OK, second attempt. Upon following Ray's advice I did some ping testing. (BTW, thanks for the reminder about the FAQ section) I am gettiing a type 1 ping error when I try to ping my gateway from my router console. I am able to ping both interfaces on the router successfully from my internal client. If I substitute the router for my already working Red Hat system I am able to ping my gateway just fine so I feel pretty confident the problem is with my router configuration. My other questions is what other diagnostic info is needed? <You provided some of what we need to see, but not all.> I looked at the section about posting diagnostics. I was unable to get the diagnostics for any of the IP masqerading sections. (when I typed in the commands that were listed in that section I get a message back (file):not found. So IP masqerading is not installed?) My ISP has assigned me the following with a DSL Modem: > >Static IP 66.202.48.231 > >Gateway 66.202.48.1 > >DNS 216.47.224.66 and 216.47.224.48 > >My Windows 9x clients are set to obtain IP address automatically and use DHCP for WINS resoloution
Below is all the diagnostics I was able to obtain following the examples given > Jan 22 21:58:09 firewall syslogd 1.3-3#31.slink1: restart. Jan 22 21:58:09 firewall kernel: klogd 1.3-3#31.slink1, log source = /proc/kmsg started. Jan 22 21:58:09 firewall kernel: Cannot find map file. Jan 22 21:58:09 firewall kernel: Loaded 9 symbols from 6 modules. Jan 22 21:58:09 firewall kernel: Linux version 2.4.18 (root@uml_woody) (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Sun Nov 10 17:40:20 UTC 2002 Jan 22 21:58:09 firewall kernel: BIOS-provided physical RAM map: Jan 22 21:58:09 firewall kernel: BIOS-88: 0000000000000000 - 000000000009f000 (usable) Jan 22 21:58:09 firewall kernel: BIOS-88: 0000000000100000 - 0000000001000000 (usable) Jan 22 21:58:09 firewall kernel: On node 0 totalpages: 4096 Jan 22 21:58:09 firewall kernel: zone(0): 4096 pages. Jan 22 21:58:09 firewall kernel: zone(1): 0 pages. Jan 22 21:58:09 firewall kernel: zone(2): 0 pages. Jan 22 21:58:09 firewall kernel: Kernel command line: BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680 LRP=root,dhcpd,etc,local,modules,iptables,shorwall,dnscache,weblet Jan 22 21:58:09 firewall kernel: Initializing CPU#0 Jan 22 21:58:09 firewall kernel: Console: colour VGA+ 80x25 Jan 22 21:58:09 firewall kernel: Calibrating delay loop... 33.17 BogoMIPS Jan 22 21:58:09 firewall kernel: Memory: 13916k/16384k available (907k kernel code, 2080k reserved, 232k data, 60k init, 0k highmem) Jan 22 21:58:09 firewall kernel: Checking if this processor honours the WP bit even in supervisor mode... Ok. Jan 22 21:58:09 firewall kernel: Dentry-cache hash table entries: 2048 (order: 2, 16384 bytes) Jan 22 21:58:09 firewall kernel: Inode-cache hash table entries: 1024 (order: 1, 8192 bytes) Jan 22 21:58:09 firewall kernel: Mount-cache hash table entries: 512 (order: 0, 4096 bytes) Jan 22 21:58:09 firewall kernel: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes) Jan 22 21:58:09 firewall kernel: Page-cache hash table entries: 4096 (order: 2, 16384 bytes) Jan 22 21:58:09 firewall kernel: CPU: Intel 486 DX/2 stepping 05 Jan 22 21:58:09 firewall kernel: Checking 'hlt' instruction... OK. Jan 22 21:58:09 firewall kernel: POSIX conformance testing by UNIFIX Jan 22 21:58:09 firewall kernel: PCI: System does not support PCI Jan 22 21:58:09 firewall kernel: Linux NET4.0 for Linux 2.4 Jan 22 21:58:09 firewall kernel: Based upon Swansea University Computer Society NET3.039 Jan 22 21:58:09 firewall kernel: Initializing RT netlink socket Jan 22 21:58:09 firewall kernel: Starting kswapd Jan 22 21:58:09 firewall kernel: pty: 256 Unix98 ptys configured Jan 22 21:58:09 firewall kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled Jan 22 21:58:09 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16450 Jan 22 21:58:09 firewall kernel: ttyS01 at 0x02f8 (irq = 3) is a 16450 Jan 22 21:58:09 firewall kernel: Software Watchdog Timer: 0.05, timer margin: 60 sec Jan 22 21:58:09 firewall kernel: block: 64 slots per queue, batch=16 Jan 22 21:58:09 firewall kernel: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Jan 22 21:58:09 firewall kernel: Floppy drive(s): fd0 is 1.44M Jan 22 21:58:09 firewall kernel: FDC 0 is an 8272A Jan 22 21:58:09 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0 Jan 22 21:58:09 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP Jan 22 21:58:09 firewall kernel: IP: routing cache hash table of 512 buckets, 4Kbytes Jan 22 21:58:09 firewall kernel: TCP: Hash tables configured (established 1024 bind 1024) Jan 22 21:58:09 firewall kernel: Linux IP multicast router 0.06 plus PIM-SM Jan 22 21:58:09 firewall kernel: ip_conntrack version 2.0 (128 buckets, 1024 max) - 312 bytes per conntrack Jan 22 21:58:09 firewall kernel: ip_tables: (C) 2000-2002 Netfilter core team Jan 22 21:58:09 firewall kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Jan 22 21:58:09 firewall kernel: RAMDISK: Compressed image found at block 0 Jan 22 21:58:09 firewall kernel: Freeing initrd memory: 401k freed Jan 22 21:58:09 firewall kernel: VFS: Mounted root (minix filesystem). Jan 22 21:58:09 firewall kernel: Freeing unused kernel memory: 60k freed Jan 22 21:58:09 firewall kernel: eth0: 3c5x9 at 0x320, 10baseT port, address 00 20 af a7 0e 71, IRQ 11. Jan 22 21:58:09 firewall kernel: 3c509.c:1.18a [EMAIL PROTECTED] Jan 22 21:58:09 firewall kernel: http://www.scyld.com/network/3c509.html Jan 22 21:58:09 firewall kernel: eth1: 3c5x9 at 0x300, 10baseT port, address 00 20 af bc 1d d8, IRQ 10. Jan 22 21:58:09 firewall