Re: [Vyatta-users] I feel very 'lost' & forgotten
Nevermind.
I apparently blacked out and didn't see the other ethernet interface.
Ignore that post.
Keith Steensma wrote:
> Third octet of 192.168.1.1? It does work as planed with John's
> correction. Did I miss something else? Keith
>
> Wink wrote:
>> Also the next-hop is in a different subnet than the ethernet
>> interface. Look at the third octet.
>>
>> John Gong wrote:
>>> Hi Keith,
>>>
>>> After a quick glance, I see that your default route needs to be
>>> corrected:
>>>
>>> delete protocols static route 0.0.0.0/24
>>> set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
>>>
>>> Give that a try and please let us know if it worked.
>>>
>>> Regards,
>>>
>>> John
>>>
>>> Keith Steensma wrote:
>>>
I have been trying to get VC3 to work as a firewall in our office
(and I have monitoring the mailing list for some months) but have
come up against a problem that I can't figure out. The
'production' VC3 (by following the Vyatta Eval Guide exactly) does
not communicate out on the web (no matter what I try to do).
Finally, I went back to the training video on 'Vyatta Routing
Basics' and followed along with that video (step by single step).
That does not work either. I can't ping the internet.
The situation is -
I have an online web server (a Debian box handling 4 web sites)
attached (through a switch) to a Comcast (SMC 8014) business
gateway (that's what they call it; I call it a
modem/firewall/router) that supplies the office with 5 static
incoming IPs and 1 outgoing IP. I have other Windows (wired and
wireless) and Linux systems attached through a 16 port (unmanaged)
switch (same as above). All the Windows and Linux boxes work just
fine except for the Vyatta box.
Doing it 'by the video', I configure eth1 (of the VC3 box) for a
static IP (192.168.1.150/24), designate the next-hop to be
192.168.1.1 (the SMC router), and setup a dns entry pointing at our
dns server (192.168.1.253), Vyatta cannot ping the internet. It can
ping every other box on the 192.168.0.0 network (including the
gateway @ IP of 192.168.1.1). If I ping (from the Vyatta vox) to
Google as a IP address or a http name, it returns 'Network is
unreachable'. When I 'dig host.internal.lan' (an internal name) or
'dig www.google.com', I get the correct results (dns is working?).
When I ping (or browse the web) from any other machine, everything
works fine.
The problem seems to be in the Comcast gateway but I don't see
anything wrong anywhere.
Here's the basic setup config (eth0 would go to a separate subnet
eventually).
Keith Steensma
protocols {
static {
disable: false
route 0.0.0.0/24 {
next-hop: 192.168.1.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:50:04:ae:70:26
duplex: "auto"
speed: "auto"
address 192.168.0.150 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:48:54:8a:63:00
duplex: "auto"
speed: "auto"
address 192.168.1.150 {
prefix-length: 24
disable: false
}
}
}
service {
ssh {
port: 22
protocol-version: "v2"
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
}
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>
>>> ___
>>> Vyatta-users mailing list
>>> Vyatta-users@mailman.vyatta.com
>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>
>>>
>>>
>>
>
>
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I feel very 'lost' & forgotten
Also the next-hop is in a different subnet than the ethernet interface.
Look at the third octet.
John Gong wrote:
> Hi Keith,
>
> After a quick glance, I see that your default route needs to be corrected:
>
> delete protocols static route 0.0.0.0/24
> set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
>
> Give that a try and please let us know if it worked.
>
> Regards,
>
> John
>
> Keith Steensma wrote:
>
>> I have been trying to get VC3 to work as a firewall in our office (and
>> I have monitoring the mailing list for some months) but have come up
>> against a problem that I can't figure out. The 'production' VC3 (by
>> following the Vyatta Eval Guide exactly) does not communicate out on the
>> web (no matter what I try to do). Finally, I went back to the training
>> video on 'Vyatta Routing Basics' and followed along with that video
>> (step by single step). That does not work either. I can't ping the
>> internet.
>>
>> The situation is -
>> I have an online web server (a Debian box handling 4 web sites) attached
>> (through a switch) to a Comcast (SMC 8014) business gateway (that's what
>> they call it; I call it a modem/firewall/router) that supplies the
>> office with 5 static incoming IPs and 1 outgoing IP. I have other
>> Windows (wired and wireless) and Linux systems attached through a 16
>> port (unmanaged) switch (same as above). All the Windows and Linux
>> boxes work just fine except for the Vyatta box.
>>
>> Doing it 'by the video', I configure eth1 (of the VC3 box) for a static
>> IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC
>> router), and setup a dns entry pointing at our dns server
>> (192.168.1.253), Vyatta cannot ping the internet. It can ping every
>> other box on the 192.168.0.0 network (including the gateway @ IP of
>> 192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address
>> or a http name, it returns 'Network is unreachable'. When I 'dig
>> host.internal.lan' (an internal name) or 'dig www.google.com', I get the
>> correct results (dns is working?). When I ping (or browse the web) from
>> any other machine, everything works fine.
>>
>> The problem seems to be in the Comcast gateway but I don't see anything
>> wrong anywhere.
>>
>> Here's the basic setup config (eth0 would go to a separate subnet
>> eventually).
>>
>> Keith Steensma
>>
>> protocols {
>> static {
>> disable: false
>> route 0.0.0.0/24 {
>> next-hop: 192.168.1.1
>> metric: 1
>> }
>> }
>> }
>> policy {
>> }
>> interfaces {
>> restore: false
>> loopback lo {
>> description: ""
>> }
>> ethernet eth0 {
>> disable: false
>> discard: false
>> description: ""
>> hw-id: 00:50:04:ae:70:26
>> duplex: "auto"
>> speed: "auto"
>> address 192.168.0.150 {
>> prefix-length: 24
>> disable: false
>> }
>> }
>> ethernet eth1 {
>> disable: false
>> discard: false
>> description: ""
>> hw-id: 00:48:54:8a:63:00
>> duplex: "auto"
>> speed: "auto"
>> address 192.168.1.150 {
>> prefix-length: 24
>> disable: false
>> }
>> }
>> }
>> service {
>> ssh {
>> port: 22
>> protocol-version: "v2"
>> }
>> webgui {
>> http-port: 80
>> https-port: 443
>> }
>> }
>> firewall {
>> log-martians: "enable"
>> send-redirects: "disable"
>> receive-redirects: "disable"
>> ip-src-route: "disable"
>> broadcast-ping: "disable"
>> syn-cookies: "enable"
>> }
>>
>> ___
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
>
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I feel very 'lost' & forgotten
Hi Keith,
After a quick glance, I see that your default route needs to be corrected:
delete protocols static route 0.0.0.0/24
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
Give that a try and please let us know if it worked.
Regards,
John
Keith Steensma wrote:
> I have been trying to get VC3 to work as a firewall in our office (and
> I have monitoring the mailing list for some months) but have come up
> against a problem that I can't figure out. The 'production' VC3 (by
> following the Vyatta Eval Guide exactly) does not communicate out on the
> web (no matter what I try to do). Finally, I went back to the training
> video on 'Vyatta Routing Basics' and followed along with that video
> (step by single step). That does not work either. I can't ping the
> internet.
>
> The situation is -
> I have an online web server (a Debian box handling 4 web sites) attached
> (through a switch) to a Comcast (SMC 8014) business gateway (that's what
> they call it; I call it a modem/firewall/router) that supplies the
> office with 5 static incoming IPs and 1 outgoing IP. I have other
> Windows (wired and wireless) and Linux systems attached through a 16
> port (unmanaged) switch (same as above). All the Windows and Linux
> boxes work just fine except for the Vyatta box.
