On Fri, 2002-04-12 at 20:44, Suresh Kumar R wrote: > Hi, > > I tried what you said, still from my dmz and internal > lan I am unable to go out of my firewall box. From al > machines I can ping all the three cards of firewall > box but nothing beyond. > > This is the output of route command now: > > Destination Gateway Genmask Flags > Metric Ref Use Iface > 210.212.236.105 * 255.255.255.255 UH > 0 0 0 eth0 > 210.212.236.112 * 255.255.255.240 U > 0 0 0 eth2 > 192.168.100.0 * 255.255.255.0 U > 0 0 0 eth1 > default 210.212.236.105 0.0.0.0 UG > 0 0 0 eth0 > > cat /proc/sys/net/ipv4/ip_forward gives out 1. > > Ping to 210.212.236.105 also times out as usual.... > > Any suggestions please...
I suggest using a sniffer on the firewall box to investigate where the packets are going to work out why? For example, use tcpdump on eth0 and eth2 (in 2 shells simultaneously), and then from the DMZ ping the cisco. The ICMP ECHO REQUEST might be being passed on successfuly, but if the ICMP ECHO REPLY is not being sent the right way from the cisco, then you'll see no response. Also make sure the broadcast addresses on your interfaces are set correctly (ifconfig stuff). The broadcast address of eth2 is 210.212.236.127 NOT 210.212.236.255. The broadcast address of eth0 is most likely to be 210.212.236.111 (thats an assumption for lack of more info). The lan's broadcast will of course be 192.168.100.255. make sure the 'network' addresses (in /etc/network/interfaces) are correct too. eth2 is 210.212.236.112 and eth0 is (assumption) .96 If these are correct and things arn't working then have a look at the sniffer info to see what is actually happening on the wire. Whether things are routing correctly but responses are not returned (which is the routing on the other hardware). Good luck Crispin Wellington -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
