new user, new install
New to debian, i'm faced with the challenge of installing debian tonite, setting up a USB PPPoA Bellsouth.net adsl connection to be shared out via ethernet card to a peer-to-peer network (static internal ip addresses and hub connectivity, windows platform workgroups) and i'm a little overwhelmed. any ideas? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
new user, new install
New to debian, i'm faced with the challenge of installing debian tonite, setting up a USB PPPoA Bellsouth.net adsl connection to be shared out via ethernet card to a peer-to-peer network (static internal ip addresses and hub connectivity, windows platform workgroups) and i'm a little overwhelmed. any ideas? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
On Wed, Jun 05, 2002 at 01:59:10PM -0300, Carlos Barros wrote: > >Intenet > > | > > | > > Gateway; Cisco: 194.224.7.1 > > | > > | > > | 194.224.7.9 > > Firewall > > | 194.224.7.10 > > | > > | > > - LAN > > | || > > 194.224.7.3 194.224.7.210.128.114.2.2 (Radius)etc. > > > 1- your firewall have 2 interfaces in the same subnet. > 2- so your firewall dont know where the hosts are. It does, it is just ugly. If you have no network rute to the .9 interface it will work. Therefore you have to remove the network route. This can be done with "route del -net 194.224.7.0 netmask 255.255.255.0 dev eth0". To execute this command you can eighter put it in a boot up script or you can use the "up /sbin/route ..." command in interfaces file. My question why i was asking was because of the different netmask in the additional routes. The above schema does not require them. A Netroute to the LAN and a Hostroute to the Cisco and a default gateway using that host route is everything which is needed. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (OO) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: kernel quota control with LDAP
Although is not part of the Debian's maildrop, the Courier's maildrop has support for ldap and quota support over it, I haven't enough time to give it a try, but I think that it should be a good alternative. -- Regards, Germán -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: kernel quota control with LDAP
On Tue, Jun 04, 2002 at 07:29:49PM -0400, Thedore Knab wrote: > I want to use kernel level quotas with LDAP to simplify adminstration > of my mailserver. > > Can this be done ? No. LDAP would be way too slow for quota queries.. even if someone would come up with a caching daemon, it would still slow down file operations quite a bit. > My account looks like this in LDAP: > > dn: uid=tknab2,ou=mailaccounts,dc=mycoll,dc=edu > ... > mailMessageStore: /var/imap/mycoll/tknab2/Maildir > mailQuota: 2S, 2C > mailbox: tknab2/Maildir/ well, i've been thinking about putting my quotas to LDAP too, i've just been too lazy to write up a small daemon that would grab all the quota entries from the ldap and apply them to the local filesystem.. ofcourse with a few thousand entries it will be a slow process and using modifiedtime (or whatever the name of the attribute was) to determine which entries have been modified since the last update. this way it would be quite simple to keep the quotas in the LDAP database and still utilize the fast local quota store.. Think about it.. Sami -- -< Sami Haahtinen >- -[ Is it still a bug, if we have learned to live with it? ]- -< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
On Wed, Jun 05, 2002 at 11:23:09AM +0200, Davi Leal wrote: > > > iface eth0 inet static > > > address 194.224.7.9 > > > iface eth1 inet static > > > address 194.224.7.10 > > We own a ClassC network, 194.224.7.0. We offer an ISP service here at Spain: > > >Intenet > | > | > Gateway; Cisco: 194.224.7.1 > | > | > | 194.224.7.9 > Firewall > | 194.224.7.10 > | > | > - LAN > | || > 194.224.7.3 194.224.7.210.128.114.2.2 (Radius)etc. 1- your firewall have 2 interfaces in the same subnet. 2- so your firewall dont know where the hosts are. Possible solutions: first one on the cisco: change the ethernet ip to a private one 192.168.1.1 and make a static route to your Class C network throught your firewall eth0 IP (192.168.1.2) on the firewall: eth0 192.168.1.2 eth1 194.226.7.1; 10.128.114.2.1; route add default gw 192.168.1.1 the rest of masquerading for 10.128 your firewall rules... On all your hosts: route add default gw 194.226.7.1 or route add default gw 10.128.114.2.1 where corresponds. Second one: Specially if you can not change the cisco. on the firewall: in this order do eth1 = 194.226.7.9 eth0 = 194.226.7.9 # eth0 and eth1 have the same IP 194.226.7.9 rotue add -host 194.226.7.1 dev eth0 # do the same for all hosts that are connected to eth0 # and the trick is: for i in /proc/sys/net/ipv4/conf/*/proxy_arp do echo 1 > $i done add 10.128.114.2.1 IP to eth1 do the masquerading for 10.128... net add firewall rules. on all hosts: route add default gw 194.226.7.1 or route add default gw 10.128.114.2.1 -- Carlos Barros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
