Thank you. This was indeed part of the problem. The other part was a typo, but this was required to make things work.
My thanks also go to everyone who offered suggestions, even though those ideas may not have applied to my problem. I hope someone was able to benefit from them. Best Regards, David H. Silber On Tue, Jun 27, 2000 at 04:34:19PM -0400, Lee Bradshaw wrote: > Did you have some way to set up host routes on the DSL router? If not, > the router may not know how to send packets to anything but the > firewall's external address. That is, the DSL router may be think all > the network address are reachable without going through a gateway and > may be requesting the MAC address associated with the IP addresses. > You can try tcpdump to see if that's happening. You can also set up > proxy arp on the firewall machine. Then the firewall will supply it's > MAC address whenever the DSL router wants to send a packet to ip > addresses on the internal network. The firewall should be able to > properly route the packets once it receives them from the DSL router. > Something like: > > # proxy arp for internal addresses or dsl router can't find them > arp -i eth0 -Ds x.x.x.99 eth1 pub > arp -i eth0 -Ds x.x.x.100 eth1 pub > arp -i eth0 -Ds x.x.x.101 eth1 pub > ... > > On Tue, Jun 27, 2000 at 03:31:24PM -0400, David H. Silber wrote: > > > > Hi Folks, > > > > I have a routing problem that may or may not be firewall-related. > > > > I have been assigned a block of 32 routable IP addresses for my new DSL > > connection. One of these addresses is the address of the DSL router. > > I need to be able to make the default route from the firewall be the > > DSL router. > > > > As shown below, I can not get through the firewall. > > > > Am I missing something obvious? > > > > Ask, if you need more information. > > > > Thanks, > > David > > > > > > My setup is as follows: > > x.x.x.96 Assigned network. > > x.x.x.97 DSL Router. > > x.x.x.98 Firewall's outside Ethernet card. > > x.x.x.99 Firewall's inside Ethernet card. > > x.x.x.100 through x.x.x.126 Various hosts(*). > > x.x.x.127 Broadcast. > > y.y.y.32 Old network addresses (on same internal Ethernet). > > > > x.x.x.* Are the routable addresses assigned by the DSL company. > > y.y.y.* Are the routable addresses that are routed through my older, > > slower connection. > > > > (*) These hosts are connected to the firewall's inside Ethernet card > > and have routable addresses. There will also be hosts with non-routable > > addresses on the internal network. > > > > > > > > I have this routing set up on the firewall (kernel 2.2.5): > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > x.x.x.97 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 > > x.x.x.96 0.0.0.0 255.255.255.224 U 0 0 0 eth1 > > y.y.y.32 0.0.0.0 255.255.255.224 U 0 0 0 eth1 > > 0.0.0.0 x.x.x.97 0.0.0.0 UG 0 0 0 eth0 > > > > I have turned on forwarding (echo "1" > /proc/sys/net/ipv4/ip_forward) on > > the firewall in /etc/init.d/network. > > > > I have not yet touched the default ipchains configuration: > > # ipchains -L input > > Chain input (policy ACCEPT): > > # ipchains -L output > > Chain output (policy ACCEPT): > > # ipchains -L forward > > Chain forward (policy ACCEPT): > > > > From the firewall, I can ping to hosts on the y.y.y.32 network, the > > x.x.x.96 network and the outside world. > > > > > > > > I have this routing set up on x.x.x.110 (kernel 2.2.14): > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > x.x.x.97 x.x.x.99 255.255.255.255 UGH 0 0 0 eth0 > > 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo > > x.x.x.96 0.0.0.0 255.255.255.224 U 0 0 0 eth0 > > 0.0.0.0 x.x.x.99 0.0.0.0 UG 1 0 0 eth0 > > > > From host x.x.x.110, I can ping hosts on the x.x.x.96 network, but not > > the DSL router, or anything outside of it. > > > > $ traceroute -Inv x.x.x.99 > > traceroute to x.x.x.99 (x.x.x.99), 30 hops max, 38 byte packets > > 1 x.x.x.99 18 bytes to x.x.x.110 0.718 ms 0.600 ms 0.588 ms > > > > $ traceroute -Inv x.x.x.98 > > traceroute to x.x.x.98 (x.x.x.98), 30 hops max, 38 byte packets > > 1 x.x.x.98 18 bytes to x.x.x.110 1.428 ms 0.605 ms 0.596 ms > > > > $ traceroute -Inv x.x.x.97 > > traceroute to x.x.x.97 (x.x.x.97), 30 hops max, 38 byte packets > > 1 x.x.x.99 66 bytes to x.x.x.110 0.962 ms 0.657 ms 0.645 ms > > 2 * * * > > 3 * * * > > . > > . > > . > > 29 * * * > > 30 * * *
