Re: Firewall network configuration

To: Ray Olszewski <ray@comarre.com>, "debian-firewall@lists.debian.org" <debian-firewall@lists.debian.org>
Subject: Re: Firewall network configuration
From: Steve Doerr <sdoerr@swbell.net>
Date: Sun, 25 Mar 2001 11:56:06 -0600
Message-id: <3ABE3136.E2F43A84@swbell.net>
References: <2.2.32.20010325002210.00bfc9b8@[192.168.1.23]>

Thank you very much.  Option 4 it is.  My mistake for thinking the
output cable
from eth1 was an uplink (so that's what that mdi/mdi-x switch was for on
jack1).  I got it to run through the hub and box2 is now online.

The gateway thing is from the firewall howto's configuration for eth1,
but I had to drop it to get outside.

I also had to add swbell's dns servers to resolv.conf on box2 since I'm
not running my own, but everything is working fine.

Thanks again, Ray.
Steve


Ray Olszewski wrote:

> See below.
>
> At 04:57 PM 3/24/01 -0600, Steve Doerr wrote:
> >Hi.  This question is for a firewall and I wonder if anybody has any
> >advice on network configuration, because I can't get eth1 to pass the
> >internet connection to my hub.
> >
> >I've got box1's eth0 connected to my dsl line through the dsl
> >modem/router and it picks up the ip, etc. through dhcpcd.  This card is
> >connected to the internet fine.
> >
> >I've got box1's eth1 connected to jack 1 of the hub, but the hub doesn't
> >show anything connected.
>
> Do you mean here that the hub light does not come on? If so, then you have
> one of the following problems:
>
>         1. A bad NIC.
>         2. A bad port on the hub.
>         3. A bad cable.
>         4. The wrong sort of cable or port. That is, to connect a NIC
>                 to a hub, you use a regular (not crossover) Ethernet
>                 cable, connect to a regular (not an uplink) port.
>         5. A bad light.
>
> >From experience, my *guess* is that you got #4 wrong (port 1 on a hub is
> often, though not always, an uplink port). But you don't really say enough
> for us to tell.
>
> If you meant something else by "the hub doesn't show anything connected",
> pleae ask this again, next time describing the symptoms less ambiguously.
>
> >eth1 is a good card, and I can ping it at
> >192.168.1.1,
>
> Ping it *from* where? Not from the LAN, I assume, if the physical connection
> is not working, as the earlier paragraph seemed to be saying.
>
> >but I've missed something about configuring it to forward
> >the external connection out to my hub and on to my network.  I do have
> >ipmasq installed, but from what I've read, the defaults should handle
> >this if the network is configured correctly.
>
> Yes. At least well enough for basic tests of the sort we are discussing.
>
> >eth1 on box1 is configured as follows in /etc/network/interfaces (even
> >though I'm using dhcpcd on eth0, the external ip is always the same, so
> >I'm using static on eth1):
> >
> >iface eth1 inet static
> >   address 192.168.1.1
> >   netmask 255.255.255.0
> >   network 192.168.1.0
> >   broadcast 192.168.1.255
> >   gateway <ext_ip_from_eth0>
> >
> >Does anyone know what I should check now?
>
> It would help to see your routing table ("netstat -nr") ... but if memory
> serves, you do NOT specify a gateway entry for the LAN interface setup. You
> specify it only for the interface that provides access to the gateway. My
> memory may be off on this, however, as I haven't set up any routers recently.
>
> --
> ------------------------------------"Never tell me the odds!"---
> Ray Olszewski
>
> -- Han Solo
>
> Palo Alto, CA
> ray@comarre.com
>
> ----------------------------------------------------------------
>

Reply to:

References:
- Re: Firewall network configuration
  - From: Ray Olszewski <ray@comarre.com>

Prev by Date: Re: Firewall network configuration
Next by Date: Dynamic IP Address
Previous by thread: Re: Firewall network configuration
Next by thread: Dynamic IP Address
Index(es):
- Date
- Thread