On Wed, Jun 05, 2002 at 01:59:10PM -0300, Carlos Barros wrote: > >Intenet > > | > > | > > Gateway; Cisco: 194.224.7.1 > > | > > | > > | 194.224.7.9 > > Firewall > > | 194.224.7.10 > > | > > | > > - LAN > > | || > > 194.224.7.3 194.224.7.210.128.114.2.2 (Radius)etc. > > > 1- your firewall have 2 interfaces in the same subnet. > 2- so your firewall dont know where the hosts are. It does, it is just ugly. If you have no network rute to the .9 interface it will work. Therefore you have to remove the network route. This can be done with "route del -net 194.224.7.0 netmask 255.255.255.0 dev eth0". To execute this command you can eighter put it in a boot up script or you can use the "up /sbin/route ..." command in interfaces file. My question why i was asking was because of the different netmask in the additional routes. The above schema does not require them. A Netroute to the LAN and a Hostroute to the Cisco and a default gateway using that host route is everything which is needed. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE (OO) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: kernel quota control with LDAP
Although is not part of the Debian's maildrop, the Courier's maildrop has support for ldap and quota support over it, I haven't enough time to give it a try, but I think that it should be a good alternative. -- Regards, Germán -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: kernel quota control with LDAP
On Tue, Jun 04, 2002 at 07:29:49PM -0400, Thedore Knab wrote: > I want to use kernel level quotas with LDAP to simplify adminstration > of my mailserver. > > Can this be done ? No. LDAP would be way too slow for quota queries.. even if someone would come up with a caching daemon, it would still slow down file operations quite a bit. > My account looks like this in LDAP: > > dn: uid=tknab2,ou=mailaccounts,dc=mycoll,dc=edu > ... > mailMessageStore: /var/imap/mycoll/tknab2/Maildir > mailQuota: 2S, 2C > mailbox: tknab2/Maildir/ well, i've been thinking about putting my quotas to LDAP too, i've just been too lazy to write up a small daemon that would grab all the quota entries from the ldap and apply them to the local filesystem.. ofcourse with a few thousand entries it will be a slow process and using modifiedtime (or whatever the name of the attribute was) to determine which entries have been modified since the last update. this way it would be quite simple to keep the quotas in the LDAP database and still utilize the fast local quota store.. Think about it.. Sami -- -< Sami Haahtinen >- -[ Is it still a bug, if we have learned to live with it? ]- -< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
On Wed, Jun 05, 2002 at 11:23:09AM +0200, Davi Leal wrote: > > > iface eth0 inet static > > > address 194.224.7.9 > > > iface eth1 inet static > > > address 194.224.7.10 > > We own a ClassC network, 194.224.7.0. We offer an ISP service here at Spain: > > >Intenet > | > | > Gateway; Cisco: 194.224.7.1 > | > | > | 194.224.7.9 > Firewall > | 194.224.7.10 > | > | > - LAN > | || > 194.224.7.3 194.224.7.210.128.114.2.2 (Radius)etc. 1- your firewall have 2 interfaces in the same subnet. 2- so your firewall dont know where the hosts are. Possible solutions: first one on the cisco: change the ethernet ip to a private one 192.168.1.1 and make a static route to your Class C network throught your firewall eth0 IP (192.168.1.2) on the firewall: eth0 192.168.1.2 eth1 194.226.7.1; 10.128.114.2.1; route add default gw 192.168.1.1 the rest of masquerading for 10.128 your firewall rules... On all your hosts: route add default gw 194.226.7.1 or route add default gw 10.128.114.2.1 where corresponds. Second one: Specially if you can not change the cisco. on the firewall: in this order do eth1 = 194.226.7.9 eth0 = 194.226.7.9 # eth0 and eth1 have the same IP 194.226.7.9 rotue add -host 194.226.7.1 dev eth0 # do the same for all hosts that are connected to eth0 # and the trick is: for i in /proc/sys/net/ipv4/conf/*/proxy_arp do echo 1 > $i done add 10.128.114.2.1 IP to eth1 do the masquerading for 10.128... net add firewall rules. on all hosts: route add default gw 194.226.7.1 or route add default gw 10.128.114.2.1 -- Carlos Barros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
