Eric =>
Please, let's keep this dialog on the list.
[EMAIL PROTECTED] wrote:
>
> My answers to your first questions:
>
> External interface (eth0): ##This info came from the ISP
> IP: 192.168.50.10
> Subnet mask: 255.255.255.0
> Mask #/length: 24
> Broadcast: 192.168.50.255
> Network address: 192.168.50.0
> Default gateway: 192.168.50.1
>
> Internal interface (eth1): ##I chose the values.
> IP: 192.168.0.1
> Subnet mask: 255.255.255.0
> Mask #/length: 24
> Broadcast: 192.168.0.255
> Network address: 192.168.0.0
>
> Host name: bigdog
> Domain: private.network ##The docs I read said I could leave this.
> DNS1: 207.191.50.10
> DNS2: 207.191.1.10
>
> Let me know if there's a smoking gun in this stuff that I've missed, or if
> you need other information, and I'll get it to you asap.
> Thanks a bunch!
>
> Eric Rogers
> NOMM
As Ray guessed, your router requires your external Dachstein interface
to be on a RFC 1918/1627/1597 block, reserved for private networking.
You have two (2) choices:
[1] Have the router reconfigured to pass through a public subnet. My
greatest concern, at this point, is that whatever NAT'ing that router
must be doing may interfere, now or in the future, with some network
activity inside the Dachstein network.
[2] Modify the Dachstein firewall rules accept this private network from
the router. To do this, you will need to create a file:
/etc/ipchains.input in which you need add this line:
$IPCH -I input -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i $EXTERN_IF
Also, create a file: /etc/ipchains.output in which you need add this
line:
$IPCH -I output -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i
$EXTERN_IF
At the moment, I cannot remember whether or not else is required; but,
carefully review /etc/ipfilter.conf and you will find these:
$IPCH -A input -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
$IPCH -A output -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
which is preventing these packets from getting to your internal network.
hth
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
