On Wed, 17 May 2006 15:15:49 +1200 Volker Kuhlmann wrote: > > Bug 1: it never accepts pings from internal,server, or outside (just logs > > and dumps). > > Wrong. > > PING 192.168.3.5 (192.168.3.5) 56(84) bytes of data. > > 64 bytes from 192.168.3.5: icmp_seq=1 ttl=127 time=0.502 ms > > > What netmasks are you using? Default for 10.x is class A which will > > screw your routing. > > I'm not that stupid ;) 255.255.255.240, so I can test it all on the same > class C. The fact that all tcp are routed as expected, but the ping > responses fail to materialise, is a dead give-away. So is pings suddenly > working after adding corresponding iptables rules: nothing to do with > interface addresses or routing tables, only with dodgy iptables rules. > > I've just had a look at Endian firewall - based on ipcop. The pings just > work - yes on the same IP numbers and masks. The port forwarding and > pinholing masks are as badly designed as ipcop's (i.e., identical), in > many other places the BUI is much improved - dhcp server config is very > nice, and clearly distinguishes between interfaces (can't remember > whether ipcop even did that). Traffic shaping's not any better (only > works on external interface), but the outbound filtering setup is good, > and as I expect from any router worth mentioning. Nice SMTP proxy too, > by the looks of the BUI.
I have to say that I have different results for the ping responses, mine are in line with Steve and contrary to yours. Dunno why. Perhaps it doesn't like your IP addressing scheme, as suggested by Steve. Maybe somehow it is substituting its own netmasks based on what it thinks are the right ones, and it just doesn't get CIDR. Who knows! Have you checked with the command line that the netmasks assigned to the interfaces are what you sopecified and not what ipcop thinks is right? I have heard endian is good, must look into it. -- Nick Rout <[EMAIL PROTECTED]>