> > iface eth0 inet static > > address 194.224.7.9 > > iface eth1 inet static > > address 194.224.7.10 > > I dont think it is a particular good idea to do it like this with the ip > address. But if you do not have a transit network from your provider, you > can delete the both automatically added routed. I guess at least for eth0 > you must use an netmask of 255.255.255.128? > > Perhaps you should describe how your network is layed out. We own a ClassC network, 194.224.7.0. We offer an ISP service here at Spain: Intenet | | Gateway; Cisco: 194.224.7.1 | | | 194.224.7.9 Firewall | 194.224.7.10 | | - LAN | || 194.224.7.3 194.224.7.210.128.114.2.2 (Radius)etc. 194.224.7.1 Gateway (Cisco 2500) To know the interfaces and routing configuration of the firewall see the previous email. 194.224.7.9 External interface 194.224.7.10 Internal interface See the Radius configuration in the attached files. 194.224.7.2 Radius server 10.128.114.2, 10.128.114.4 194.224.7.3 SMTP, POP3 & DNS servers 194.224.7.4 HTTP, FTP servers >From 194.224.7.129 upto 194.224.7.224 are used by the Radius server; granted to the external clients. >From 194.224.7.1 upto 194.224.7.127 are used to the ISP hosts. It seams (I'm not sure) that our Radius has an external IP granted by our provider (Telefonica, Infovia). I don't understand this point, so I use the 'mimic' strategy to install the new firewall. up route add 10.128.114.2 dev eth1 up route add 10.128.114.4 dev eth1 P.S.: And yes, I have echo 1 > /proc/sys/net/ipv4/ip_forward 1.- boot 2.- cat shows 0 3.- echo 1 > /proc/sys/net/ipv4/ip_forward 4.- /etc/init.d/networking restart 5.- cat shows 1 6.- Test problem: ping from the firewall host work ok, both to outside and to internal network. The ping from the internal network to the external network (Internet) doesn't work. However the ping from the internal network to both firewall interfaces works rightly. Could this be caused by the two additional lines of routing?: (See previous email) 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 Newbie question: Is there any utility to debug the IP trafic in the firewall?. Why is the ping from inside to outside not forwarded?. I use ping & traceroute. Regards, Davi Leal loLink encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:327529 errors:0 dropped:0 overruns:0 frame:0 TX packets:327529 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 eth0 Link encap:Ethernet HWaddr 00:10:4B:B0:2E:C3 inet addr:194.224.7.2 Bcast:194.224.7.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9585187 errors:1255 dropped:0 overruns:0 frame:1137 TX packets:3388072 errors:0 dropped:0 overruns:0 carrier:216 collisions:124794 Interrupt:10 Base address:0xb800 eth0:0Link encap:Ethernet HWaddr 00:10:4B:B0:2E:C3 inet addr:10.128.114.2 Mask:255.0.0.0 UP RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 eth0:1Link encap:Ethernet HWaddr 00:10:4B:B0:2E:C3 inet addr:194.224.7.6 Mask:255.255.255.0 UP RUNNING MTU:1500 Metric:1 RX packets:1 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 ./rc.d/init.d/routes:route add -net 10.128.114.0 netmask 255.255.255.240 dev eth0:0 ./rc.d/init.d/routes:route add -net 10.128.0.0 netmask 255.128.0.0 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -net 10.0.0.0 netmask 255.128.0.0 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.1 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.97 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.193.1 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.223.1 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.33 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.49 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.65 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.81 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -net 194.224.7.128 netmask 255.255.255.192 gw 194.224.7.1 dev eth0 ./rc.d/init.d/routes:route add -net 194.224.7.192 netmask 255.255.255.192 gw 194.224.7.1 dev eth0 ./rc.
