I have a setup of Shorewall of three interface (eth0, eth1 and int2) Net and Local DMZ 1)I have a problem where by DMZ machines can ping some of machines in local zone but DMZ cant ping some of local machines. 2)The same problems that local machines can ping dmz interface but not local machine cant ping dmz machine. Thanks pls help help -- with rgds Marco Salimu IT Manager [ P.o. Box 1546] Mob: +255 784 370294 Mob: +255 715 370294 Tel: +255 27 8218 Fax: +255 27 8273 Email: ******************************* marco@seda.or.tz smarcos2001@yahoo.com smarcos2001@hotmail.com marco_salim@wvi.org Marco.magnus@gmail.com ******************************** ********************* ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marco Salimu wrote:> I have a setup of Shorewall of three interface (eth0, eth1 and int2) > Net and Local DMZ > > 1)I have a problem where by DMZ machines can ping some of machines in > local zone but DMZ cant ping some of local machines. > > 2)The same problems that local machines can ping dmz interface but not > local machine cant ping dmz machine. >Sounds like some of the machines don''t have the correct default route. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrDnA4ACgkQO/MAbZfjDLJfhQCeMSK0E03i5kMv5Mo0l2OZMnG2 b/QAn3dN/nALLVneC8ZlRmfsKl9BWWNT =D1DM -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
Each zone machine (server, client) should have the shorewall´s interface-ip as a default gateway where the switch (the one which is shared by the zone interface of Shorewall and you zone servers/pcs) is connected to. Make a trace from a machine which works and a trace from a machine which doesn´t. Compare, adjust the config and try again. -----Ursprüngliche Nachricht----- Von: Tom Eastep [mailto:teastep@shorewall.net] Gesendet: Mittwoch, 30. September 2009 19:58 An: Shorewall Users Betreff: Re: [Shorewall-users] REF: Ping problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marco Salimu wrote:> I have a setup of Shorewall of three interface (eth0, eth1 and int2) > Net and Local DMZ > > 1)I have a problem where by DMZ machines can ping some of machines in > local zone but DMZ cant ping some of local machines. > > 2)The same problems that local machines can ping dmz interface but not > local machine cant ping dmz machine. >Sounds like some of the machines don''t have the correct default route. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrDnA4ACgkQO/MAbZfjDLJfhQCeMSK0E03i5kMv5Mo0l2OZMnG2 b/QAn3dN/nALLVneC8ZlRmfsKl9BWWNT =D1DM -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
Hi there Thanks for help I have resolved the issue as per your advices. it was an issue of not having the correct default routing Tanks> > Each zone machine (server, client) should have the shorewall´s > interface-ip > as a default gateway where the switch (the one which is shared by the zone > interface of Shorewall and you zone servers/pcs) is connected to. > > Make a trace from a machine which works and a trace from a machine which > doesn´t. Compare, adjust the config and try again. > > -----Ursprüngliche Nachricht----- > Von: Tom Eastep [mailto:teastep@shorewall.net] > Gesendet: Mittwoch, 30. September 2009 19:58 > An: Shorewall Users > Betreff: Re: [Shorewall-users] REF: Ping problem > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Marco Salimu wrote: >> I have a setup of Shorewall of three interface (eth0, eth1 and int2) >> Net and Local DMZ >> >> 1)I have a problem where by DMZ machines can ping some of machines in >> local zone but DMZ cant ping some of local machines. >> >> 2)The same problems that local machines can ping dmz interface but not >> local machine cant ping dmz machine. >> > > Sounds like some of the machines don''t have the correct default route. > > - -Tom > - -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkrDnA4ACgkQO/MAbZfjDLJfhQCeMSK0E03i5kMv5Mo0l2OZMnG2 > b/QAn3dN/nALLVneC8ZlRmfsKl9BWWNT > =D1DM > -----END PGP SIGNATURE----- > > ---------------------------------------------------------------------------- > -- > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register > now! > http://p.sf.net/sfu/devconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > >-- with rgds Marco Salimu IT Manager [ P.o. Box 1546] Mob: +255 784 370294 Mob: +255 715 370294 Tel: +255 27 8218 Fax: +255 27 8273 Email: ******************************* marco@seda.or.tz smarcos2001@yahoo.com smarcos2001@hotmail.com marco_salim@wvi.org Marco.magnus@gmail.com ******************************** ----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference