also sprach Michael Boyd (on Tue, 17 Jul 2001 10:31:30AM +0100): > The firewall uses a dial-up connection ppp0; > The Secure side is connected to eth0 (192.168.1.1); > The DMZ side is connected to eth1 (192.168.1.2); > The webserver is 192.168.1.5; > The Win98 machine is 192.168.1.3; > I havent built the Debian box for doing backups yet but it will be > 192.168.1.4. > > I can ping from the firewall to the Win98 machine and vice versa. > I can ping 192.168.1.2 from the firewall and Win98 machine. > I can't ping the webserver at all! um. you have two network interfaces in one machine on the same subnet. how are you supposed to configure routing??? i would assign 192.168.1.1 to the secure side, and 192.168.2.1 to the DMZ side. the webserver will then be 192.168.2.2 and the others in the 192.168.1.0 subnet. the routing table will then be: 192.168.1.0 * 255.255.255.0 eth0 192.168.2.0 * 255.255.255.0 eth1 and you let the rest be handled by pppd. > 3. I have done something silly by giving the DMZ interfaces 192.168.1.N > addresses. Should I use something of the form 192.168.2.N for the DMZ > (remembering to change the netmask to suit!)? you don't have to change the netmask. martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck -- every nonzero finite dimensional inner product space has an orthonormal basis.
Attachment:
pgpadgMQussyp.pgp
Description: PGP signature