Hello, netfilter@xxxxxxxxxxxxxx a écrit : > I have a firewall router box that I'm trying to write a ruleset for that > accepts/blocks traffic from Network A to Network B. I'm testing the > rules on 3 virtual machines and will eventually deploy to production > hardware: > > Net A Machine Eth0 <-> Eth0 Firewall/Router Eth1 <-> Eth0 Net B Machine > 192.168.99.1 192.168.99.2 10.10.10.1 10.10.10.2 > > I have the the following rules on the Firewall/Router as a test before I > write rules with http, ssh etc: > > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o eth1 -p icmp --icmp-type echo-request -s > 192.168.99.0/24 -d 10.10.10.0/24 -m state --state NEW -j ACCEPT > iptables -A FORWARD -p icmp --icmp-type echo-request -m state --state > NEW -j LOG --log-prefix "ICMP: " > > When I ping from 192.168.99.1 to 10.10.10.2 it does not work. The log > rule logs the packet as IN=ETH1 OUT=ETH1. Can you describe the virtual network architecture ? Are all the three machines above virtual guests on a same physical host or is one of them the physical host ? Also, can you provide the routing table on the firewall/router as reported by route -n or ip route ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html