Also the next-hop is in a different subnet than the ethernet interface.
Look at the third octet.
John Gong wrote:
> Hi Keith,
>
> After a quick glance, I see that your default route needs to be corrected:
>
> delete protocols static route 0.0.0.0/24
> set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
>
> Give that a try and please let us know if it worked.
>
> Regards,
>
> John
>
> Keith Steensma wrote:
>
>> I have been trying to get VC3 to work as a firewall in our office (and
>> I have monitoring the mailing list for some months) but have come up
>> against a problem that I can't figure out. The 'production' VC3 (by
>> following the Vyatta Eval Guide exactly) does not communicate out on the
>> web (no matter what I try to do). Finally, I went back to the training
>> video on 'Vyatta Routing Basics' and followed along with that video
>> (step by single step). That does not work either. I can't ping the
>> internet.
>>
>> The situation is -
>> I have an online web server (a Debian box handling 4 web sites) attached
>> (through a switch) to a Comcast (SMC 8014) business gateway (that's what
>> they call it; I call it a modem/firewall/router) that supplies the
>> office with 5 static incoming IPs and 1 outgoing IP. I have other
>> Windows (wired and wireless) and Linux systems attached through a 16
>> port (unmanaged) switch (same as above). All the Windows and Linux
>> boxes work just fine except for the Vyatta box.
>>
>> Doing it 'by the video', I configure eth1 (of the VC3 box) for a static
>> IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC
>> router), and setup a dns entry pointing at our dns server
>> (192.168.1.253), Vyatta cannot ping the internet. It can ping every
>> other box on the 192.168.0.0 network (including the gateway @ IP of
>> 192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address
>> or a http name, it returns 'Network is unreachable'. When I 'dig
>> host.internal.lan' (an internal name) or 'dig www.google.com', I get the
>> correct results (dns is working?). When I ping (or browse the web) from
>> any other machine, everything works fine.
>>
>> The problem seems to be in the Comcast gateway but I don't see anything
>> wrong anywhere.
>>
>> Here's the basic setup config (eth0 would go to a separate subnet
>> eventually).
>>
>> Keith Steensma
>>
>> protocols {
>> static {
>> disable: false
>> route 0.0.0.0/24 {
>> next-hop: 192.168.1.1
>> metric: 1
>> }
>> }
>> }
>> policy {
>> }
>> interfaces {
>> restore: false
>> loopback lo {
>> description: ""
>> }
>> ethernet eth0 {
>> disable: false
>> discard: false
>> description: ""
>> hw-id: 00:50:04:ae:70:26
>> duplex: "auto"
>> speed: "auto"
>> address 192.168.0.150 {
>> prefix-length: 24
>> disable: false
>> }
>> }
>> ethernet eth1 {
>> disable: false
>> discard: false
>> description: ""
>> hw-id: 00:48:54:8a:63:00
>> duplex: "auto"
>> speed: "auto"
>> address 192.168.1.150 {
>> prefix-length: 24
>> disable: false
>> }
>> }
>> }
>> service {
>> ssh {
>> port: 22
>> protocol-version: "v2"
>> }
>> webgui {
>> http-port: 80
>> https-port: 443
>> }
>> }
>> firewall {
>> log-martians: "enable"
>> send-redirects: "disable"
>> receive-redirects: "disable"
>> ip-src-route: "disable"
>> broadcast-ping: "disable"
>> syn-cookies: "enable"
>> }
>>
>> _______________________________________________
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
