First thought: prior to your setting up the LEAF router, was the RH host normally connected to this line? If yes, is it possible that the ISP uses some sort of MAC-address authentication, over and above the allocation of a static address? (I don't recall ever seeing MAC-address authentication used this way, but there are a lot of odd ISP setups around.)
Second: for a ping from the router itself, the outgoing packet traverses the OUTPUT chain, the returning packet the INPUT chain. The OUTPUT chain is set to ACCEPT the ping icmp packet. The INPUT chain would pass control to eth0_in, which (I think) has no rule that applies to icmp replies, so it passes the packet on to net2all. The first rule in net2all should ACCEPT the icmp reply ... but to be sure, do your logs indicate any DROPs associated with "Shorewall:net2all:DROP:"? Also, you might list the ruleset before and after you try and fail to ping, just to see what rules get invoked (which ones the packet counts change for).
Third, I suggest you check the router's arp table ("arp -a") *immediately* after you try and fail to ping the gateway. Does the arp table contain an entry for the gateway's IP address? Your routing table looks OK, so the router should be able to find the fateway at that level (and the /24 should not be a problem, since both your and the gateway's addresses are on the same /24 network).
Last, and just to be sure ... did I summarize your report correctly, up at the very beginning? I ask because from here, I *cannot* ping your gateway (66.202.48.1, fails silently), but I *can* ping your external IP address (66.202.48.231). Specifically:
ray@waverly:~$ ping 66.202.48.1
PING 66.202.48.1 (66.202.48.1): 56 data bytes
--- 66.202.48.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
ray@waverly:~$ ping 66.202.48.231
PING 66.202.48.231 (66.202.48.231): 56 data bytes
64 bytes from 66.202.48.231: icmp_seq=0 ttl=241 time=105.1 ms
So I wanted to make sure I understood you correctly to be saying that you did ping 66.202.48.1 successfully from the RH host (not just that the RH host could access the Internet in other ways).
One last thing ... the missing info from the first post was:
the name of the LEAF version you are running (still missing, at least from your recent pair of messages),
the output of "uname -a" (still missing, but probably not important), and
the listing of your firewall rulesets (the SR FAQ needs an update, since newer versions of LEAF require the command "iptables -nvL" instead of "ipchains -nvL".
You should be running masquerading but what you posted does not tell me if you are or not. The "ipmasqadm" commands in the SR FAQ also need to be updated for kernel 2.4.x-based LEAF variants; try "iptables -t nat -nvL".
In any case, that would not interfere with connectivity from the router itself.
At 11:03 PM 1/23/03 -0600, Jeremy A Tourville wrote:
OK, second attempt. Upon following Ray's advice I did some ping testing. (BTW, thanks for the reminder about the FAQ section) I am gettiing a type 1 ping error when I try to ping my gateway from my router console. I am able to ping both interfaces on the router successfully from my internal client. If I substitute the router for my already working Red Hat system I am able to ping my gateway just fine so I feel pretty confident the problem is with my router configuration. My other questions is what other diagnostic info is needed? <You provided some of what we need to see, but not all.> I looked at the section about posting diagnostics. I was unable to get the diagnostics for any of the IP masqerading sections. (when I typed in the commands that were listed in that section I get a message back (file):not found. So IP masqerading is not installed?) My ISP has assigned me the following with a DSL Modem: > >Static IP 66.202.48.231 > >Gateway 66.202.48.1 > >DNS 216.47.224.66 and 216.47.224.48 > >My Windows 9x clients are set to obtain IP address automatically and use DHCP for WINS resoloutionBelow is all the diagnostics I was able to obtain following the examples given
[details deleted] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
