Sorry to jump in here, but your problem, heff, sounds more and more like a routing problem at the other end (what I'll call the ISP end, though you haven't actually told us what or where the gateway is) ... that is, that the x.x.150.254 gateway does not know that x.x.150.253 is *its* route to network x.x.153.0/24 .
Hence, the router itself can ping anything it wants to, since the ISP's gateway knows how to route to host x.x.150.253, but the LAN hosts cannot, because the ISP's gateway doesn't know how to route to that network. And the system works when NAT'd, because that makes all the LAN traffic look to the ISP's router as though it originates at host x.x.150.253 . If this *guess* is correct, there is nothing you can do to your configurations to fix it (except revert to a NAT'd setup). You ISP has to change *its* routing tables. This is only a guess, of course, but one worth a minute's checking before we spend too much time on the tedious task of exploring ipchains rulesets. Try setting IPFILTER_SWITCH=firewall (is that the right code, Charles?); this will restore NAT'ing, which may correct the problem. At 01:15 PM 11/14/01 -0600, Charles Steinkuehler wrote: >I have set the IPFILTER_SWITCH=router and none, but still cannot ping past >the router from a laptop on eth1 (windows generates request timed out). > >CS> Questions: > >Can the router ping the destination IP? If not, provide output of: > ip addr > ip route > ipchains -nvL > >Is the default route on your laptop set to the router's IP on that net? > >Are you pinging by name or IP? -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
