Re: Firewall network configuration

To: Steve Doerr <sdoerr@swbell.net>, debian-firewall@lists.debian.org
Subject: Re: Firewall network configuration
From: Ray Olszewski <ray@comarre.com>
Date: Sat, 24 Mar 2001 16:22:10 -0800
Message-id: <2.2.32.20010325002210.00bfc9b8@[192.168.1.23]>

See below.

At 04:57 PM 3/24/01 -0600, Steve Doerr wrote:
>Hi.  This question is for a firewall and I wonder if anybody has any
>advice on network configuration, because I can't get eth1 to pass the
>internet connection to my hub.
>
>I've got box1's eth0 connected to my dsl line through the dsl
>modem/router and it picks up the ip, etc. through dhcpcd.  This card is
>connected to the internet fine.
>
>I've got box1's eth1 connected to jack 1 of the hub, but the hub doesn't
>show anything connected.  

Do you mean here that the hub light does not come on? If so, then you have
one of the following problems:

        1. A bad NIC.
        2. A bad port on the hub.
        3. A bad cable.
        4. The wrong sort of cable or port. That is, to connect a NIC 
                to a hub, you use a regular (not crossover) Ethernet
                cable, connect to a regular (not an uplink) port. 
        5. A bad light.

>From experience, my *guess* is that you got #4 wrong (port 1 on a hub is
often, though not always, an uplink port). But you don't really say enough
for us to tell.

If you meant something else by "the hub doesn't show anything connected",
pleae ask this again, next time describing the symptoms less ambiguously.  

>eth1 is a good card, and I can ping it at
>192.168.1.1, 

Ping it *from* where? Not from the LAN, I assume, if the physical connection
is not working, as the earlier paragraph seemed to be saying.

>but I've missed something about configuring it to forward
>the external connection out to my hub and on to my network.  I do have
>ipmasq installed, but from what I've read, the defaults should handle
>this if the network is configured correctly.

Yes. At least well enough for basic tests of the sort we are discussing.

>eth1 on box1 is configured as follows in /etc/network/interfaces (even
>though I'm using dhcpcd on eth0, the external ip is always the same, so
>I'm using static on eth1):
>
>iface eth1 inet static
>   address 192.168.1.1
>   netmask 255.255.255.0
>   network 192.168.1.0
>   broadcast 192.168.1.255
>   gateway <ext_ip_from_eth0>
>
>Does anyone know what I should check now?

It would help to see your routing table ("netstat -nr") ... but if memory
serves, you do NOT specify a gateway entry for the LAN interface setup. You
specify it only for the interface that provides access to the gateway. My
memory may be off on this, however, as I haven't set up any routers recently.



--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        
----------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: Firewall network configuration
  - From: Steve Doerr <sdoerr@swbell.net>

Prev by Date: Re: Firewall network configuration
Next by Date: Re: Firewall network configuration
Previous by thread: Re: Firewall network configuration
Next by thread: Re: Firewall network configuration
Index(es):
- Date
- Thread