On Wed, 2003-11-12 at 22:06, Paul G Rogers wrote: > >From: Richard Doyle <[EMAIL PROTECTED]> > >Date: Wed, 12 Nov 2003 08:55:40 -0800 > > > On Tue, 2003-11-11 at 22:55, Paul G Rogers wrote: > > I'm trying to customize Bering 1.2 to replace a 1.0 dialup firewall > I've > > been using. I've put both on side-by-side computers and been through > the > > lrconfig files one by one. As far as I can tell I've got everything > set > > straight. Now I can't ping it. One thing I found is in... > ...8<... > > > >Please follow "How do I request help" at > >http://sourceforge.net/docman/display_doc.php?docid=1891&group_id=13751 > > > Got that now, I think. Sorry, I thought having v1.0 running would make > customizing v1.2 a snap, if I started by making them the same. One would think so. I've just switched to a Bering 1.2 firewall running on an old portable with a dial-out connection, so it _is_ possible.
> Here's the first part of the problem: > (Once I can reach the firewall I'll probably find more.) > ============Pinging 192.168.1.254 with 32 bytes of data:Request timed > out.Request timed out.Request timed out.Request timed out.Ping statistics > for 192.168.1.254: Packets: Sent = 4, Received = 0, Lost = 4 (100% > loss),Approximate round trip times in milli-seconds: Minimum = 0ms, > Maximum = 0ms, Average = 0ms========== Look to http://sourceforge.net/docman/display_doc.php?docid=1433&group_id=13751 on using ping to debug firewall problems. It sounds like you were pinging the firewall from a Windows host attached to the internal interface of the firewall. Is that the case? > When I use a v1.0 diskette in the firewall box then I can ping it with no > problem at all. So it isn't a problem with the LAN or NIC. > > OK, now for the status you asked for... > Version: > ========== > Linux foxfire 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 i586 unknown > ========== > IP addresses: > ========== > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:20:af:d9:95:62 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.254/24 brd 192.168.1.255 scope global eth0 > 4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 576 qdisc pfifo_fast qlen 3 > link/ppp > inet 10.64.64.64 peer 10.112.112.112/32 scope global ppp0 > =========== > Hmmm, ppp should be getting an IP address from my ISP which would be > 209.102.124.something. I've never seen 10.anything with the v1.0 Bering > running. (I changed the MTU/MRU to 576 because I once read that improved > performance.) The 10.x.x.x addresses are defaults, used before the a connection is established. ppp0 will get real IPs from your ISP when the connection is established. > Maybe, modules next: > =========== > Module Pages Used by > ip_nat_irc 2176 0 (unused) > ip_nat_ftp 2784 0 (unused) > ip_conntrack_irc 2880 1 > ip_conntrack_ftp 3648 1 > ppp_async 6284 0 (unused) > ppp_generic 16152 1 [ppp_async] > slhc 4352 0 [ppp_generic] > 3c509 8484 1 > ============ > Am I missing a ppp module? Seems like I remember having to add an extra > module in v1.0. You don't have any compression/deflation Modules, but that shouldn't be a cause for concern at this point. The serial.o module was needed in some LEAF variants, but is compiled into the kernel in this one. > Route next: > ============ > 10.112.112.112 dev ppp0 proto kernel scope link src 10.64.64.64 > 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.254 > default via 10.112.112.112 dev ppp0 > ============ > What's with this 10.112.112.112 again? At this point I haven't made a > connection yet to the ISP. Right. > Here's daemon.log: > ============ > Nov 12 15:36:03 foxfire pppd[25334]: pppd 2.4.1 started by root, uid 0 > Nov 12 15:36:03 foxfire pppd[25334]: Using interface ppp0 > Nov 12 15:36:03 foxfire pppd[25334]: Cannot determine ethernet address > for proxy ARP > Nov 12 15:36:03 foxfire pppd[25334]: local IP address 10.64.64.64 > Nov 12 15:36:03 foxfire pppd[25334]: remote IP address 10.112.112.112 > Nov 12 15:36:04 foxfire init: Entering runlevel: 2 > ============ > 10 again. > I did leave some of the Shorewall options for unclean, RFC1918, & > tcpflags, on the ppp zone which I had removed in v1.0. > Shorewall status: <snip lots of 0 packet counts> Nothing enters the box on either interface. Run "ip -s link show eth0" and "ip -s link show ppp0" to see total packet counts > And finally messages: > =========== > Nov 12 15:36:02 foxfire syslogd 1.3-3#31.slink1: restart. <snip early boot messages> > Nov 12 15:36:02 foxfire kernel: Linux NET4.0 for Linux 2.4 > Nov 12 15:36:02 foxfire kernel: Based upon Swansea University Computer > Society NET3.039 > Nov 12 15:36:02 foxfire kernel: Serial driver version 5.05c (2001-07-08) > with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled > Nov 12 15:36:02 foxfire kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A > Nov 12 15:36:02 foxfire kernel: Real Time Clock Driver v1.10e > Nov 12 15:36:02 foxfire kernel: Software Watchdog Timer: 0.05, timer > margin: 60 sec > Nov 12 15:36:02 foxfire kernel: Floppy drive(s): fd0 is 1.44M > Nov 12 15:36:02 foxfire kernel: FDC 0 is a post-1991 82077 > Nov 12 15:36:02 foxfire kernel: NET4: Linux TCP/IP 1.0 for NET4.0 > Nov 12 15:36:02 foxfire kernel: IP Protocols: ICMP, UDP, TCP, IGMP > Nov 12 15:36:02 foxfire kernel: IP: routing cache hash table of 512 > buckets, 4Kbytes > Nov 12 15:36:02 foxfire kernel: TCP: Hash tables configured (established > 4096 bind 4096) > Nov 12 15:36:02 foxfire kernel: NET4: Unix domain sockets 1.0/SMP for > Linux NET4.0. > Nov 12 15:36:02 foxfire kernel: RAMDISK: Compressed image found at block > 0 > Nov 12 15:36:02 foxfire kernel: Freeing initrd memory: 401k freed > Nov 12 15:36:02 foxfire kernel: Freeing unused kernel memory: 64k freed > Nov 12 15:36:02 foxfire kernel: 3c509.c:1.19 16Oct2002 [EMAIL PROTECTED] > Nov 12 15:36:02 foxfire kernel: http://www.scyld.com/network/3c509.html > Nov 12 15:36:02 foxfire kernel: CSLIP: code copyright 1989 Regents of the > University of California > Nov 12 15:36:02 foxfire kernel: PPP generic driver version 2.4.2 > ========== > I saw that the NIC had been recognized, and the MAC had been displayed. Nothing here seems unexpected. It is odd that your Bering box isn't responding to pings aimed at its internal interface, since you say that the same hardware, in the same configuration works with a Bering 1.0 diskette. What happens when you ping the "internal" computer from the Bering box? Observe the lights on both NICs when you ping the Bering box from the other computer, and when you ping the other computer from the Bering box. As to the external interface, the problem could be in your Shorewall or PPP configuration, or something else (tm). You might want to post your /etc/network/interfaces file and your ppp configuration files, with username and passwords obscured. Shorewall usually loads late in the boot process; look at the messages that scroll by right before you get the login prompt. Anything odd? > > Maybe I can't see something, I think I setup the interfaces OK, maybe > Shorewall is stopping the ping from inside? I don't understand why, what > the danger is. > > Suggestions I can understand appreciated. > ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
