Ray, thanks for working with me on this.
Chris -- Your routing table is sufficiently a mess that your problems are probably a by-product of that.I'm not even sure how to edit the routing table. The only thing I did was th initial configuration (load the rtl8139 modules for my NICs, set the MAX_LOOP setting to 2, named the firewall, changed $HOSTNAME.private.network to $HOSTNAME.esimail.org, added a password, and setup sshd, saved it all and rebooted. I've tried various other things in the past, but none of it worked so I reimaged my boot floppy and started over from scratch.
You have both interfaces (eth0 and eth1) on the same /24 network (192.168.1.0/24):I think because dhcp is handled by the ISP's router and is assigning them both. What can I do about this?
The default firewall most likely cannot handle this sort of routing table, and (for example) installs rules to DENY traffic from the "internal" (eth1, probably) network if it comes in on the "external" (eth0, probably) interface. Hence, this rule appears, and it probably blocks (at least some of) your ping attempts:So traffic from anything between the ISP's router and the firewall (including all the other servers connected to the hub) that get their ip assigned by the ISP's router would be read as this kind of traffic and denied, right? The LAN the the firewall is protecting is all connected behind it on eth1 so shouldn't be gernerating any traffic on eth0 I don't think.
49 5518 DENY all ----l- 0xFF 0x00 eth0 192.168.1.0/24 0.0.0.0/0 n/a
It is not impossible to have 2 interfaces on the same network (though it is tricky). But to untangle your problem, we need a better understanding of what your network arrangement *should* look like if it were working properly. What do you wan this router to route?The final setup will look like how I described the current setup:
T1 to ISP's router (which handles DHCP)
ISP's router to Hub
Hub to Firewall via eth0 (& other networks outside of firewall)
Firewall to Switch via eth1 (internal network connected to this switch)
The traffic that should be flowing in and out of the internal network is email from our Exchange 2000 server, normal web browsing, ftp, real media streams, and things like that which I would consider "normal" traffic. The reason we're setting up a firewall is because we got hacked a few months back and our Exchange server was used to relay spam. Also a consultant we hired to setup Outlook web access and VPN services said he wouldn't do it until we installed a firewall.
Also please be specific as to what IP address the NT host is using and which interface it is attached to (and, for that matter, what *its* routing table looks like). From your posting, it appears that it is using the IP address that the router thinks is its default gateway (192.168.1.1) but that it is on the wrong interface to serve in this role (assuming that eth1 is your internal interface, as is the custom ... in any case, the "internal" interface is, by definition, NOT the interface that connects to the default gateway).Hmmm, I didn't catch that before. The NT machine is setup to get its IP from a dhcp server so I'm assuming it's getting it from the Dachstein box, since it currently doesn't seem to be able to reach the ISP's router. When I run ipconfig on it it comes back with:
Ethernet adapter CpqNF31:
IP Address: 192.168.1.1
Subnetmask: 255.255.255.0
Default Gateway: 192.168.1.254
Yesterday it was the same, but today I ran ipconfig /renew and even though the settings are the same I can now ping 192.168.1.254 successfully, but 192.168.1.25 (eth0) and 208.57.96.252 (ISP's router, I think) still give the "Request timed out" message.
Also, I can now ping 192.168.1.1 and 192.168.1.254 from the firewall, but pinging 192.168.1.25 and 208.57.96.252 hangs and when I hit ^c it reports back 8 packets transmitted, 0 packets received, 100% loss)
I think the eth interfaces are setup correctly, eth0 connecting the firewall to the hub that has the T1 feed, and eth1 connecting to the switch that connects the internal network. Right now the NT machine is the only other thing connected to the switch.
Right now the rest of the LAN which will eventually be moved behind the firewall is all connected to the hub, so it's probably generating some junk traffic on eth0.
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
