hi,
i'm working on a new firewall box that will have a cable modem
connection to replace my current box that uses dial up. the cable box
gets its ip via dhcp from @home. for what follows, firewall box on cable
will be referred to as C, firewall on dial-up as D.
the two firewall boxes are running potato. boxes on the lan are all running
some version of debian (from potato to sid).
both of the firewall boxes have two interfaces, one for the external
connection and one for the internal lan. obviously the external
connections are different with D having a nic and C having a dial-up
modem.
with regard to the internal interfaces, these should be the same on both
firewalls - i.e., one nic running to a hub that all the boxes on the lan
plug into. (that is my assumption).
on box C, i have eth0 as the external link, eth1 as the internal link.
the problem i'm having is as follows. the external link is fine using
dhcpcd. i get the connection, can access external sites, dns, etc.
however, box C cannot talk to any of the hosts on the lan. both of its
nics are recognized at boot, as well as in ifconfig, and i can see the
nic on eth1 light up when trying to ping any host on the lan. the hub
also flashes at the junction where the cable from eth1 enters, but no
other lights on the hub go up. lan boxes cannot ping box C.
if i unplug box C from the hub and plug in box D, the latter can reach
all the lan boxes. lan boxes can reach box D.
i'm wondering if this is a routing problem? this is what the routing
table looks like for box C:
gateway for cable connection: ip=65.10.98.1
eth1 is assigned ip=192.168.1.1 on the lan
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.10.98.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 65.10.98.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
here is the routing table from one of the hosts on the lan:
(ip=192.168.1.4)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
i've unplugged my external link, dropped the firewall to see if that was
blocking access to the lan, but no joy.
if i replace host C with host D, the lan can communicate
with the firewall box (i.e., same routing table for the hosts on the lan
works). the routing table for the dial-up firewall (box D) is:
Destination Gateway Genmask Flags Metric Ref Use Iface
130.191.40.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 130.191.40.1 0.0.0.0 UG 0 0 0 ppp0
any clues as how to debug this further would be most appreciated.
thanks,
serge
--
Sergio J. Rey http://typhoon.sdsu.edu/rey.html
Reality is that which, when you stop believing in it, doesn't go away.
- Philip K. Dick
Attachment:
pgpSPxItqz38Y.pgp
Description: PGP signature