> On 10 Nov 2016, at 15:09, Ken Teh <[log in to unmask]> wrote:
> 
> I'm trying to isolate a network problem and I need some debugging help.  Frustrating when I am not fluent in the new sys admin tools.
> 
> Symptom is as follows:  I have a machine running Fedora 24 with its firewall zone set to work.  I cannot ping the machine except from the same subnet.  I don't have this problem with a second machine running the same OS/rev with the same firewall setup.  I'm not sure where to look.
> 
> I've dumped out both machines iptables.  See attachment.  I did a diff -y and they look almost identical.  The machine that does not work has 2 nics, one which is connected to a 192.168 network.  It has additional rules in the various chains but they are all "from anywhere to anywhere".  I'm assuming the additional rules come from the second interface.
> 
> I've put a query to my networking folks to see if the problem is further upstream.  But I thought I'd ask if I have missed something obvious.

What's the default route on the "failing" system?

> I know it's not SL7 but they use the same tools:  nmcli and firewall-cmd.
> 
> <iptables.fails><iptables.works>

-- 
Stephan Wiesand
DESY -DV-
Platanenallee 6
15738 Zeuthen, Germany