cat /proc/sys/net/ipv4/ip_forward
It should be 1. If it is 0, then you do not have IP forwarding turned on on the rotuer, and it will not route anything. Fixing that would probably (I'm no expert on Bering config files, I fear) involve changing the first line in /etc/options:
to "ip_forward=yes"./etc/options ============ ip_forward=no spoofprotect=yes syncookies=no
If that's not it, then the problem is most likely in the firewall ruleset. I'm also not a Shorewall expert, but either one of the Shorewall experts can tell you its command for reporting firewall details, or you can report the underlying rules with
iptables -nvL
Final thought: since this is an isolated network, I assume that the external network really is 1.2.3.0/24, not that you are chainging addresses to conceal information. If this assumption is wrong, please use the real numbers next time, since changing them in troubleshooting reports can conceal problems.
At 10:23 PM 1/9/03 -0800, Wynne Crompton wrote:
Hi,I'm a newbie, but would be grateful for help with the following: I set up the following isolated network in order to help learn/test my set-up of Bering 2.0.3: HOST 'far' IP 1.2.3.1 running RH Linux 6.2 | | | 1.2.3.4/24 Bering firewall 192.168.1.254/24 | | | HOST 'near' IP 192.168.1.2 running RH Linux 7.3 The Bering/Shorewall set-up is almost standard - I only changed what I believe is the necessary minimum. In th elong run I want to set up a link between two networks and do 1-to-1 NAT (SNAT) for connections from specific machines on one network (with private IPs) to the other (with some allocated IPs on the second network for these machines). Some configuration file content and output debug from the three machines is appended. I apologise if this doesn't include something that's particularly significant... In a nutshell, I can ping the firewall from both near and far. I can also ping near and far from the firewall. However I cannot ping far from near, but do not understand why not - Help please!
[detailed diagnostics deleted] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
