From owner-freebsd-questions@FreeBSD.ORG Mon Dec 15 09:56:53 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD07916A4CE for ; Mon, 15 Dec 2003 09:56:53 -0800 (PST) Received: from bwlogic.com (H27.C226.tor.velocet.net [216.138.226.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1146E43D1D for ; Mon, 15 Dec 2003 09:56:52 -0800 (PST) (envelope-from jlavigne@bwlogic.com) Received: (qmail 89339 invoked by uid 89); 15 Dec 2003 17:56:50 -0000 Received: from unknown (HELO canada) (192.168.1.5) by h27.c226.tor.velocet.net with SMTP; 15 Dec 2003 17:56:50 -0000 From: "Jason Lavigne" To: Date: Mon, 15 Dec 2003 12:56:50 -0500 Message-ID: <021901c3c334$d0c011f0$0501a8c0@canada> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 In-Reply-To: <200312151229.hBFCTiGA016242@lv.raad.tartu.ee> Importance: Normal Subject: Can't ping lan PC from Gateway X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2003 17:56:53 -0000 Hello all, here is what I have going on INET-----1-----3-----4 \ \ -----2 Boxes 1 (216.138.226.17) = Main Firewall/Gateway (FBSD5.1) 2 (192.168.1.5) = LAN PC (WinSrv2K3) 3 (216.138.226.25) = Development Firewall/Gateway (FBSD5.1) 4 (192.168.2.199) = LAN PC (WinXP) 1 and 3 both have real IPs 1 and 3 are connected via a switch 1 and 2, and 3 and 4 are connected via separate hubs 2 and 3 uses 1 as gateway 4 uses 3 as gateway configured via dhcp from 3 1 and 3 uses IPFilter and NAT, 3 has no IPF rules loaded Here is the problem, it is with the connection between 3 and 4, I can ping from 4 to 3 but not from 3 to 4. >From 4 I can ping 3, 1 and the Internet just fine. >From 3 I can ping 1, 2 and the Internet but not 4. I find it interesting that I can ping 2 (assuming via 1). >From 1 I can ping 2 and 3. Expectedly 4 can not ping 2, and vise versa, this is desired as ultimately I will VPN 3 to 1 to have full routing between networks. Here are the netstat -r results from 3 Internet: Destination Gateway Flags Refs Use Netif Expire default H17.C226.tor.veloc UGSc 1 915 ep0 localhost localhost UH 1 13742 lo0 192.168.2 link#1 UC 2 0 xl0 192.168.2.199 00:e0:98:90:2d:9b UHLW 3 986 xl0 672 192.168.2.255 ff:ff:ff:ff:ff:ff UHLWb 1 796 xl0 H16.C226.tor.veloc link#3 UC 3 0 ep0 H17.C226.tor.veloc 00:80:c6:ea:7a:f1 UHLW 2 0 ep0 1170 H27.C226.tor.veloc 00:c0:4f:94:82:d3 UHLW 0 385 ep0 479 H31.C226.tor.veloc ff:ff:ff:ff:ff:ff UHLWb 2 57 ep0 Thanks all for taking the time in reading my email. Cheers, Jay