At 04:10 PM 1/30/03 -0800, Chris Low wrote: [...]
now I can ping everything from the firewall, and get a 10.10.10 ip address for the NT boxWell ... do you have the router set to NAT (IP Masquerade) the internal network? If not, then the pings time out because the hosts being pinged do not know that the Dach router's external interface is their route to the 10.10.10.0/24 network. Or maybe they have firewall software that ignores private addresses other than the 192.168.1.0/24 network.
but still only eth1 from the NT box behind the firewall. everything else gets a "Request timed out" error.
What info would be helpful for you to get me to the next step?
You turn on NAT'ing somewhere in /etc/network.conf ... I forget the exact line, but Charles was always very good about how he named these setup variables, so it is probably pretty obvious.
BTW, to check whether you are NAT'ing for sure, look at your forward chain ("ipchains -nvL forward"). Look for a "masq" entry for the internal LAN on the external interface. In an earlier version of your setup, you had this rule, which I provide here only so you can see what you are looking for:
0 0 MASQ all ------ 0xFF 0x00 eth0 192.168.1.0/24 0.0.0.0/0 n/a
Next possibility: do you even have routing turned on in the router? Check with
cat /proc/sys/net/ipv4/ip_forward
It should return a "1". If it returns "0", you need to turn IP forwarding (routing in its most basic sense) on; that's a network.conf variable setting too.
If neither of those is it, then round up the usual suspects. That is, give us the standard diagnostics like you did before, and <sigh - I always hate to do this> send /etc/network.conf as well as (but NOT instead of) those details. Or read the LEAF-FAQ entries on interpreting ping failures; they are a bit out of date (especially for Bering users) but cover most of what a Dach user might need to know about this sort of troubleshooting.
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
