I have been trying to get VC3 to work as a firewall in our office (and
I have monitoring the mailing list for some months) but have come up
against a problem that I can't figure out. The 'production' VC3 (by
following the Vyatta Eval Guide exactly) does not communicate out on the
web (no matter what I try to do). Finally, I went back to the training
video on 'Vyatta Routing Basics' and followed along with that video
(step by single step). That does not work either. I can't ping the
internet.
The situation is -
I have an online web server (a Debian box handling 4 web sites) attached
(through a switch) to a Comcast (SMC 8014) business gateway (that's what
they call it; I call it a modem/firewall/router) that supplies the
office with 5 static incoming IPs and 1 outgoing IP. I have other
Windows (wired and wireless) and Linux systems attached through a 16
port (unmanaged) switch (same as above). All the Windows and Linux
boxes work just fine except for the Vyatta box.
Doing it 'by the video', I configure eth1 (of the VC3 box) for a static
IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC
router), and setup a dns entry pointing at our dns server
(192.168.1.253), Vyatta cannot ping the internet. It can ping every
other box on the 192.168.0.0 network (including the gateway @ IP of
192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address
or a http name, it returns 'Network is unreachable'. When I 'dig
host.internal.lan' (an internal name) or 'dig www.google.com', I get the
correct results (dns is working?). When I ping (or browse the web) from
any other machine, everything works fine.
The problem seems to be in the Comcast gateway but I don't see anything
wrong anywhere.
Here's the basic setup config (eth0 would go to a separate subnet
eventually).
Keith Steensma
protocols {
static {
disable: false
route 0.0.0.0/24 {
next-hop: 192.168.1.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description: ""
}
ethernet eth0 {
disable: false
discard: false
description: ""
hw-id: 00:50:04:ae:70:26
duplex: "auto"
speed: "auto"
address 192.168.0.150 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:48:54:8a:63:00
duplex: "auto"
speed: "auto"
address 192.168.1.150 {
prefix-length: 24
disable: false
}
}
}
service {
ssh {
port: 22
protocol-version: "v2"
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: "enable"
send-redirects: "disable"
receive-redirects: "disable"
ip-src-route: "disable"
broadcast-ping: "disable"
syn-cookies: "enable"
}
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
