Re: V?: home network behind a firewall/router

To: debian-user@lists.debian.org
Subject: Re: V?: home network behind a firewall/router
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Mon, 5 Nov 2007 10:21:36 -0500
Message-id: <[🔎] 20071105152136.GG6395@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 3d78597f0711041334m12609d74w1a9b4b89fa387e57@mail.gmail.com>
References: <[🔎] 3d78597f0711041334m12609d74w1a9b4b89fa387e57@mail.gmail.com>

On Sun, Nov 04, 2007 at 10:34:29PM +0100, P?l Cs?nyi wrote:
> 2007/11/4, Douglas A. Tutty <dtutty@porchlight.ca>:
> > On Sat, Nov 03, 2007 at 07:46:20PM +0100, P?l Cs?nyi wrote:
> > >
> > > I have a Cable Modem connection to my ISP.
> > >
>              my ISP
>                |
> Cable Modem connection to my ISP
>                |
>              eth3
>            get an IP address
>           from dhcp server of my ISP
>            10.91.0.xxx
>                |
>     PC box-1 firewall/gateway
>     =========================
>    eth1                    eth2
> 192.168.1.1             192.168.2.1
>     |                       |
>    LAN                     DMZ
>     |                       |
>    eth0                    eth0
> 192.168.1.98          192.168.2.100
>     |                       |
> PC box-2                PC box-3
> desktop                 server
> Debian Etch             Debian Etch
> ===========             ===========
> 
> > > I can connect from the PC box-1 to the internet,
> > > but can't connect from LAN & from DMZ to the internet.
> > >
> > > I use shorewall on all boxes, but even when I do
> > > shorewall clear on all boxes, I still can't to connect to the
> > > internet from LAN & DMZ.
> > >
> > > On the firewall/gateway I have dhcp server which give
> > > IP addresses to box-2 & box-3.
> > >
> > > I set up on both box-2 & box-3 the dhcp client to get the
> > > domain-name-servers, and have these servers in resolv.conf.
> >
> > Did you enable packet forwarding on box 1?
> 
> Yes I did.
> /proc/sys/net/ipv4/ip_forward
> is 1
> 
> > Is shorewall masquerading for you?
> 
> No, I have not a public IP address yet, so I don't need it.

Yes, you do.  You have three networks: 192.168.1.0, 192.168.2.0, and
10.91.0.0.  The cable modem will route from the 10.91.0.0 but won't
route from other networks.



> > Test by pinging by IP number and worry about DNS once IP works.
                       ^^^^^^^^^      
> 
> from PC box-1 ping PC box-2
> ping 192.168.1.98
> OK
> 
> from PC box-1 ping PC box-3
> ping 192.168.2.100
> OK
> 
> from PC box-1 ping www.google.com
> ping www.google.com
> OK

What IP number does it ping?

> 
> from PC box-2 ping PC box-1
> ping 192.168.1.1
> OK
> 
> from PC box-2 ping www.google.com
> ping www.google.com
> ping: unknown host www.google.com
> 

Try pining google's IP number (from above).

> from PC box-3 ping PC box-1
> ping 192.168.1.1
> OK
> 
> from PC box-3 ping www.google.com
> ping www.google.com
> ping: unknown host www.google.com
> 
> 

ditto.

> I set up on PC box-1 & box-2 & box-3 dhcpclient so
> they get domain-name-servers of my ISP correctly.
> I can see the correct nameservers in resolv.conf
> of both boxes.
> 
> I don't understand what is missing here more?

Reply to:

Follow-Ups:
- Re: V?: home network behind a firewall/router
  - From: "Pál Csányi" <csanyipal@gmail.com>

References:
- Vá: home network behind a firewall/router
  - From: "Pál Csányi" <csanyipal@gmail.com>

Prev by Date: Re: hard disk device name change after reboot
Next by Date: Re: disable mounting of bogus CD device on Toshiba USB stick?
Previous by thread: Re: Vá: home network behind a firewall/router
Next by thread: Re: V?: home network behind a firewall/router
Index(es):
- Date
- Thread