[23:06]<s19g>huh. good question [23:06]<s19g>at /proc/net/ip_forward? [23:07]<rnryv>/proc/sys/net/ipv4/ip_forward [23:08]<s19g>well, I don't have /proc/sys/net/ipv4/, so I guess the answer is "no" [23:09]<rnryv>home made kernel ? [23:09]<s19g>no [23:09]<s19g>stock fc5 [23:10]<rnryv>niarf [23:10]<rnryv>I've made a fw of one of it last week [23:11]<s19g>what does "niarf" mean? [23:12]<rnryv>custom word meaning "weird, you've got a problem or are unlucky" [23:18]<2rfju>hm.. NAT seems to be the main problem with iptables [23:23]<s19g>Regit: my bad. I didn't see the sys in that path [23:23]<s19g>I have it [23:24]<s19g>and it is enabled [23:25]<s19g>but I still can't ping from private to public [23:27]<s19g>This should be drop dead simple. I don't know how I've managed to botch it. [23:32]<rnryv>s34n: add -vn to your iptables -L [23:32]<rnryv>maybe you have a interface problem [23:35]<s19g>http://www.rafb.net/paste/results/cIvdUX87.html [23:36]<s19g>from the host itself, I can ping both networks [23:37]<s19g>and both networks can ping the fw [23:37]<s19g>the private network can ping both sides of the fw [23:40]<rnryv>s34n: is route correctly set on both networks ? [23:40]<rnryv> 23 1548 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 [23:41]<rnryv>it seems ping goes through firewall [23:42]<s19g>Regit: route looks correct [23:43]<rnryv>s34n: try tcpdump on firewall output interface when trying to ping [23:56]<s19g>Regit: ok. it dumped some stuff [23:58]<s19g>what am I looking for? [23:58]<rnryv>s34n: did you see packet from internal that should have gone through the fw [23:58]<rnryv>?
