Are my routing issues firewall-related?

To: Debian Firewall List <debian-firewall@lists.debian.org>
Subject: Are my routing issues firewall-related?
From: "David H. Silber" <security@orbits.com>
Date: Tue, 27 Jun 2000 15:31:24 -0400
Message-id: <[🔎] 20000627153124.A7058@sol.orbits.com>

Hi Folks,

I have a routing problem that may or may not be firewall-related.

I have been assigned a block of 32 routable IP addresses for my new DSL
connection.  One of these addresses is the address of the DSL router.
I need to be able to make the default route from the firewall be the
DSL router.

As shown below, I can not get through the firewall.

Am I missing something obvious?

Ask, if you need more information.

Thanks,
David


My setup is as follows:
  x.x.x.96	Assigned network.
  x.x.x.97	DSL Router.
  x.x.x.98	Firewall's outside Ethernet card.
  x.x.x.99	Firewall's inside Ethernet card.
  x.x.x.100 through x.x.x.126	Various hosts(*).
  x.x.x.127	Broadcast.
  y.y.y.32	Old network addresses (on same internal Ethernet).

  x.x.x.*  Are the routable addresses assigned by the DSL company.
  y.y.y.*  Are the routable addresses that are routed through my older,
	    slower connection.

(*)  These hosts are connected to the firewall's inside Ethernet card
and have routable addresses.  There will also be hosts with non-routable
addresses on the internal network.



I have this routing set up on the firewall (kernel 2.2.5): 
  Kernel IP routing table
  Destination   Gateway     Genmask         Flags Metric Ref    Use Iface
  x.x.x.97      0.0.0.0     255.255.255.255 UH    0      0        0 eth0
  x.x.x.96      0.0.0.0     255.255.255.224 U     0      0        0 eth1
  y.y.y.32      0.0.0.0     255.255.255.224 U     0      0        0 eth1
  0.0.0.0       x.x.x.97    0.0.0.0         UG    0      0        0 eth0

I have turned on forwarding (echo "1" > /proc/sys/net/ipv4/ip_forward) on the firewall in /etc/init.d/network.

I have not yet touched the default ipchains configuration:
  # ipchains -L input
  Chain input (policy ACCEPT):
  # ipchains -L output
  Chain output (policy ACCEPT):
  # ipchains -L forward
  Chain forward (policy ACCEPT):

 From the firewall, I can ping to hosts on the y.y.y.32 network, the
x.x.x.96 network and the outside world.



I have this routing set up on x.x.x.110 (kernel 2.2.14):
  Kernel IP routing table
  Destination   Gateway     Genmask         Flags Metric Ref    Use Iface
  x.x.x.97      x.x.x.99    255.255.255.255 UGH   0      0        0 eth0
  127.0.0.1     0.0.0.0     255.255.255.255 UH    0      0        0 lo
  x.x.x.96      0.0.0.0     255.255.255.224 U     0      0        0 eth0
  0.0.0.0       x.x.x.99    0.0.0.0         UG    1      0        0 eth0

 From host x.x.x.110, I can ping hosts on the x.x.x.96 network, but not
the DSL router, or anything outside of it.

$ traceroute -Inv x.x.x.99
traceroute to x.x.x.99 (x.x.x.99), 30 hops max, 38 byte packets
 1  x.x.x.99 18 bytes to x.x.x.110  0.718 ms  0.600 ms  0.588 ms

$ traceroute -Inv x.x.x.98
traceroute to x.x.x.98 (x.x.x.98), 30 hops max, 38 byte packets
 1  x.x.x.98 18 bytes to x.x.x.110  1.428 ms  0.605 ms  0.596 ms

$ traceroute -Inv x.x.x.97
traceroute to x.x.x.97 (x.x.x.97), 30 hops max, 38 byte packets
 1  x.x.x.99 66 bytes to x.x.x.110  0.962 ms  0.657 ms  0.645 ms
 2  * * *
 3  * * *
    .
    .
    .
29  * * *
30  * * *

Reply to:

Follow-Ups:
- Re: Are my routing issues firewall-related?
  - From: Oswald Buddenhagen <ob6@inf.tu-dresden.de>
- Re: Are my routing issues firewall-related?
  - From: Lee Bradshaw <lee@sectionIV.com>

Prev by Date: port forwarding problems...
Next by Date: Re: Are my routing issues firewall-related?
Previous by thread: port forwarding problems...
Next by thread: Re: Are my routing issues firewall-related?
Index(es):
- Date
- Thread