[Shorewall-users] Getting past "net unreachable" message(s)

ether bunny ethrbunny at hotmail.com
Fri Oct 10 23:18:21 PDT 2003 

calling "arp -na" from the shorewall system *did not* show the any of the 
NICs installed on that machine. It showed several connected machines.

calling "arp -na" from a machine in the local zone showed several machines 
in the local zone including the shorewall system. The MAC address of the 
shorewall system matches the NIC that is the default gateway.

Im assuming (naively) that 'arp -na' doesn't show the interfaces on the box 
calling arp but rather those of interfaces connected to that machine (via 
lan). At least thats what appears to be happening here.


>Do you mean the 'gateway' that is defined as the default gateway to the
>Shorewall machine or do you mean the MAC of the Shorewall machine's
>local interface? If the former, then something is really wrong with the
>network configuration since I assume that the 'gateway' isn't on the
>same LAN segment as the local zone systems.

I mean that calling 'arp -na' from a machine in the local zone shows several 
addresses of connected systems - one of which is the NIC acting as the 
default gateway on the shorewall machine. In no instance does 'arp' show the 
NIC's in the box from which 'arp' is called.







>On Fri, 2003-10-10 at 14:52, ether bunny wrote:
> > (The IP address was entered correctly - transcribed incorrectly)
> >
> > Ok. So 'arp -na' from the shorewall system shows some (but not all) of 
>the
> > connected machines.
>
>Did it correctly show the MAC and IP of its default gateway?
>
> >
> > 'arp -na' from a machine in the local zone shows the MAC address of the
> > gateway NIC. None of the other MAC addresses match this address.
>
>Do you mean the 'gateway' that is defined as the default gateway to the
>Shorewall machine or do you mean the MAC of the Shorewall machine's
>local interface? If the former, then something is really wrong with the
>network configuration since I assume that the 'gateway' isn't on the
>same LAN segment as the local zone systems.
>
> >
> > At what point can I start to think this is a hardware problem?
> >
>
>Still sounds like a configuration problem that was installed when you
>rebooted after the pfail.
>
> > Thank you for suffering my foolishness.
>
>Any time...
>
>-Tom
>--
>Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
>Shoreline,     \ http://shorewall.net
>Washington USA  \ teastep at shorewall.net
>
>
>_______________________________________________
>Shorewall-users mailing list
>Post: Shorewall-users at lists.shorewall.net
>Subscribe/Unsubscribe: 
>https://lists.shorewall.net/mailman/listinfo/shorewall-users
>Support: http://www.shorewall.net/support.htm
>FAQ: http://www.shorewall.net/FAQ.htm

_________________________________________________________________
Add MSN 8 Internet Software to your existing Internet access and enjoy 
patented spam protection and more.  Sign up now!   
http://join.msn.com/?page=dept/byoa

More information about the Shorewall-users mailing list