Nevermind.
I apparently blacked out and didn't see the other ethernet interface.
Ignore that post.
Keith Steensma wrote:
> Third octet of 192.168.1.1? It does work as planed with John's
> correction. Did I miss something else? Keith
>
> Wink wrote:
>> Also the next-hop is in a different subnet than the ethernet
>> interface. Look at the third octet.
>>
>> John Gong wrote:
>>> Hi Keith,
>>>
>>> After a quick glance, I see that your default route needs to be
>>> corrected:
>>>
>>> delete protocols static route 0.0.0.0/24
>>> set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
>>>
>>> Give that a try and please let us know if it worked.
>>>
>>> Regards,
>>>
>>> John
>>>
>>> Keith Steensma wrote:
>>>
>>>> I have been trying to get VC3 to work as a firewall in our office
>>>> (and I have monitoring the mailing list for some months) but have
>>>> come up against a problem that I can't figure out. The
>>>> 'production' VC3 (by following the Vyatta Eval Guide exactly) does
>>>> not communicate out on the web (no matter what I try to do).
>>>> Finally, I went back to the training video on 'Vyatta Routing
>>>> Basics' and followed along with that video (step by single step).
>>>> That does not work either. I can't ping the internet.
>>>>
>>>> The situation is -
>>>> I have an online web server (a Debian box handling 4 web sites)
>>>> attached (through a switch) to a Comcast (SMC 8014) business
>>>> gateway (that's what they call it; I call it a
>>>> modem/firewall/router) that supplies the office with 5 static
>>>> incoming IPs and 1 outgoing IP. I have other Windows (wired and
>>>> wireless) and Linux systems attached through a 16 port (unmanaged)
>>>> switch (same as above). All the Windows and Linux boxes work just
>>>> fine except for the Vyatta box.
>>>>
>>>> Doing it 'by the video', I configure eth1 (of the VC3 box) for a
>>>> static IP (192.168.1.150/24), designate the next-hop to be
>>>> 192.168.1.1 (the SMC router), and setup a dns entry pointing at our
>>>> dns server (192.168.1.253), Vyatta cannot ping the internet. It can
>>>> ping every other box on the 192.168.0.0 network (including the
>>>> gateway @ IP of 192.168.1.1). If I ping (from the Vyatta vox) to
>>>> Google as a IP address or a http name, it returns 'Network is
>>>> unreachable'. When I 'dig host.internal.lan' (an internal name) or
>>>> 'dig www.google.com', I get the correct results (dns is working?).
>>>> When I ping (or browse the web) from any other machine, everything
>>>> works fine.
>>>>
>>>> The problem seems to be in the Comcast gateway but I don't see
>>>> anything wrong anywhere.
>>>>
>>>> Here's the basic setup config (eth0 would go to a separate subnet
>>>> eventually).
>>>>
>>>> Keith Steensma
>>>>
>>>> protocols {
>>>> static {
>>>> disable: false
>>>> route 0.0.0.0/24 {
>>>> next-hop: 192.168.1.1
>>>> metric: 1
>>>> }
>>>> }
>>>> }
>>>> policy {
>>>> }
>>>> interfaces {
>>>> restore: false
>>>> loopback lo {
>>>> description: ""
>>>> }
>>>> ethernet eth0 {
>>>> disable: false
>>>> discard: false
>>>> description: ""
>>>> hw-id: 00:50:04:ae:70:26
>>>> duplex: "auto"
>>>> speed: "auto"
>>>> address 192.168.0.150 {
>>>> prefix-length: 24
>>>> disable: false
>>>> }
>>>> }
>>>> ethernet eth1 {
>>>> disable: false
>>>> discard: false
>>>> description: ""
>>>> hw-id: 00:48:54:8a:63:00
>>>> duplex: "auto"
>>>> speed: "auto"
>>>> address 192.168.1.150 {
>>>> prefix-length: 24
>>>> disable: false
>>>> }
>>>> }
>>>> }
>>>> service {
>>>> ssh {
>>>> port: 22
>>>> protocol-version: "v2"
>>>> }
>>>> webgui {
>>>> http-port: 80
>>>> https-port: 443
>>>> }
>>>> }
>>>> firewall {
>>>> log-martians: "enable"
>>>> send-redirects: "disable"
>>>> receive-redirects: "disable"
>>>> ip-src-route: "disable"
>>>> broadcast-ping: "disable"
>>>> syn-cookies: "enable"
>>>> }
>>>>
>>>> _______________________________________________
>>>> Vyatta-users mailing list
>>>> Vyatta-users@mailman.vyatta.com
>>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>>
>>>
>>> _______________________________________________
>>> Vyatta-users mailing list
>>> Vyatta-users@mailman.vyatta.com
>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>
>>>
>>>
>>
>
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
