mdpeters wrote: > Du'oh! > > I changed it and this is what I see so far. I'm running a Nessus scan > on one side of the bridge and the target system is at the other side > of the bridge. > > PRE QUEUEIN=safetynet0 OUT=safetynet0 PHYSIN=eth2 PHYSOUT=eth1 > SRC=68.16.185.132 DST=68.16.185.130 LEN=41 TOS=0x00 PREC=0x00 TTL=64 > ID=3072 PROTO=TCP SPT=3133 DPT=45495 WINDOW=2048 RES=0x00 ACK URGP=0 > > POST QUEUEIN=safetynet0 OUT=safetynet0 PHYSIN=eth2 PHYSOUT=eth1 > SRC=68.16.185.132 DST=68.16.185.130 LEN=41 TOS=0x00 PREC=0x00 TTL=64 > ID=3072 PROTO=TCP SPT=3133 DPT=45495 WINDOW=2048 RES=0x00 ACK URGP=0 Ok, since there was no return traffic, I'm assuming that the destination host doesn't know the firewall's in between the two PC's. In 68.16.185.130's arp table, does it have 68.16.185.132 mapped to your firewall's eth1 interface? Is proxyARPing setup on both firewall interfaces? This is leaving my knowledge realm, so if someone else can help..