Kernel rebooting
Hello... I've asked this question last week, and I hope that now, some of you can help me. I've compiled the 2.4.18 kernel on my Celeron (Covington) with a Intel 440LX/EX with two ethernet adapters (one RTL8139 and one RTL8029), and I have the following problem: When booting, after detecting the hard disks (I suppose prior to configuring the IDE or the network adapters, I don't know), the computer suddenly reboots. Why is that ? I want to mention that the same kernel compiled and ran without problems on an Intel 133MHz with two RTL8139 NICs. I had these problems no matter what kernel I was compiling, from 2.4.13 to 2.4.18. What could be the problem ? A guy here said he had the same problem, but he managed to make it work by compiling the NAT as modules. I was compiling them in the kernel. Could that be the problem ? Must I set those "Use PIO insted of MMIO" option in kernel config ? Could that be the root of all evil ? :) Hope you can help me. Thanks a lot in advance Alexandru Stefan-Voicu, Digital Design Group server administrator. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
> > iface eth0 inet static > > address 194.224.7.9 > > iface eth1 inet static > > address 194.224.7.10 > > I dont think it is a particular good idea to do it like this with the ip > address. But if you do not have a transit network from your provider, you > can delete the both automatically added routed. I guess at least for eth0 > you must use an netmask of 255.255.255.128? > > Perhaps you should describe how your network is layed out. We own a ClassC network, 194.224.7.0. We offer an ISP service here at Spain: Intenet | | Gateway; Cisco: 194.224.7.1 | | | 194.224.7.9 Firewall | 194.224.7.10 | | - LAN | || 194.224.7.3 194.224.7.210.128.114.2.2 (Radius)etc. 194.224.7.1 Gateway (Cisco 2500) To know the interfaces and routing configuration of the firewall see the previous email. 194.224.7.9 External interface 194.224.7.10 Internal interface See the Radius configuration in the attached files. 194.224.7.2 Radius server 10.128.114.2, 10.128.114.4 194.224.7.3 SMTP, POP3 & DNS servers 194.224.7.4 HTTP, FTP servers >From 194.224.7.129 upto 194.224.7.224 are used by the Radius server; granted to the external clients. >From 194.224.7.1 upto 194.224.7.127 are used to the ISP hosts. It seams (I'm not sure) that our Radius has an external IP granted by our provider (Telefonica, Infovia). I don't understand this point, so I use the 'mimic' strategy to install the new firewall. up route add 10.128.114.2 dev eth1 up route add 10.128.114.4 dev eth1 P.S.: And yes, I have echo 1 > /proc/sys/net/ipv4/ip_forward 1.- boot 2.- cat shows 0 3.- echo 1 > /proc/sys/net/ipv4/ip_forward 4.- /etc/init.d/networking restart 5.- cat shows 1 6.- Test problem: ping from the firewall host work ok, both to outside and to internal network. The ping from the internal network to the external network (Internet) doesn't work. However the ping from the internal network to both firewall interfaces works rightly. Could this be caused by the two additional lines of routing?: (See previous email) 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 Newbie question: Is there any utility to debug the IP trafic in the firewall?. Why is the ping from inside to outside not forwarded?. I use ping & traceroute. Regards, Davi Leal loLink encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:327529 errors:0 dropped:0 overruns:0 frame:0 TX packets:327529 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 eth0 Link encap:Ethernet HWaddr 00:10:4B:B0:2E:C3 inet addr:194.224.7.2 Bcast:194.224.7.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9585187 errors:1255 dropped:0 overruns:0 frame:1137 TX packets:3388072 errors:0 dropped:0 overruns:0 carrier:216 collisions:124794 Interrupt:10 Base address:0xb800 eth0:0Link encap:Ethernet HWaddr 00:10:4B:B0:2E:C3 inet addr:10.128.114.2 Mask:255.0.0.0 UP RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 eth0:1Link encap:Ethernet HWaddr 00:10:4B:B0:2E:C3 inet addr:194.224.7.6 Mask:255.255.255.0 UP RUNNING MTU:1500 Metric:1 RX packets:1 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 ./rc.d/init.d/routes:route add -net 10.128.114.0 netmask 255.255.255.240 dev eth0:0 ./rc.d/init.d/routes:route add -net 10.128.0.0 netmask 255.128.0.0 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -net 10.0.0.0 netmask 255.128.0.0 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.1 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.97 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.193.1 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.223.1 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.33 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.49 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.65 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -host 172.16.192.81 gw 10.128.114.1 dev eth0:0 ./rc.d/init.d/routes:route add -net 194.224.7.128 netmask 255.255.255.192 gw 194.224.7.1 dev eth0 ./rc.d/init.d/routes:route add -net 194.224.7.192 netmask 255.255.255.192 gw 194.224.7.1 dev eth0 .
