On 08/11/2014 03:31 PM, lejeczek wrote:
dear experts
I'm looking for ideas/suggestion why the following does not work
there is a:
* box A - 172.17.166.199 -- then there is 172./8 net -- box B -
172.25.12.101 (phys0), 192.168.2.100 (phys1) -- and one more net
behind 192.168.2.100
a 192.168.2.81 from behind box B can ping172.17.166.199
but not the other way around, box A cannot get to box B's phys1 but it
does get to phys0
I can control box A but have no control over the nets between it and
box B's phys0
I can control box B
I thought my route rules on box B are complete, box A is a winbox
I though box B' firewall is ready
but I obviously miss something
there is no masquerading for phys0 nor phys1 one box B
It looks like the firewall (FORWARD chain) in B is not allowing NEW
connections from phys0 to phys1; only allowing ESTABLISHED connections,
which made the ICMP reply packets through.
Regards,
Vignesh
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
