Hi Keith,
After a quick glance, I see that your default route needs to be corrected:
delete protocols static route 0.0.0.0/24
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
Give that a try and please let us know if it worked.
Regards,
John
Keith Steensma wrote:
> I have been trying to get VC3 to work as a firewall in our office (and
> I have monitoring the mailing list for some months) but have come up
> against a problem that I can't figure out. The 'production' VC3 (by
> following the Vyatta Eval Guide exactly) does not communicate out on the
> web (no matter what I try to do). Finally, I went back to the training
> video on 'Vyatta Routing Basics' and followed along with that video
> (step by single step). That does not work either. I can't ping the
> internet.
>
> The situation is -
> I have an online web server (a Debian box handling 4 web sites) attached
> (through a switch) to a Comcast (SMC 8014) business gateway (that's what
> they call it; I call it a modem/firewall/router) that supplies the
> office with 5 static incoming IPs and 1 outgoing IP. I have other
> Windows (wired and wireless) and Linux systems attached through a 16
> port (unmanaged) switch (same as above). All the Windows and Linux
> boxes work just fine except for the Vyatta box.
>
> Doing it 'by the video', I configure eth1 (of the VC3 box) for a static
> IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC
> router), and setup a dns entry pointing at our dns server
> (192.168.1.253), Vyatta cannot ping the internet. It can ping every
> other box on the 192.168.0.0 network (including the gateway @ IP of
> 192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address
> or a http name, it returns 'Network is unreachable'. When I 'dig
> host.internal.lan' (an internal name) or 'dig www.google.com', I get the
> correct results (dns is working?). When I ping (or browse the web) from
> any other machine, everything works fine.
>
> The problem seems to be in the Comcast gateway but I don't see anything
> wrong anywhere.
>
> Here's the basic setup config (eth0 would go to a separate subnet
> eventually).
>
> Keith Steensma
>
> protocols {
> static {
> disable: false
> route 0.0.0.0/24 {
> next-hop: 192.168.1.1
> metric: 1
> }
> }
> }
> policy {
> }
> interfaces {
> restore: false
> loopback lo {
> description: ""
> }
> ethernet eth0 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:50:04:ae:70:26
> duplex: "auto"
> speed: "auto"
> address 192.168.0.150 {
> prefix-length: 24
> disable: false
> }
> }
> ethernet eth1 {
> disable: false
> discard: false
> description: ""
> hw-id: 00:48:54:8a:63:00
> duplex: "auto"
> speed: "auto"
> address 192.168.1.150 {
> prefix-length: 24
> disable: false
> }
> }
> }
> service {
> ssh {
> port: 22
> protocol-version: "v2"
> }
> webgui {
> http-port: 80
> https-port: 443
> }
> }
> firewall {
> log-martians: "enable"
> send-redirects: "disable"
> receive-redirects: "disable"
> ip-src-route: "disable"
> broadcast-ping: "disable"
> syn-cookies: "enable"
> }
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
