I don't understand all the issues in this conversation, but I can supply small bits which may be helpful.
I used to have my home net wired with thin coax too; I gave it up as some of the things I wanted provided only RJ-45 plugs. Category-5 cable with RJ-45 plugs has the advantage that it's full-duplex, which can double your throughput directly sometimes, and indirectly by eliminating packet collisions generally does double your maximum throughput again. If you haven't taken this step, then think of a hub as a replacement for the multi-drop nature of the coax connection. This is how many cat-5 connections get connected. Electrically, it's a pretty simple repeater, broadcasting incoming signals on all outgoing lines. It has the disadvantage, unlike switches and routers, of reintroducing collisions. The cables remain full-duplex, but packets can collide in the hub. Hubs don't have addresses, and don't understand them, so they are pretty much transparent to the hosts using the net. Thus the comparison to raw coax. They operate on the level of raw signalling, bit by bit. Switches are a bit more complicated, but you can also consider them transparent to packets, but can expect collisions to disappear until the subnetwork is overloaded with traffic. That's because switches operate on entire ethernet frames (the thing that contains a TCP/IP packet). They have some buffer capacity for store-and-forward. So, depending on how this subnet is wired, it may be correct that the firewall should stay out of communications involving conversations directly between other members of the subnet. If they can connect directly through the hub, the firewall should be able to stay out of it. ++ kevin On Sun, Mar 31, 2002 at 03:01:28PM -0500, Joel Hammer wrote: > OK. This firewall routing table looks odd. I don't know if this is your > problem, however (see below). Who or what is setting up these routes for > you? > > 1. 192.168.13.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 > 2. [ISP Connection] 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 3. 127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 lo > 4. 192.168.13.0 192.168.13.1 255.255.255.0 UG 0 0 0 eth0 > 5. 192.168.13.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 6. 0.0.0.0 [ISP Connection] 0.0.0.0 UG 0 0 0 ppp0 > Line 1 seems to be pointing to the firewall machine itself. Why is it > there? > I haven't done point to point for a long time, so I cannot comment on your > ISP connection > Line 4 seems very odd. What does it do? > Now, I do not use a hub. I have thin coax for my home network. So, I don't > understand how hubs work. It seems to me that your firewall machine > shouldn't have to get involved with laptop to workstation communication, > but, I just don't know. > I just had a similar problem to yours, except I had my two workstations on > different subnets. (Look for my post about arp request not working on this > list). By using tcpdump, I found out that that workstation two could find > workstation one, but, when workstation one sent out an arp request for > workstation two, the request was not getting to workstation two. I solved my > problem, without understanding the cause, by manually adjusting the arp > table on workstation one. > SO, ping from one workstation to the other. Then run arp -n on your > workstation(s), and see if the other workstation is in the table. There > may be an incomplete listing for the other workstation. > If there is not a valid listing for the other workstation, just run, > on your machine 192.168.13.5: > arp -s 192.168.13.4 00:10:5A:0A:BE:F7 > and see if that updates your arp table. If so, fix the other workstation and > see if that solves the problem. > Joel > > > Sun, Mar 31, 2002 at 10:04:08AM -0800, Thomas A. Condon wrote: > > > > > It would help much more helpful to use the -n option with the route > > > command. I don't know the names of your machines. > > > Joel > > > > Firewall route returns: > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 192.168.13.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 > > [ISP Connection] 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > > 127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 lo > > 192.168.13.0 192.168.13.1 255.255.255.0 UG 0 0 0 eth0 > > 192.168.13.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > 0.0.0.0 [ISP Connection] 0.0.0.0 UG 0 0 0 ppp0 > > > > Workstation route returns: > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 192.168.13.4 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 > > 127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 lo > > 192.168.13.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > 0.0.0.0 192.168.13.1 0.0.0.0 UG 0 0 0 eth0 > > > > Laptop route returns: > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 192.168.13.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > > 0.0.0.0 192.168.13.1 0.0.0.0 UG 0 0 0 eth0 > > > > > > > > In Harmony's Way and In A Chord, > > > > Tom ;-}) > > > > Thomas A. Condon > > Barbershop Bass Singer > > Left Handed and In My Right Mind > > Registered Linux User #154358 > > > > Vegetarian, a Native American word for "poor hunter". > > _______________________________________________ > > Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users > > Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL. > _______________________________________________ > Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users > Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL. -- Kevin O'Gorman (805) 650-6274 mailto:[EMAIL PROTECTED] Permanent e-mail forwarder: mailto:Kevin.O'[EMAIL PROTECTED] At school: mailto:[EMAIL PROTECTED] Web: http://www.cs.ucsb.edu/~kogorman/index.html Web: http://kosmanor.com/~kevin/index.html "Life is short; eat dessert first!" _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.