can't ping LAN machine, NET pings fine

[Benedict Verheyen <linux4bene@pandora.be>]

Hi,

i have a Debian (testing) machine as a firewall (named arthur) with 2
nics, eth0 that is connected to the internet and gets an ip of the ISP
via DHCP and eth1 which serves ip's for the lan and has ip 192.168.0.1.
Currently there is only 1 other pc (named lancelot) besides the firewall
machine in the network. It gets ip 192.168.0.10 from the DHCP server on
the firewall.

WORKS:
ping from firewall to net
ping from lan to net
surfing net from lan

DOESN'T WORK:
ping from firewall to lan
ping from lan to firewall

I have disabled the iptables firewall on the firewall machine to be sure
that this isn't it. Result is the same. The iptables script has
ipforwarding enabled and uses a postrouting rule for masqueing. I have
log rules for everything yet i don't see anything in /var/log/messages. 

I have also moved the files /etc/hosts.allow and /etc/hosts.deny ( i
later want to be able to ssh to the firewall from the lan and these
files are checked by sshd)

I checked the FAQ, the Debian reference and google and couldn't seem to 
find an answer.

Anybody knows what it could be? I have attached some conf files.

================
1. /proc/devices
================
PCI devices found:
 Bus  0, device   0, function  0:

Host bridge:Intel Corp. 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (rev 3).
     Master Capable.  Latency=32.  
     Prefetchable 32 bit memory at 0xd0000000 [0xd3ffffff].

 Bus  0, device   1, function  0:
 PCI bridge: Intel Corp. 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge (rev 3).
     Master Capable.  Latency=64.  Min Gnt=128.

 Bus  0, device   7, function  0:
   ISA bridge: Intel Corp. 82371AB/EB/MB PIIX4 ISA (rev 2).

 Bus  0, device   7, function  1:
   IDE interface: Intel Corp. 82371AB/EB/MB PIIX4 IDE (rev 1).
     Master Capable.  Latency=32.  
     I/O at 0xf000 [0xf00f].

 Bus  0, device   7, function  2:
   USB Controller: Intel Corp. 82371AB/EB/MB PIIX4 USB (rev 1).
     IRQ 11.
     Master Capable.  Latency=32.  
     I/O at 0xe000 [0xe01f].

 Bus  0, device   7, function  3:
   Bridge: Intel Corp. 82371AB/EB/MB PIIX4 ACPI (rev 2).
     IRQ 9.

 Bus  0, device  11, function  0:
VGA compatible controller:nVidia CorporationRIVA TNT2 Model 64 (rev 21).
     IRQ 3.
     Master Capable.  Latency=32.  Min Gnt=5.Max Lat=1.
     Non-prefetchable 32 bit memory at 0xd6000000 [0xd6ffffff].
     Prefetchable 32 bit memory at 0xd4000000 [0xd5ffffff].
 Bus  0, device  13, function  0:
   Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL-8139/8139C/8139C+ (rev 16).
     IRQ 5.
     Master Capable.  Latency=32.  Min Gnt=32.Max Lat=64.
     I/O at 0xe400 [0xe4ff].
     Non-prefetchable 32 bit memory at 0xd8000000 [0xd80000ff].
 Bus  0, device  15, function  0:
Ethernet controller: Accton Technology Corporation SMC2-1211TX (rev 16).
     IRQ 10.
     Master Capable.  Latency=32.  Min Gnt=32.Max Lat=64.
     I/O at 0xe800 [0xe8ff].
     Non-prefetchable 32 bit memory at 0xd8001000 [0xd80010ff].
 Bus  0, device  17, function  0:
   SCSI storage controller: Adaptec AHA-2940U/UW/D / AIC-7881U (rev 0).
     IRQ 11.
     Master Capable.  Latency=32.  Min Gnt=8.Max Lat=8.
     I/O at 0xec00 [0xecff].
     Non-prefetchable 32 bit memory at 0xd8002000 [0xd8002fff].