>
> Doing it 'by the video', I configure eth1 (of the VC3 box) for a static
> IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC
> router), and setup a dns entry pointing at our dns server
> (192.168.1.253), Vyatta cannot ping the internet. It can ping every
> other box on the 192.168.0.0 network (including the gateway @ IP of
> 192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address
> or a http name, it returns 'Network is unreachable'. When I 'dig
> host.internal.lan' (an internal name) or 'dig www.google.com', I get the
> correct results (dns is working?). When I ping (or browse the web) from
> any other machine, everything works fine.
>
> The problem seems to be in the Comcast gateway but I don't see anything
> wrong anywhere.
>
> Here's the basic setup config (eth0 would go to a separate subnet
> eventually).
>
> Keith Steensma
>
> protocols {
> static {
> disable: false
> route 0.0.0.0/24 {
> next-hop: 192.168.1.1
> metric: 1
> }
> }
> }
> policy {
> }
> interfaces {
> restore: false
> loopback lo {
> description: ""
> }
> ethernet eth0 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:50:04:ae:70:26
> duplex: "auto"
> speed: "auto"
> address 192.168.0.150 {
> prefix-length: 24
> disable: false
> }
> }
> ethernet eth1 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:48:54:8a:63:00
> duplex: "auto"
> speed: "auto"
> address 192.168.1.150 {
> prefix-length: 24
> disable: false
> }
> }
> }
> service {
> ssh {
> port: 22
> protocol-version: "v2"
> }
> webgui {
> http-port: 80
> https-port: 443
> }
> }
> firewall {
> log-martians: "enable"
> send-redirects: "disable"
> receive-redirects: "disable"
> ip-src-route: "disable"
> broadcast-ping: "disable"
> syn-cookies: "enable"
> }
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] I feel very 'lost' & forgotten
I have been trying to get VC3 to work as a firewall in our office (and
I have monitoring the mailing list for some months) but have come up
against a problem that I can't figure out. The 'production' VC3 (by
following the Vyatta Eval Guide exactly) does not communicate out on the
web (no matter what I try to do). Finally, I went back to the training
video on 'Vyatta Routing Basics' and followed along with that video
(step by single step). That does not work either. I can't ping the
internet.
The situation is -
I have an online web server (a Debian box handling 4 web sites) attached
(through a switch) to a Comcast (SMC 8014) business gateway (that's what
they call it; I call it a modem/firewall/router) that supplies the
office with 5 static incoming IPs and 1 outgoing IP. I have other
Windows (wired and wireless) and Linux systems attached through a 16
port (unmanaged) switch (same as above). All the Windows and Linux
boxes work just fine except for the Vyatta box.
Doing it 'by the video', I configure eth1 (of the VC3 box) for a static
IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC
router), and setup a dns entry pointing at our dns server
(192.168.1.253), Vyatta cannot ping the internet. It can ping every
other box on the 192.168.0.0 network (including the gateway @ IP of
192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address
or a http name, it returns 'Network is unreachable'. When I 'dig
host.internal.lan' (an internal name) or 'dig www.google.com', I get the
correct results (dns is working?). When I ping (or browse the web) from
any other machine, everything works fine.
The problem seems to be in the Comcast gateway but I don't see anything
wrong anywhere.
Here's the basic setup config (eth0 would go to a separate subnet
eventually).
Keith Steensma
protocols {
static {
disable: false
route 0.0.0.0/24 {
next-hop: 192.168.1.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:50:04:ae:70:26
duplex: "auto"
speed: "auto"
address 192.168.0.150 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:48:54:8a:63:00
duplex: "auto"
speed: "auto"
address 192.168.1.150 {
prefix-length: 24
disable: false
}
}
}
service {
ssh {
port: 22
protocol-version: "v2"
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
}
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Fractional T3 configuration?
Hi - Our ISP is providing a F-T3. I am using the Sangoma A301 and need to set the "bandwidth" used to 40300 but I can't find how to configure this. Does anyone have experience with this? Thanks, Chad ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
