I would not be even bothered that much if at all about that source IF being different net and not pinging, but the real problem is that: that host in question is meant to be routing between 172.25.x.x <=> 10.5.x.x and it sort of does but only ICMP seems to get through. Anything else, any other port seem to be blocked-filtered and I cannot wrap my head around as to why? I'm beginning to think that maybe switch's trunking/tagging is misconfigured somehow, but it should be simple, gee.. On 16/08/16 11:59, John R Pierce wrote: > On 8/16/2016 3:53 AM, lejeczek wrote: >> >> $ ping 10.5.6.17 -I p3p3 >> PING 10.5.6.17 (10.5.6.17) from 172.25.12.202 p3p3: >> 56(84) bytes of data. >> >> and nothing, ping waits and no reply, Ctrl+C >> >> with such a simple setup rules based routing should not >> be involved, kernel should figure it out, right? > > you specifically said to send that packet to an interface > on the wrong network, of course, its not going to get > through, unless there's an external route from that > network to the destination. I'm presuming there's a router > somewhere else between your 192.168.2.0/24 network and > 10.5.6.17, that would enable those ping -I em1/2 commands > to work. note that the recipient of the ping needs to > have a route to get back to the source, too. > > > >