==================
2. /proc/interupts
==================
          CPU0       
 0:     312415          XT-PIC  timer
 1:       8414          XT-PIC  keyboard
 2:          0          XT-PIC  cascade
 5:      11223          XT-PIC  eth0
 6:         77          XT-PIC  floppy
 8:          1          XT-PIC  rtc
10:       1355          XT-PIC  eth1
11:         68          XT-PIC  aic7xxx, usb-uhci
14:      14271          XT-PIC  ide0
NMI:          0 
LOC:     312385 
ERR:          0
MIS:          0

===========
3. ifconfig
===========
eth0      Link encap:Ethernet  HWaddr 00:20:18:A0:6A:27  
         inet addr:x.x.x.x  Bcast:255.255.255.255  Mask:255.255.240.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:8318 errors:0 dropped:0 overruns:0 frame:0
         TX packets:799 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100 
         RX bytes:828044 (808.6 KiB)  TX bytes:97601 (95.3 KiB)
         Interrupt:5 Base address:0xb000 

eth1      Link encap:Ethernet  HWaddr 00:10:B5:40:DE:14  
         inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:678 errors:0 dropped:0 overruns:0 frame:0
         TX packets:747 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100 
         RX bytes:88469 (86.3 KiB)  TX bytes:342043 (334.0 KiB)
         Interrupt:10 Base address:0xd000 

lo        Link encap:Local Loopback  
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:80 errors:0 dropped:0 overruns:0 frame:0
         TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:9496 (9.2 KiB)  TX bytes:9496 (9.2 KiB)

x.x.x.x is the ip i get from the ISP

=============================
4. /etc/networking/interfaces
=============================
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 192.168.0.1
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255

==========================
5. /etc/networking/ifstate
==========================
lo=lo
eth0=eth0
eth1=eth1

==========================
6. /etc/networking/options
==========================
ip_forward=yes
spoofprotect=yes
syncookies=no

====================
7. /etc/default/dhcp
====================
INTERFACES="eth1"

=========================
8. /etc/default/dhcp.conf
=========================
subnet 192.168.0.0 netmask 255.255.255.0 {
    default-lease-time 86400;
    max-lease-time 86400;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.0.255;
    option routers 192.168.0.1;
    option domain-name-servers 195.130.132.19, 195.130.132.20;
    option domain-name "camelot";
    range 192.168.0.10 192.168.0.15;
}

=============
9. /etc/hosts
=============
127.0.0.1    localhost
192.168.0.10 lancelot.camelot lancelot
192.168.0.1  arthur.camelot   arthur
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

====================
10. /etc/resolv.conf
====================
search ispnetwork.be
nameserver x.y.z.a
nameserver x.y.z.b

Mentioned is the name of the isp's network and 2 nameservers from the
network of the isp.

=============================
11. route table on arthur(FW)
=============================
Kernel IP routing table
Destination  Gateway   Genmask   Flags Metric Ref Use Iface

192.168.0.0  0.0.0.0  255.255.255.0  U    0     0 0   eth1
x.x.x.x      0.0.0.0  255.255.240.0  U    0     0 0   eth0
0.0.0.0      x.y.z.c  0.0.0.0        UG   0     0 0   eth0

x.x.x.x is the ip of eth0 which was received through dhcp of isp.

================================
12. route table on lancelot(LAN)
================================
Kernel IP routing table
Destination  Gateway   Genmask   Flags Metric Ref Use Iface

192.168.0.0  0.0.0.0  255.255.255.0  U    0     0 0   eth0
0.0.0.0   192.168.0.1  0.0.0.0       UG   0     0 0   eth0

================================================
13. ping result from arthur(FW) to lancelot(LAN)
================================================
PING 192.168.0.10 (192.168.0.10): 56 data bytes
ping: wrote 192.168.0.10 64 chars, ret=-1
ping: wrote 192.168.0.10 64 chars, ret=-1
ping: wrote 192.168.0.10 64 chars, ret=-1

--- 192.168.0.10 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
PING 192.168.0.10 (192.168.0.10): 56 data bytes
ping: wrote 192.168.0.10 64 chars, ret=-1
ping: wrote 192.168.0.10 64 chars, ret=-1
ping: wrote 192.168.0.10 64 chars, ret=-1

--- 192.168.0.10 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss


Thanks for any help,
Benedict