002 12:21 AM -0500 hallian hallian <hallian@hotmail.com> wrote:> > I have a VPN site-to-site connection up and running. Everything works > fine. I can map machine drives etc. There is one thing which I cant do > is "PING." I can PING only from the both the SITE boxes only. Any > machines behind both the SITE BOXES I cannot ping any boxes in any > direction. I am looknig at my param file which dictates how my > interfaces are suppose to behave. > I have this on both the sides except on the other side i have a > 10.10.10.x. ># External Interface Information > NET_IF=eth0 > NET_OPTIONS=dhcp,norfc1918 > ># Internal Interface > LOC_IF=eth1 > LOC_SUBNET=10.10.20.0/24 > LOC_BROADCAST=10.10.20.255 > > Anyone experience this ping problem before?There have been so many ''ping'' problems that it is a FAQ. The FAQ now points you to http://shorewall.sf.net/ping.html where Shorewall''s ''ping'' management is discussed in detail. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
Hi all, I need to add the following rule/policy to shorewall: "Allow any existing connections already initiated by the host to pass" I''m new to shorewall and I think it''s great! Can someone translate this so shorewall can read it? Happy Holidays! Anton
--On Monday, December 23, 2002 11:04:13 PM -0500 Anton Chu <chudna@bellsouth.net> wrote:> Hi all, > > I need to add the following rule/policy to shorewall: > > "Allow any existing connections already initiated by the host to pass" > > I''m new to shorewall and I think it''s great! Can someone translate this > so shorewall can read it?Shorewall does this by default. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net