actually I'd like to make a correction to this last e-mail. I did some double checking and a lot of rebooting.
I *can* access the DMZ from both my internal nets (eth1 and eth3). I can type the private IP address of the DMZ server into the web browser and I have pages come back. But, entering in the Public IP address of the DMZ server into the web browser yeilds no response (from the internal nets). I can ping the public IP from inside the internal net(s). But computers outside my own network(s) can not ping the public IP. The router can ping the additinal IP on the external interface. I replicated this on another Dachstein-CD boot box on another DSL and had line same problem only this one has just the DMZ and the eth1 internal interfaces. sorry for the mis-information but I didn't find this out until I put together a brand new Dachstein CD 1.02 and loaded it on diff computer that I am building. Thanks Alec -----Original Message----- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 11, 2002 10:47 AM To: Alec Miller; [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD eth3 / DMZ error > ahhhhhhhhhhh....... this is the part that I didn't understand.....how to > push the packets into the DMZ via the exta eth0 ip addy. > > sweet thanks.. > but now i am finding another issue (heh....keeps getting better and better > though) > > The traffic is going in but not coming back out from within my own private > nets > (see below). The public can get in...but not me. I am guessing this is > another multi-internal net scripting issue?? Hmm...I'm not sure what's going on...what IP are you trying to use to get to the web-server? The public port-forwarded IP (66.93.80.148 ), or the private IP (192.168.2.1)? Exactly what happens when you try connecting with either IP? You may have to wait until I can get a test network setup again, switch to a proxy-ARP based DMZ, or gather some detailed diagnostic information (since my test network is still sitting in the garage, disconnected after my office move at the end of last month). If you want to do the latter, please try the following: - Reboot your firewall to provide a clean slate...you might want even to even dis-connect your upstream link (if you're not using dhclient to configure the external interface) - Log in and manually add some packet tracing ipchains rules: ipchains -I input -l ipchains -I forward -l ipchains -I output -l - Try connecting to your DMZ web-server from both internal networks, using both IP's above (for a total of four different connection attempts). - Run "net ipfilter list >/tmp/ipfilter.list" - Send me the results of the above command, as well as the contents of /var/log/syslog, and the files /etc/network.conf and /etc/ipfilter.conf - Clear your manually added ipchains rules (change the -I to -D in the commands above) or just re-boot. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
