Hello! short ask. i have moved 3 hosts from the net zone (paralell to firewall) to dmz analog to http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP. but ping dont respond anymore ( from net nor local) , only arping. with disabled shorewall no problem with icmp ping .... should be that normal? maybe some config on shorewall.conf or sysctl? I dont found any DROP or REJECT for icmp ping on logfiles. all services answer on the host in dmz (what should be). Thanks ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Nobody is perfekt wrote:> Hello! > short ask. > > i have moved 3 hosts from the net zone (paralell to firewall) to dmz > analog to http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP. > > but ping dont respond anymore ( from net nor local) , only arping. > with disabled shorewall no problem with icmp ping .... > > should be that normal? maybe some config on shorewall.conf or sysctl? > > I dont found any DROP or REJECT for icmp ping on logfiles. > all services answer on the host in dmz (what should be).This usually means that the upstream''s ARP cache has stale entries. See http://www.shorewall.net/ProxyARP.htm and look for ''ARP Cache". If that isn''t the issue, then using a packet sniffer like tcpdump is the best way to troubleshoot these problems. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Tom Eastep wrote:> Nobody is perfekt wrote: >> Hello! >> short ask. >> >> i have moved 3 hosts from the net zone (paralell to firewall) to dmz >> analog to http://www.shorewall.net/shorewall_setup_guide.htm#ProxyARP. >> >> but ping dont respond anymore ( from net nor local) , only arping. >> with disabled shorewall no problem with icmp ping .-------------------------------------------------- I missed this the first time. I assume that you have configured the ruleset to allow ping from net and local? If so, we would need ''shorewall dump'' output collected as described at http://www.shorewall.net/support.htm#Guidelines to help you further. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev