[Shorewall-users] How can I ping a private IP

Tom Eastep teastep at shorewall.net
Tue Mar 9 08:52:42 PST 2004


On Tuesday 09 March 2004 08:46 am, M Lu wrote:
> Hi Tom,
>
> I can understand your explanation in b), i.e. Shorewall does not check the
> reply to request initiated from my end. But I do not understand a) very
> well. Does that mean my Shorewall setup is wrong or my ISP's setup is
> wrong? Do I have to be worried about somebody on my ISP network be able to
> hack into my internal subnets (probably not according to your b), but I
> just want to be sure)?

No -- you do not have to worry about that. 

>
> Could you explain a little bit more and point me to the lines in my
> "shorewall show nat" where it says DNAT occurs at my ISP.

It is the absence of any DNAT entry in your output that leads me to believe 
that it must be occuring at your ISP. Note the appearance of 10.214.128.1 in 
the traceroute output; I suspect that is where the destination IP address is 
being rewritten.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list