Hello ! I can not ping with the mac address verfication. I am trying to ping from a test machine in local zone (192.168.0.2) to the firewall. From my test machine (local zone) [root@test ~]# ping 192.192.192.15 PING 192.192.192.15 (192.192.192.15) 56(84) bytes of data. From 192.192.192.15 icmp_seq=0 Destination Host Unreachable From 192.192.192.15 icmp_seq=1 Destination Host Unreachable 1:my /etc/shorewall/interface file: #ZONE INTERFACE BROADCAST OPTIONS net eth0 192.192.192.15 loc eth1 detect maclist inet eth2 192.168.1.2 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE 2:My /etc/shorewall/maclist ############################################################################### #INTERFACE MAC IP ADDRESSES (Optional) eth1 00:0B:2B:0E:73:34 192.169.0.2 #test_machine 3:rules file has entry ACCEPT loc fw icmp 8 Jan 31 23:31:52 linux kernel: Shorewall:eth1_mac:REJECT:IN=eth1 OUTMAC=00:e0:4c:f7:1a:13:00:0b:2b:0e:73:34:08:00 SRC=192.168.0.2 DST=192.192.192.15 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=342 DF PROTO=ICMP TYPE=8 CODE=0 ID=6420 SEQ=342 Jan 31 23:31:52 linux kernel: Shorewall:eth1_mac:REJECT:IN=eth1 OUTMAC=00:e0:4c:f7:1a:13:00:0b:2b:0e:73:34:08:00 SRC=192.168.0.2 DST=192.192.192.15 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=342 DF PROTO=ICMP TYPE=8 CODE=0 ID=6420 SEQ=342 ___________________________________________________________ root@linux/etc/shorewall:#iptables -L loc2fw Chain loc2fw (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere LOG level info prefix `Shorewall:loc2fw:DROP:'' DROP all -- anywhere anywhere ACCEPT all -- anywhere anywhere Thanks and regards Anuj -- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
anuj singh wrote:> Hello ! > I can not ping with the mac address verfication. I am trying to ping > from a test machine in local zone (192.168.0.2) to the firewall. > From my test machine (local zone)Anuj, as far as i can tell you are doing the right thing, but it''s impossible to tell without full ''shorewall dump'' output. Please send that so we can see further what''s going on. If you are worried about sending that sort of information to the list, you may send it to me directly, but please keep further discussion on the list. Paul ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hello Paul! I attached the dump file but it''s not needed anymore I just tried the latest shorewall version 3.1.4 and it has a very clear/easy mac address verfiaction method. Thanks to Tom and all the contributors. Great work . Linux Rocks! Open Source rocks. On 2/1/06, Paul Gear <pgear@redlands.qld.edu.au> wrote:> anuj singh wrote: > > Hello ! > > I can not ping with the mac address verfication. I am trying to ping > > from a test machine in local zone (192.168.0.2) to the firewall. > > From my test machine (local zone) > > Anuj, as far as i can tell you are doing the right thing, but it''s > impossible to tell without full ''shorewall dump'' output. Please send > that so we can see further what''s going on. If you are worried about > sending that sort of information to the list, you may send it to me > directly, but please keep further discussion on the list. > > Paul > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642