I’ve a miniroutersystem to route/firewall between some IP-segments.
One system in a segment cant be pinged from one special host in another
segment (other MT Router).
I cant see why the packets are dropped. I have a log rule before every drop
rule. I used sniffer to verify that packets reach the minirouter but they
are not forwarded by the minirouter. (ping reaches the system, answer goes
back to minirouter and then they are dropped).
I’ve added an allow all rule in front so I’m quite sure the firewall rules
are’nt the problem.
It looks like the minirouter finds something strange with this packets and drops
them on his own???
So how can I see what the minirouter is doing with the answerpackets?
Stefan,
Do you have proper routing configuration between host that is sending ping to minirouter and from minirouter to host ?
As probably there is problem with routing between minirouter and this host, when minirouter is trying to send reply it is checking route table to find the host reply.
Thanx Sergejs. I’ve found the problem. The device I cant reach is a
SNMP-Adapter for a UPS. It answers all packets normaly but not the packets
from my office router (different segment). I’ve looked deeper into the
answer-packets and found that the SNMP-Adapter answers using the
Ethernetadress of a gateway which is no longer active. So the minirouter
does not drop the packet. He does not take it cause he is not responsible.
Strange is that all other machines can reach the Adapter.
So the SNMP-Adapter stored a MAC Address for a machine not on the same networksegment.
Some kind of extended ARP. And even reboot does not clear this information.
I love this kind of networkgadgets .
.