thr3ads.net - Shorewall users - Can''t ping between loc and dmz [Mar 2008]

If this information is useful, please help other people find it:
Share via:

Wilson Kwok

2008-Mar-07 08:52 UTC

Can''t ping between loc and dmz

Hello,
   
  I already edited policy file, I don''t know what wrong of my
configuration, thanks
   
  loc             net             ACCEPT
loc             dmz             ACCEPT          info
loc             $FW             ACCEPT          info
loc             all             ACCEPT          info
   
  $FW             net             ACCEPT          info
$FW             dmz             ACCEPT          info
$FW             loc             ACCEPT          info
$FW             all             ACCEPT          info
   
  dmz             net             ACCEPT          info
dmz             $FW             ACCEPT          info
dmz             loc             ACCEPT          info
dmz             all             ACCEPT          info


       
---------------------------------
Yahoo! 網上安全攻略，教你如何防範黑客! 了解更多

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Roberto C. Sánchez

2008-Mar-07 11:48 UTC

head link

Re: Can''t ping between loc and dmz

On Fri, Mar 07, 2008 at 04:52:27PM +0800, Wilson Kwok
wrote:> Hello,
>    
>   I already edited policy file, I don''t know what wrong of my
configuration, thanks
>    http://www.shorewall.net/ping.html

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Tom Eastep

2008-Mar-07 14:15 UTC

head link

Re: Can''t ping between loc and dmz

Roberto C. Sánchez wrote:> On Fri, Mar 07, 2008 at 04:52:27PM +0800, Wilson Kwok wrote:
>> Hello,
>>    
>>   I already edited policy file, I don''t know what wrong of my
configuration, thanks
>>    
> http://www.shorewall.net/ping.html
Also -- if you "shorewall clear", does the problem go away?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Wilson Kwok

2008-Mar-08 02:58 UTC

head link

回覆： Re: Can''t ping between loc and dmz

Dear Tom
   
  After shorewall clear the problem still here. Please download my simple
  testing dmz network diagram in attachment.
   
  DMZ pc can ping eth0 interface and eth1 interface but cannot ping LOC pc.
   
  LOC pc can ping eth1 but cannot ping eth0 and DMZ pc.
   
  I enabled all accept policy between dmz loc and net.
   
  Thx

Tom Eastep <teastep@shorewall.net> 說：
  Roberto C. S嫕chez wrote:> On Fri, Mar 07, 2008 at 04:52:27PM +0800, Wilson Kwok wrote:
>> Hello,
>> 
>> I already edited policy file, I don''t know what wrong of my
configuration, thanks
>> 
> http://www.shorewall.net/ping.html
Also -- if you "shorewall clear", does the problem go away?

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


       
---------------------------------
Yahoo! 網上安全攻略，教你如何防範黑客! 了解更多

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Wilson Kwok

2008-Mar-08 03:01 UTC

head link

回覆：回覆： Re: Can''t ping between loc and dmz

Sorry, pervious post I forget upload the network diagram, please download
it in this post !

Wilson Kwok <leiw324@yahoo.com.hk> 說：
Dear Tom

After shorewall clear the problem still here. Please download my simple
testing dmz network diagram in attachment.

DMZ pc can ping eth0 interface and eth1 interface but cannot ping LOC pc.

LOC pc can ping eth1 but cannot ping eth0 and DMZ pc.

I enabled all accept policy between dmz loc and net.

Thx

Tom Eastep <teastep@shorewall.net> 說：
Roberto C. S嫕chez wrote:> On Fri, Mar 07, 2008 at 04:52:27PM +0800, Wilson Kwok wrote:
>> Hello,
>>
>> I already edited policy file, I don''t know what wrong of my
configuration, thanks
>>
> http://www.shorewall.net/ping.html
Also -- if you "shorewall clear", does the problem go away?

-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

---------------------------------
Yahoo! 網上安全攻略，教你如何防範黑客!
了解更多-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

---------------------------------
Yahoo! 網上安全攻略，教你如何防範黑客! 了解更多

Tom Eastep

2008-Mar-08 03:08 UTC

head link

Re: 回覆： Re: Can't ping between loc and dmz

Wilson Kwok wrote:> Dear Tom
>  
> After shorewall clear the problem still here. 
Then your problem has NOTHING TO DO WITH SHOREWALL.

Again -- THIS IS NOT A SHOREWALL PROBLEM.

Please fix your configuration then ,if starting Shorewall causes traffic to
stop flowing, post again.

-tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Shorewall users - Mar 2008 - Can't ping between loc and dmz

Can''t ping between loc and dmz

Re: Can''t ping between loc and dmz

Re: Can''t ping between loc and dmz

回覆： Re: Can''t ping between loc and dmz

回覆： 回覆： Re: Can''t ping between loc and dmz

Re: 回覆： Re: Can't ping between loc and dmz

回覆：回覆： Re: Can''t ping between loc and dmz