hi, i'm working on a new firewall box that will have a cable modem connection to replace my current box that uses dial up. the cable box gets its ip via dhcp from @home. for what follows, firewall box on cable will be referred to as C, firewall on dial-up as D.
the two firewall boxes are running potato. boxes on the lan are all running some version of debian (from potato to sid). both of the firewall boxes have two interfaces, one for the external connection and one for the internal lan. obviously the external connections are different with D having a nic and C having a dial-up modem. with regard to the internal interfaces, these should be the same on both firewalls - i.e., one nic running to a hub that all the boxes on the lan plug into. (that is my assumption). on box C, i have eth0 as the external link, eth1 as the internal link. the problem i'm having is as follows. the external link is fine using dhcpcd. i get the connection, can access external sites, dns, etc. however, box C cannot talk to any of the hosts on the lan. both of its nics are recognized at boot, as well as in ifconfig, and i can see the nic on eth1 light up when trying to ping any host on the lan. the hub also flashes at the junction where the cable from eth1 enters, but no other lights on the hub go up. lan boxes cannot ping box C. if i unplug box C from the hub and plug in box D, the latter can reach all the lan boxes. lan boxes can reach box D. i'm wondering if this is a routing problem? this is what the routing table looks like for box C: gateway for cable connection: ip=65.10.98.1 eth1 is assigned ip=192.168.1.1 on the lan Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 65.10.98.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 65.10.98.1 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 here is the routing table from one of the hosts on the lan: (ip=192.168.1.4) Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 i've unplugged my external link, dropped the firewall to see if that was blocking access to the lan, but no joy. if i replace host C with host D, the lan can communicate with the firewall box (i.e., same routing table for the hosts on the lan works). the routing table for the dial-up firewall (box D) is: Destination Gateway Genmask Flags Metric Ref Use Iface 130.191.40.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 130.191.40.1 0.0.0.0 UG 0 0 0 ppp0 any clues as how to debug this further would be most appreciated. thanks, serge -- Sergio J. Rey http://typhoon.sdsu.edu/rey.html Reality is that which, when you stop believing in it, doesn't go away. - Philip K. Dick
pgpPlktBvPw0y.pgp
Description: PGP signature