kernel: 3c509.c:1.18a [EMAIL PROTECTED] Jan 22 21:58:09 firewall kernel: http://www.scyld.com/network/3c509.html Jan 22 21:58:09 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Jan 22 21:58:09 firewall kernel: eth0: Setting Rx mode to 1 addresses. Jan 22 21:58:09 firewall kernel: eth1: Setting Rx mode to 0 addresses. Jan 22 21:58:09 firewall kernel: eth1: Setting Rx mode to 1 addresses. Jan 22 21:58:09 firewall kernel: spurious 8259A interrupt: IRQ7. Jan 22 21:58:44 firewall root: Shorewall Started 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:af:a7:0e:71 brd ff:ff:ff:ff:ff:ff inet 66.202.48.231/24 brd 66.202.48.255 scope global eth0 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:af:bc:1d:d8 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 66.202.48.0/24 dev eth0 proto kernel scope link src 66.202.48.231 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 66.202.48.1 dev eth0 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT ah -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 eth0_in ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_in ah -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 eth0_fwd ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_fwd ah -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT ah -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 fw2net ah -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 all2all ah -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain all2all (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (5 references) pkts bytes target prot opt in out source destination 0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 reject-with icmp-port-unreachable 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 reject-with icmp-port-unreachable 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 0 0 DROP ah -- * * 0.0.0.0/0 255.255.255.255 0 0 DROP ah -- * * 0.0.0.0/0 224.0.0.0/4 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW 0 0 DROP ah -- * * 0.0.0.0/0 66.202.255.255 0 0 DROP ah -- * * 0.0.0.0/0 192.168.1.255 Chain dynamic (4 references) pkts bytes target prot opt in out source destination Chain eth0_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 rfc1918 ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 net2all ah -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 rfc1918 ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 net2all ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 loc2net ah -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 loc2fw ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 Chain loc2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop (27 references) pkts bytes target prot opt in out source destination 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:' 0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain newnotsyn (5 references) pkts bytes target prot opt in out source destination 0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (6 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT ah -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain rfc1918 (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN ah -- * * 255.255.255.255 0.0.0.0/0 0 0 DROP ah -- * * 169.254.0.0/16 0.0.0.0/0 0 0 logdrop ah -- * * 172.16.0.0/12 0.0.0.0/0 0 0 logdrop ah -- * * 192.0.2.0/24 0.0.0.0/0 0 0 logdrop ah -- * * 192.168.0.0/16 0.0.0.0/0 0 0 logdrop ah -- * * 0.0.0.0/7 0.0.0.0/0 0 0 logdrop ah -- * * 2.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 5.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 7.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 10.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 23.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 27.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 31.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 36.0.0.0/7 0.0.0.0/0 0 0 logdrop ah -- * * 39.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 41.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 42.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 58.0.0.0/7 0.0.0.0/0 0 0 logdrop ah -- * * 60.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 70.0.0.0/7 0.0.0.0/0 0 0 logdrop ah -- * * 72.0.0.0/5 0.0.0.0/0 0 0 logdrop ah -- * * 82.0.0.0/7 0.0.0.0/0 0 0 logdrop ah -- * * 84.0.0.0/6 0.0.0.0/0 0 0 logdrop ah -- * * 88.0.0.0/5 0.0.0.0/0 0 0 logdrop ah -- * * 96.0.0.0/3 0.0.0.0/0 0 0 logdrop ah -- * * 127.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 197.0.0.0/8 0.0.0.0/0 0 0 logdrop ah -- * * 222.0.0.0/7 0.0.0.0/0 0 0 logdrop ah -- * * 240.0.0.0/4 0.0.0.0/0 Chain shorewall (0 references) pkts bytes target prot opt in out source destination > One thought ... are the workstations relying on the external DNS > servers, > or do you have a DNS forwarder running on the LAN (ehtier on the > router or > a separate workstation)? In either case, how are you telling the > workstations what DNS servers to use? I added my DNS servers to the default values that are in /etc/resolv.conf I have no other references to DNS servers. Are there other places it needs to be configured? I hope I have given enough info this time to help you assist me. My deepest gratitude for your patience and willingness to assist me. PS. I just noticed as I went through the diagnostic info that my output from ip addr show lists my eth0 as having a netmask length of 24. Shouldn't it be 16? What config file needs to be changed? My etc/network/interfaces file is as follows auto eth0 iface eth0 inet static address 66.202.48.231 masklen 16 broadcast 66.202.255.255 gateway 66.202.48.1 . ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html