At 03:20 PM 1/30/03 -0800, Chris Low wrote:
After rebooting sometimes I can't ping the firewall or log in via ssh, even if I didn't change any settings. Is this normal?No, of course not. It indicates some sort of error. The nature of the ssh and ping failures (and which interface they are on) might help to pin it down, as would the other standard info you already seem to know how to provide.
A. The "external" ISP's router is on network 192.168.1.0/24 and provides DHCP leases for at least a portion of that network.Okay, this makes more sense. The ISP's router assigns everything from 192.168.1.1 through 192.168.1.255, so we should change the entire subnet that Dachstein will assign right?
B. The Dachstein router is configured to use 192.168.1.0/24, the same network, and to provide DHCP leases for at least a portion of that network on its internal interface.
To fix this, you need to change the internal network that Dachstein uses. I've been away from Dach for long enough that I forget the name of the file it keeps its basic config info in ... it will be something like /etc/network.conf . But find that file, look in it for the one or several places where 192.168.1.*/24 addresses are associated with the internal interface or network, and change them to some non-conflicting value. Then save and reboot (including restarting networiing on the NT server, so it gets a new lease on the new network).Okay, in /etc/network.conf I changed the following values:
Interfaces:
eth1_IPADDR=10.10.10.1
eth1_MASKLEN=24
eth1_BROADCAST=10.10.10.255
Internal Interface
INTERN_IF="eth1"
INTERN_NET=10.10.10.0/24
INTERN_IP=10.10.10.254
Those were all the instances of 192.168.x.x that I could find associated with eth1. I can send a copy of the entire network.conf file if you like.
No, no need. Your procedure seems sound.
[...]
So I rebooted the server and now I can no longer get it to assign the NT machine an ip address. I used "ipconfig /release" followed by "ipconfig /renew" and it said "Error: DHCP Server Unavailable: Renewing adapter CpqNF31"This no doubt means to need to edit the config files for the router's DHCP server so that app knows about the change in internal-interface network. Charles' message in this thread told you, in general terms, what you need to do for this.
But before bothering with that, I (were I in your position) would just assign a suitable, static address to the NT host by hand, and use it to test the router as a router (rather than as a DHCP server). Once routing works, you can then fix DHCP at your convenience.
Of course. If the NT host did not get a DHCP lease, it probably gave itself one of those phony 169.something_or_other self-assigned IP addresses. Its routing table would not know how to find 10.10.10.1.Ping from NT to 10.10.10.1 (new address of eth1) Destination host unreachable.
Firewall can ping eth1, eth0, and 208.57.96.252
Here's the new output files:
ip addr show
1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: ipsec0: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
3: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
4: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
5: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
6: brg0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
link/ether fe:fd:09:00:4a:4a brd ff:ff:ff:ff:ff:ff
7: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:47:01:98:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.39/24 brd 192.168.1.255 scope global eth0
8: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:47:01:a0:7a brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.10.10.255 scope global eth1
This looks good.
ip route show 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.39 10.10.10.0/24 dev eth1 proto kernel scope link src 10.10.10.1 default via 192.168.1.1 dev eth0
Also looks good. As does the ipchains ruleset you provided (deleted here). [...] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
