Hi, i have a Debian (testing) machine as a firewall (named arthur) with 2 nics, eth0 that is connected to the internet and gets an ip of the ISP via DHCP and eth1 which serves ip's for the lan and has ip 192.168.0.1. Currently there is only 1 other pc (named lancelot) besides the firewall machine in the network. It gets ip 192.168.0.10 from the DHCP server on the firewall.
WORKS: ping from firewall to net ping from lan to net surfing net from lan DOESN'T WORK: ping from firewall to lan ping from lan to firewall I have disabled the iptables firewall on the firewall machine to be sure that this isn't it. Result is the same. The iptables script has ipforwarding enabled and uses a postrouting rule for masqueing. I have log rules for everything yet i don't see anything in /var/log/messages. I have also moved the files /etc/hosts.allow and /etc/hosts.deny ( i later want to be able to ssh to the firewall from the lan and these files are checked by sshd) I checked the FAQ, the Debian reference and google and couldn't seem to find an answer. Anybody knows what it could be? I have attached some conf files. ================ 1. /proc/devices ================ PCI devices found: Bus 0, device 0, function 0: Host bridge:Intel Corp. 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (rev 3). Master Capable. Latency=32. Prefetchable 32 bit memory at 0xd0000000 [0xd3ffffff]. Bus 0, device 1, function 0: PCI bridge: Intel Corp. 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge (rev 3). Master Capable. Latency=64. Min Gnt=128. Bus 0, device 7, function 0: ISA bridge: Intel Corp. 82371AB/EB/MB PIIX4 ISA (rev 2). Bus 0, device 7, function 1: IDE interface: Intel Corp. 82371AB/EB/MB PIIX4 IDE (rev 1). Master Capable. Latency=32. I/O at 0xf000 [0xf00f]. Bus 0, device 7, function 2: USB Controller: Intel Corp. 82371AB/EB/MB PIIX4 USB (rev 1). IRQ 11. Master Capable. Latency=32. I/O at 0xe000 [0xe01f]. Bus 0, device 7, function 3: Bridge: Intel Corp. 82371AB/EB/MB PIIX4 ACPI (rev 2). IRQ 9. Bus 0, device 11, function 0: VGA compatible controller:nVidia CorporationRIVA TNT2 Model 64 (rev 21). IRQ 3. Master Capable. Latency=32. Min Gnt=5.Max Lat=1. Non-prefetchable 32 bit memory at 0xd6000000 [0xd6ffffff]. Prefetchable 32 bit memory at 0xd4000000 [0xd5ffffff]. Bus 0, device 13, function 0: Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 16). IRQ 5. Master Capable. Latency=32. Min Gnt=32.Max Lat=64. I/O at 0xe400 [0xe4ff]. Non-prefetchable 32 bit memory at 0xd8000000 [0xd80000ff]. Bus 0, device 15, function 0: Ethernet controller: Accton Technology Corporation SMC2-1211TX (rev 16). IRQ 10. Master Capable. Latency=32. Min Gnt=32.Max Lat=64. I/O at 0xe800 [0xe8ff]. Non-prefetchable 32 bit memory at 0xd8001000 [0xd80010ff]. Bus 0, device 17, function 0: SCSI storage controller: Adaptec AHA-2940U/UW/D / AIC-7881U (rev 0). IRQ 11. Master Capable. Latency=32. Min Gnt=8.Max Lat=8. I/O at 0xec00 [0xecff]. Non-prefetchable 32 bit memory at 0xd8002000 [0xd8002fff]. ================== 2. /proc/interupts ================== CPU0 0: 312415 XT-PIC timer 1: 8414 XT-PIC keyboard 2: 0 XT-PIC cascade 5: 11223 XT-PIC eth0 6: 77 XT-PIC floppy 8: 1 XT-PIC rtc 10: 1355 XT-PIC eth1 11: 68 XT-PIC aic7xxx, usb-uhci 14: 14271 XT-PIC ide0 NMI: 0 LOC: 312385 ERR: 0 MIS: 0 =========== 3. ifconfig =========== eth0 Link encap:Ethernet HWaddr 00:20:18:A0:6A:27 inet addr:x.x.x.x Bcast:255.255.255.255 Mask:255.255.240.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8318 errors:0 dropped:0 overruns:0 frame:0 TX packets:799 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:828044 (808.6 KiB) TX bytes:97601 (95.3 KiB) Interrupt:5 Base address:0xb000 eth1 Link encap:Ethernet HWaddr 00:10:B5:40:DE:14 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:678 errors:0 dropped:0 overruns:0 frame:0 TX packets:747 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:88469 (86.3 KiB) TX bytes:342043 (334.0 KiB) Interrupt:10 Base address:0xd000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:80 errors:0 dropped:0 overruns:0 frame:0 TX packets:80 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9496 (9.2 KiB) TX bytes:9496 (9.2 KiB) x.x.x.x is the ip i get from the ISP ============================= 4. /etc/networking/interfaces ============================= auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 ========================== 5. /etc/networking/ifstate ========================== lo=lo eth0=eth0 eth1=eth1 ========================== 6. /etc/networking/options ========================== ip_forward=yes spoofprotect=yes syncookies=no ==================== 7. /etc/default/dhcp ==================== INTERFACES="eth1" ========================= 8. /etc/default/dhcp.conf ========================= subnet 192.168.0.0 netmask 255.255.255.0 { default-lease-time 86400; max-lease-time 86400; option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; option routers 192.168.0.1; option domain-name-servers 195.130.132.19, 195.130.132.20; option domain-name "camelot"; range 192.168.0.10 192.168.0.15; } ============= 9. /etc/hosts ============= 127.0.0.1 localhost 192.168.0.10 lancelot.camelot lancelot 192.168.0.1 arthur.camelot arthur ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ==================== 10. /etc/resolv.conf ==================== search ispnetwork.be nameserver x.y.z.a nameserver x.y.z.b Mentioned is the name of the isp's network and 2 nameservers from the network of the isp. ============================= 11. route table on arthur(FW) ============================= Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 x.x.x.x 0.0.0.0 255.255.240.0 U 0 0 0 eth0 0.0.0.0 x.y.z.c 0.0.0.0 UG 0 0 0 eth0 x.x.x.x is the ip of eth0 which was received through dhcp of isp. ================================ 12. route table on lancelot(LAN) ================================ Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 ================================================ 13. ping result from arthur(FW) to lancelot(LAN) ================================================ PING 192.168.0.10 (192.168.0.10): 56 data bytes ping: wrote 192.168.0.10 64 chars, ret=-1 ping: wrote 192.168.0.10 64 chars, ret=-1 ping: wrote 192.168.0.10 64 chars, ret=-1 --- 192.168.0.10 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss PING 192.168.0.10 (192.168.0.10): 56 data bytes ping: wrote 192.168.0.10 64 chars, ret=-1 ping: wrote 192.168.0.10 64 chars, ret=-1 ping: wrote 192.168.0.10 64 chars, ret=-1 --- 192.168.0.10 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss Thanks for any help, Benedict -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]