Re: 3nics and routing...
On Fri, 2002-04-12 at 20:44, Suresh Kumar R wrote:
> Hi,
>
> I tried what you said, still from my dmz and internal
> lan I am unable to go out of my firewall box. From al
> machines I can ping all the three cards of firewall
> box but nothing beyond.
>
> This is the output of route command now:
>
> Destination Gateway Genmask Flags
> Metric Ref Use Iface
> 210.212.236.105 * 255.255.255.255 UH
> 0 0 0 eth0
> 210.212.236.112 * 255.255.255.240 U
> 0 0 0 eth2
> 192.168.100.0 * 255.255.255.0 U
> 0 0 0 eth1
> default 210.212.236.105 0.0.0.0 UG
> 0 0 0 eth0
>
> cat /proc/sys/net/ipv4/ip_forward gives out 1.
>
> Ping to 210.212.236.105 also times out as usual....
>
> Any suggestions please...
I suggest using a sniffer on the firewall box to investigate where the
packets are going to work out why?
For example, use tcpdump on eth0 and eth2 (in 2 shells simultaneously),
and then from the DMZ ping the cisco. The ICMP ECHO REQUEST might be
being passed on successfuly, but if the ICMP ECHO REPLY is not being
sent the right way from the cisco, then you'll see no response.
Also make sure the broadcast addresses on your interfaces are set
correctly (ifconfig stuff). The broadcast address of eth2 is
210.212.236.127 NOT 210.212.236.255. The broadcast address of eth0 is
most likely to be 210.212.236.111 (thats an assumption for lack of more
info). The lan's broadcast will of course be 192.168.100.255.
make sure the 'network' addresses (in /etc/network/interfaces) are
correct too. eth2 is 210.212.236.112 and eth0 is (assumption) .96
If these are correct and things arn't working then have a look at the
sniffer info to see what is actually happening on the wire. Whether
things are routing correctly but responses are not returned (which is
the routing on the other hardware).
Good luck
Crispin Wellington
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: