At 12:31 PM 1/30/03 -0800, Chris Low wrote:
*You* don't edit the routing table. You edit the Dach config files, and the startup scripts create (among other things) the routing table. See below for more on this part.Ray, thanks for working with me on this.Chris -- Your routing table is sufficiently a mess that your problems are probably a by-product of that.
I'm not even sure how to edit the routing table.
The only thing I did was th initial configuration (load the rtl8139 modules for my NICs, set the MAX_LOOP setting to 2, named the firewall, changed $HOSTNAME.private.network to $HOSTNAME.esimail.org, added a password, and setup sshd, saved it all and rebooted. I've tried various other things in the past, but none of it worked so I reimaged my boot floppy and started over from scratch.I doubt this guess is correct. It is more likely that:
You have both interfaces (eth0 and eth1) on the same /24 network (192.168.1.0/24):I think because dhcp is handled by the ISP's router and is assigning them both. What can I do about this?
A. The "external" ISP's router is on network 192.168.1.0/24 and provides DHCP leases for at least a portion of that network.
B. The Dachstein router is configured to use 192.168.1.0/24, the same network, and to provide DHCP leases for at least a portion of that network on its internal interface.
To fix this, you need to change the internal network that Dachstein uses. I've been away from Dach for long enough that I forget the name of the file it keeps its basic config info in ... it will be something like /etc/network.conf . But find that file, look in it for the one or several places where 192.168.1.*/24 addresses are associated with the internal interface or network, and change them to some non-conflicting value. Then save and reboot (including restarting networiing on the NT server, so it gets a new lease on the new network).
This change may not solve all your problems ... but until you make it, you will make no progess toward getting your Dach router running.
[...]
The final setup will look like how I described the current setup:Do you have any control over the settings on the "ISP's router"? I infer from what you sent that it has a "real" (public, routable) IP address on its external interface and NAT's 192.168.1.0/24 on the internal interface. Depending on what that router can do, you **might** be able to switch it to a different internal network, even better a static route to the Dach firewall that does not require NAT'ing. Then the Dach router can keep the network numbering it and you are used to, and you'll avoid the problems that might arise from double-NAT'ing of outgoing traffic.
T1 to ISP's router (which handles DHCP)
ISP's router to Hub
Hub to Firewall via eth0 (& other networks outside of firewall)
Firewall to Switch via eth1 (internal network connected to this switch)
The traffic that should be flowing in and out of the internal network is email from our Exchange 2000 server, normal web browsing, ftp, real media streams, and things like that which I would consider "normal" traffic. The reason we're setting up a firewall is because we got hacked a few months back and our Exchange server was used to relay spam. Also a consultant we hired to setup Outlook web access and VPN services said he wouldn't do it until we installed a firewall.
This is just a vague thought, though ... it's hard to assess if it can work with unknown equipment (and, probably, equipment I'd be unfamiliar with even if you identified it).
[...].
Also, I can now ping 192.168.1.1 and 192.168.1.254 from the firewall, but pinging 192.168.1.25 and 208.57.96.252 hangs and when I hit ^c it reports back 8 packets transmitted, 0 packets received, 100% loss)
Right. This is consistent with the scrambled routing table you reported before. [...] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