Kernel rebooting
Hello... I've asked this question last week, and I hope that now, some of you can help me. I've compiled the 2.4.18 kernel on my Celeron (Covington) with a Intel 440LX/EX with two ethernet adapters (one RTL8139 and one RTL8029), and I have the following problem: When booting, after detecting the hard disks (I suppose prior to configuring the IDE or the network adapters, I don't know), the computer suddenly reboots. Why is that ? I want to mention that the same kernel compiled and ran without problems on an Intel 133MHz with two RTL8139 NICs. I had these problems no matter what kernel I was compiling, from 2.4.13 to 2.4.18. What could be the problem ? A guy here said he had the same problem, but he managed to make it work by compiling the NAT as modules. I was compiling them in the kernel. Could that be the problem ? Must I set those "Use PIO insted of MMIO" option in kernel config ? Could that be the root of all evil ? :) Hope you can help me. Thanks a lot in advance Alexandru Stefan-Voicu, Digital Design Group server administrator. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
Do you have IP forwarding turned on? echo 1 > /proc/sys/net/ipv4/ip_forward At 15:46 4/06/2002 +0200, Davi Leal wrote: Hi there, We have an ISP: email, web, ftp, dns and radius servers. I'm trying to replace an old firewall (2.0.x kernel) with a new one (2.4.18 kernel). I am using the 'mimic' strategy, that is to say, getting the same routing table, ... etc. *The problem*: The current "new firewall" configuration can not forward any package. Note that iptables is stopped and all policy (INPUT, OUTPUT & FORWARD) are set to ACCEPT. I think it is because of the routing table. I have eth0 and eth1. With the below /etc/network/interfaces' file I get two lines in the router table. Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 gateway 194.224.7.1 auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 Adding some routing rules to the previous 'interfaces' file (see attached file), to mimic the old firewall routing table I get the below: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.128.114.20.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.1 0.0.0.0 255.255.255.255 UH0 00 eth0 10.128.114.40.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.9 0.0.0.0 255.255.255.255 UH0 00 eth0 194.224.7.900.0.0.0 255.255.255.255 UH0 00 eth0 127.0.0.1 0.0.0.0 255.255.255.255 UH0 00 lo 194.224.7.0 0.0.0.0 255.255.255.128 U 0 00 eth1 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth0 <--- 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth1 <--- 0.0.0.0 194.224.7.1 0.0.0.0 UG0 00 eth0 In the old system I have the same but without these two lines below. Is this the cause of the system not forwarding any package?. How could modigy the 'interfaces' file to remove these two lines?. See attached the '/etc/network/interfaces '. 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 Regards, Davi Leal -- # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback up route add 127.0.0.1 dev lo # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) # eth0 goes to outside (Internet) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # Default route to Internet via eth0 gateway 194.224.7.1 # Route to go to the Cisco 194.224.7.1 via eth0 up route add 194.224.7.1 dev eth0 # Route to go to Tunels Server 194.224.7.90 via eth0 up route add 194.224.7.90 dev eth0 # Route to go to internal firewall network card up route add 194.224.7.9 dev eth0 # eth1 goes to the internal network auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # gateway 194.224.7.1 # Route to 194.224.7.0/128 via eth1 up route add -net 194.224.7.0 netmask 255.255.255.128 dev eth1 # Route to Radius server via eth1 up route add 10.128.114.2 dev eth1 # Route to 'Telefonica Infovia' via eth1 up route add 10.128.114.4 dev eth1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]