Do you have IP forwarding turned on? echo 1 > /proc/sys/net/ipv4/ip_forward
At 15:46 4/06/2002 +0200, Davi Leal wrote: >Hi there, > >We have an ISP: email, web, ftp, dns and radius servers. I'm trying to >replace an old firewall (2.0.x kernel) with a new one (2.4.18 kernel). I am >using the 'mimic' strategy, that is to say, getting the same routing table, >... etc. > >*The problem*: The current "new firewall" configuration can not forward any >package. Note that iptables is stopped and all policy (INPUT, OUTPUT & >FORWARD) are set to ACCEPT. I think it is because of the routing table. > > > >I have eth0 and eth1. With the below /etc/network/interfaces' file I get two >lines in the router table. > >Kernel IP routing table >Destination Gateway Genmask Flags Metric Ref Use >Iface >194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > ># /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) ># The loopback interface >auto lo >iface lo inet loopback ># The first network card - this entry was created during the Debian >installation ># (network, broadcast and gateway are optional) >auto eth0 >iface eth0 inet static > address 194.224.7.9 > netmask 255.255.255.0 > network 194.224.7.0 > broadcast 194.224.7.255 > gateway 194.224.7.1 >auto eth1 >iface eth1 inet static > address 194.224.7.10 > netmask 255.255.255.0 > network 194.224.7.0 > broadcast 194.224.7.255 > > > >Adding some routing rules to the previous 'interfaces' file (see attached >file), to mimic the old firewall routing table I get the below: > >Kernel IP routing table >Destination Gateway Genmask Flags Metric Ref Use >Iface >10.128.114.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 >194.224.7.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 >10.128.114.4 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 >194.224.7.9 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 >194.224.7.90 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 >127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo >194.224.7.0 0.0.0.0 255.255.255.128 U 0 0 0 eth1 >194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 <--- >194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 <--- >0.0.0.0 194.224.7.1 0.0.0.0 UG 0 0 0 eth0 > > >In the old system I have the same but without these two lines below. Is this >the cause of the system not forwarding any package?. How could modigy the >'interfaces' file to remove these two lines?. See attached the >'/etc/network/interfaces '. > >194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > >Regards, >Davi Leal > > > > > >-- ># /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) > ># The loopback interface >auto lo >iface lo inet loopback >up route add 127.0.0.1 dev lo > ># The first network card - this entry was created during the Debian >installation ># (network, broadcast and gateway are optional) > > ># eth0 goes to outside (Internet) >auto eth0 >iface eth0 inet static > address 194.224.7.9 > netmask 255.255.255.0 > network 194.224.7.0 > broadcast 194.224.7.255 > # Default route to Internet via eth0 > gateway 194.224.7.1 ># Route to go to the Cisco 194.224.7.1 via eth0 >up route add 194.224.7.1 dev eth0 ># Route to go to Tunels Server 194.224.7.90 via eth0 >up route add 194.224.7.90 dev eth0 ># Route to go to internal firewall network card >up route add 194.224.7.9 dev eth0 > > ># eth1 goes to the internal network >auto eth1 >iface eth1 inet static > address 194.224.7.10 > netmask 255.255.255.0 > network 194.224.7.0 > broadcast 194.224.7.255 > # gateway 194.224.7.1 ># Route to 194.224.7.0/128 via eth1 >up route add -net 194.224.7.0 netmask 255.255.255.128 dev eth1 ># Route to Radius server via eth1 >up route add 10.128.114.2 dev eth1 ># Route to 'Telefonica Infovia' via eth1 >up route add 10.128.114.4 dev eth1 > > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]