Thank you Matt & David for you replies. Let me see if I can provide some more information for you.
I do not have any firewall enabled, nor is ipchains installed - the router is wide open. eth0 is the outside interface - I am sure. From the router I can ping anything anywhere, by IP and by FQDN. I have enabled both interfaces to respond to ICMP, and like I said in my first post I can ping both of the interfaces (eth0 & eth1) from the router itself, I can ping the external interface (eth0) from the DSL router in front of it, and I can ping the internal interface (eth1) from the workstation behind it. When I say that ping "fails" when I attempt to ping the internal interface of the DSL router from the workstation behind the LEAF router I mean that there is 100% packet loss - in other words ping just sits there until I issue an interrupt at which point is shows the following message: workstation:/root # ping 192.168.68.1 PING 192.168.68.1 (192.168.68.1): 56 data bytes --- 192.168.68.1 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss Here is the output of the commands you requested: # lsmod Module Size Used by ip_masq_autofw 2432 0 (unused) ip_masq_portfw 2416 0 (unused) smc-ultra 4168 2 8390 6340 0 [smc-ultra] #which ipmasqadm /usr/sbin/ipmasqadm Please let me know if there is more info I can include in the troubleshooting report and thanks for all your attention so far. Greg R --- Matt Schalit <[EMAIL PROTECTED]> wrote: > Ray Olszewski wrote: > > > > <sigh> We need a FAQ answer for this one too (or do we have one?). > > > > LEAF basic firewalls by default block ALL private-address traffic on > the > > external interface. (At least Dachstein and Eigerstein do, and I think > > Oxygen is the same in that regard.) > > Nope. Oxygen has zero ipchains rules by default. > In fact, you'd be hard pressed to even find ipchains > on the boot diskette :) > > But then again, it's meant to load from more than > one diskette, network, cdrom, ftp, tftp, whatever. > You can squeeze ipchains.lrp on the first diskette > though. But that's another thread. > > As far as Greg's question goes, he's done a good > job so far and made a good post. But he left > out a few things like the output of > > [ which ipchains ] && ipchains -L -v -n || echo "Doh!" > lsmod > which ipmasqadm > > I realize that's along the lines of your post, though :) > We just don't know if he's even has ipchains yet. > > (And the arp cache listing from the 192.168.1.50 would help > along with the exact failed ping output.) > > Best, > Matthew ~ __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
