At 08:30 AM 12/27/02 -0500, Omar D. Samuels wrote:
This is better, but it still leaves out the sort of detail we need to spot the problem.Okay guys, thanks for the response, it's been a while so I guess I forgot that this IS a place for details. Allow me then to start over.
Well, the goal is correct, but since you don't describe the "tinkering" you did, it's hard to say if you got some detail wrong. Charles suggests some good diagnostics in his reply.Alright... got the floppy-based Dachstein, did a fresh diskette, stuck it into my 486/DX2, 16MB RAM, with two identical RTL8019 NICs. Now I've used the same hardware before as a gateway on a different network and it worked. This time around I'm trying it at home. I have one of the primewave wireless boxes, that come down into a RJ45 box that I plug the External interface of the box into and get DHCP address 192.168.1.x from 192.168.1.111 DHCP server. The problem is that this is the same subnet being given out on the internal side of the box. I figured that this would cause a problem and started tinkering to change the internal interface subnet to 172.16.0.x/24.
First, how *does* the client machine resolve domains? What DNS servers does it use, and where are they with respect to (a) your LAN and (b) the ISP's "local" network? Can you ping these nameserver addresses by IP address from the client? From the router?I still couldnt ping anything from an internal client machine, however this time whenever I ping a domain name (Eg. www.yahoo.com) it resolves, but after resolving still couldnt ping the IP address resolved. I've tried rebooting of client machine and clearing the history and temp files and pinging domains not previously pinged just to make sure that it was in fact actively resolving domains.
Second, "still couldnt ping the IP address resolved" doesn't *describe* the ping failure. Please tell us *how* these pings fail (read the LEAF FAQ if you need to see what the possibilities are, and how they help diagnose problems).
Third, what does the router's routing table look like ("netstat -nr" is the display I find easiest to read)?
Fourth, what does the client's routing table look like (how to display it depends on what OS it runs)?
Fifth, is it possible that you have the router set up not to forward ping queries and/or replies? (Could be in kernel settings or in the firewall ruleset.)
My own first thought was that you have an RFC-1918 problem, as Charles suggests in his reply. But the fact that you *can* do DNS resolution argues against this, so I doubt I (or anyone here) will really be able to make sense of your situation until you at least tell us about your DNS setup.
I presume none of this helped. Since the router almost surely needs to NAT the LAN, "flushing all chains and setting the policies to ACCEPT" won't work. The entries in hosts.allow are irrelevent to routing.I looked at the IPCHAINS chains and there are a whole bunch of rules loaded in there... as a test I tried going thru the filter file with the rules and changing the deault policy from DENY to ACCEPT for input, forward, output.... I tried adding the internal subnet... as a matter of fact everything to the hosts.allow file (ALL : ALL). I even manually from the command line tried flushing all chains and setting the policies to ACCEPT.
If you think a rule is causing the ping failures, the ONLY way we can help you spot it is if you rell us what the real rules are ("ipchains -nvL").
No way to answer this without a better description of "this thing". As I suggested before, please read the SR FAQ and use its guidance to help you compose a report.I was also wondering of all the Filter settings (none|router|firewall) which would be a safer bet to get this thing to work?
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
