Your explanaion in unclear in a couple of respects as regards the connection to the Win2K host. As a result, I'd first suggest you check some things abou that connection (though some of te suggestions may arise from my misinterpretations of what you sent us).
1. You seem to say that the Win2K client has 2 interfaces, one to the Bering LAN, the other to "LAN2". What does its routing table look like? Does it know the right route to the Bering router? 2. You say the two devices are connected "|<-xLink RJ45->|". Are you using a known-good crossover cable to make this connection? (Or am I misinterpreting "xLink"? I read it to mean a direct connection between the two hosts, not one through a hub or switch.) 3. When you try to ping, do the activity lights on BOTH NICs flash? (Assuming the NICs have activity lights; not all do.) 4. Can the Win2K host ping the Bering router? (Probably not, but does it fail with a different error?) One possibility is that you are having a problem connecting the two machines directly. Even with a proper crossover cable, sometimes NICs conencted this way have trouble "handshaking", typically being unable to agree on a speed. If everything else seems to be OK, try temporarily connecting through a hub, and see if that changes your results. I don't see any problems with the Bering config info you sent. But you're reporting the firewall rulesets in incomplete form -- you want to use "ipchains -nvL" to get a full listing of the rules in effect. At 03:08 AM 10/3/02 -0400, Quan Si Kwon wrote: >Hi, I am new to Linux (six months), and am trying to setup a Linux Router >using Bering_1.0-rc3_img_bering_1680.exe. I have followed the Bering >Installation/Users Guide step-by-step to setup the router using mostly >default settings where possible. My problem is that my local LAN >(192.168.1.0/24) cannot ping and/or connect to the Bering/Shorewall firewall? > >The following is the configuration of my LAN at the moment: > > Win2000P Bering > +---------------+ +--------------------+ > LAN2<---------| 192.168.72.74 | | eth0:65.95.176.193 > |---> PPPoE/ADSL > | | | | > | 192.168.1.10 |<-xLink RJ45->| eth1:192.168.1.254 | > | | | | > +---------------+ +--------------------+ > >On the Bering LRP, I can ping (1) eth0, (2) eth1, and the Internet, except >when I tried to ping loc:192.168.1.10, I receive the following message: > >"PING 192.168.1.10 (192.168.1.10): 56 data bytes > >--- 192.168.1.10 ping statistics --- >2 packets transmitted, 0 packets received, 100% packet loss" > >I think it is something to do with either (1) iptables or (2) shorewall. >But I don't have the necessary knowledge to fix it. > >Other information: > >uname -a: >Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown > >ip addr show: >1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo >2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff >3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:80:c8:35:c6:7b brd ff:ff:ff:ff:ff:ff >4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:80:c8:93:ba:3a brd ff:ff:ff:ff:ff:ff > inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 >5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3 > link/ppp > inet 65.95.176.193 peer 65.95.176.1/32 scope global ppp0 > >ip route show: >65.95.176.1 dev ppp0 proto kernel scope link src 65.95.176.193 >192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 >default via 65.95.176.1 dev ppp0 > >iptables -L: >Chain INPUT (policy DROP) >target prot opt source destination >ACCEPT ah -- anywhere anywhere >ppp0_in ah -- anywhere anywhere >eth1_in ah -- anywhere anywhere >common ah -- anywhere anywhere >LOG ah -- anywhere anywhere LOG level info >prefix `Shorewall:INPUT:REJECT:' >reject ah -- anywhere anywhere > >Chain FORWARD (policy DROP) >target prot opt source destination >TCPMSS tcp -- anywhere anywhere tcp >flags:SYN,RST/SYN TCPMSS clamp to PMTU >ppp0_fwd ah -- anywhere anywhere >eth1_fwd ah -- anywhere anywhere >common ah -- anywhere anywhere >LOG ah -- anywhere anywhere LOG level info >prefix `Shorewall:FORWARD:REJECT:' >reject ah -- anywhere anywhere > >Chain OUTPUT (policy DROP) >target prot opt source destination >ACCEPT ah -- anywhere anywhere >DROP icmp -- anywhere anywhere state INVALID >ACCEPT icmp -- anywhere anywhere >fw2net ah -- anywhere anywhere >all2all ah -- anywhere anywhere >common ah -- anywhere anywhere >LOG ah -- anywhere anywhere LOG level info >prefix `Shorewall:OUTPUT:REJECT:' >reject ah -- anywhere anywhere > >Chain all2all (3 references) >target prot opt source destination >ACCEPT ah -- anywhere anywhere state >RELATED,ESTABLISHED >common ah -- anywhere anywhere >LOG ah -- anywhere anywhere LOG level info >prefix `Shorewall:all2all:REJECT:' >reject ah -- anywhere anywhere > >Chain common (5 references) >target prot opt source destination >icmpdef icmp -- anywhere anywhere >ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK >ACCEPT tcp -- anywhere anywhere tcp flags:RST/RST >REJECT udp -- anywhere anywhere udp >dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable >REJECT udp -- anywhere anywhere udp dpt:445 >reject-with icmp-port-unreachable >reject tcp -- anywhere anywhere tcp dpt:135 >DROP udp -- anywhere anywhere udp dpt:1900 >DROP ah -- anywhere 255.255.255.255 >DROP ah -- anywhere BASE-ADDRESS.MCAST.NET/4 >reject tcp -- anywhere anywhere tcp dpt:auth >DROP udp -- anywhere anywhere udp spt:domain >state NEW >DROP ah -- anywhere 192.168.1.255 > >Chain eth1_fwd (1 references) >target prot opt source destination >loc2net ah -- anywhere anywhere > >Chain eth1_in (1 references) >target prot opt source destination >ACCEPT icmp -- anywhere anywhere icmp echo-request >loc2fw ah -- anywhere anywhere > >Chain fw2net (1 references) >target prot opt source destination >ACCEPT ah -- anywhere anywhere state >RELATED,ESTABLISHED >ACCEPT tcp -- anywhere anywhere state NEW tcp >dpt:domain >ACCEPT udp -- anywhere anywhere state NEW udp >dpt:domain >all2all ah -- anywhere anywhere > >Chain icmpdef (1 references) >target prot opt source destination >ACCEPT icmp -- anywhere anywhere icmp echo-reply >ACCEPT icmp -- anywhere anywhere icmp >source-quench >ACCEPT icmp -- anywhere anywhere icmp >destination-unreachable >ACCEPT icmp -- anywhere anywhere icmp >time-exceeded >ACCEPT icmp -- anywhere anywhere icmp >parameter-problem > >Chain loc2fw (1 references) >target prot opt source destination >ACCEPT ah -- anywhere anywhere state >RELATED,ESTABLISHED >ACCEPT tcp -- anywhere anywhere state NEW tcp >dpt:ssh >ACCEPT udp -- anywhere anywhere state NEW udp >dpt:domain >ACCEPT tcp -- anywhere anywhere state NEW tcp >dpt:www >all2all ah -- anywhere anywhere > >Chain loc2net (1 references) >target prot opt source destination >ACCEPT ah -- anywhere anywhere state >RELATED,ESTABLISHED >ACCEPT ah -- anywhere anywhere > >Chain net2all (2 references) >target prot opt source destination >ACCEPT ah -- anywhere anywhere state >RELATED,ESTABLISHED >common ah -- anywhere anywhere >LOG ah -- anywhere anywhere LOG level info >prefix `Shorewall:net2all:DROP:' >DROP ah -- anywhere anywhere > >Chain ppp0_fwd (1 references) >target prot opt source destination >net2all ah -- anywhere anywhere > >Chain ppp0_in (1 references) >target prot opt source destination >ACCEPT icmp -- anywhere anywhere icmp echo-request >net2all ah -- anywhere anywhere > >Chain reject (6 references) >target prot opt source destination >REJECT tcp -- anywhere anywhere reject-with >tcp-reset >REJECT ah -- anywhere anywhere reject-with >icmp-port-unreachable > >Chain shorewall (0 references) >target prot opt source destination > >/var/log/messages: >Nothing unusual! > >Ping -c 2 google.com (from LRP): >PING google.com (216.239.35.100): 56 data bytes >64 bytes from 216.239.35.100: icmp_seq=0 ttl=51 time=138.8 ms >64 bytes from 216.239.35.100: icmp_seq=1 ttl=51 time=136.2 ms > >--- google.com ping statistics --- >2 packets transmitted, 2 packets received, 0% packet loss >round-trip min/avg/max = 136.2/137.5/138.8 ms > >PS Sorry for the length of this posting! -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
