You need to describe the ping failures more clearly before you can get
sensible advice. Read the FAQ sections on ping failures (they help you to
characterize different types of ping failures and list the "simplest errors"
associated with each type). Additional details below.
At 04:09 PM 12/25/01 -0500, Kory Krofft wrote:
>Merry Christmas!
>I am adding a subnet so I can later open it up as a DMZ. I have made
>some progess so far. Using Dachstein floppy my plan looks like this:
>eth0 Public side of the lrp
>eth1 private net 1 using 192.168.1 subnet
>eth2 private net 2 (DMZ) using 192.168.10 subnet
>
>LRP can ping both subnets
You mean the LEAF router can ping hosts you have running on these subnets.
I'm not quibbling here, but I am trying to be clear in a way that leads up
to later questions. You do mean that the *specific* hosts that are involved
in your later ping failures are ping'able from the LEAF router, right?
>subnets cannot ping each other
>192.168.10 cannot ping anything
"anything"? What did you actually try?
In particular, can a host in 192.168.10.0/24 ping the LEAF router at its
eth2 IP address (192.168.10.X)? Can it ping the LEAF router's other (eth0,
eth1) IP addresses? If it cannot, *how* do its pings fail (what failure
messages actually appear, and what OS is generating those failure messages)?
Assuming you have 2 hosts on 192.168.10.0/24 other than the LEAF router, am
I correct in assuming that they can ping each other? If not, your problem
(whatever it is) is not with the LEAF router.
Do the hosts on 192.168.10.0/24 know that the LEAF router (192.168.10.X) is
their default gateway? (On a Linux suystem, you can check this in the output
of "netstat -nr".)
>192.168.1 has full internet access but cannot ping past firewall(name
>resolution works)
What does "full internet access" mean? That you can make TCP and UDP
connections but not ICMP ones? HOW do the pings fail (there are 5 distinct
ways, 4 of them discussed in the FAQ materials I referred you to above).
>Assume the simplest errors and send me a note please. If you wish to see
>a particular config file just ask and I will post the pertinent section.
I don't have specific questions at this point, but when trying to
troubleshoot connectivity problems, it always helps to see (from the LEAF
router, and the equivalents from hosts used in the tests) the output of
ip addr show
netstat -nr
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
