Re: [Vyatta-users] I feel very 'lost' forgotten
Also the next-hop is in a different subnet than the ethernet interface.
Look at the third octet.
John Gong wrote:
Hi Keith,
After a quick glance, I see that your default route needs to be corrected:
delete protocols static route 0.0.0.0/24
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
Give that a try and please let us know if it worked.
Regards,
John
Keith Steensma wrote:
I have been trying to get VC3 to work as a firewall in our office (and
I have monitoring the mailing list for some months) but have come up
against a problem that I can't figure out. The 'production' VC3 (by
following the Vyatta Eval Guide exactly) does not communicate out on the
web (no matter what I try to do). Finally, I went back to the training
video on 'Vyatta Routing Basics' and followed along with that video
(step by single step). That does not work either. I can't ping the
internet.
The situation is -
I have an online web server (a Debian box handling 4 web sites) attached
(through a switch) to a Comcast (SMC 8014) business gateway (that's what
they call it; I call it a modem/firewall/router) that supplies the
office with 5 static incoming IPs and 1 outgoing IP. I have other
Windows (wired and wireless) and Linux systems attached through a 16
port (unmanaged) switch (same as above). All the Windows and Linux
boxes work just fine except for the Vyatta box.
Doing it 'by the video', I configure eth1 (of the VC3 box) for a static
IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC
router), and setup a dns entry pointing at our dns server
(192.168.1.253), Vyatta cannot ping the internet. It can ping every
other box on the 192.168.0.0 network (including the gateway @ IP of
192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address
or a http name, it returns 'Network is unreachable'. When I 'dig
host.internal.lan' (an internal name) or 'dig www.google.com', I get the
correct results (dns is working?). When I ping (or browse the web) from
any other machine, everything works fine.
The problem seems to be in the Comcast gateway but I don't see anything
wrong anywhere.
Here's the basic setup config (eth0 would go to a separate subnet
eventually).
Keith Steensma
protocols {
static {
disable: false
route 0.0.0.0/24 {
next-hop: 192.168.1.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
}
ethernet eth0 {
disable: false
discard: false
description:
hw-id: 00:50:04:ae:70:26
duplex: auto
speed: auto
address 192.168.0.150 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description:
hw-id: 00:48:54:8a:63:00
duplex: auto
speed: auto
address 192.168.1.150 {
prefix-length: 24
disable: false
}
}
}
service {
ssh {
port: 22
protocol-version: v2
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I feel very 'lost' forgotten
Nevermind.
I apparently blacked out and didn't see the other ethernet interface.
Ignore that post.
Keith Steensma wrote:
Third octet of 192.168.1.1? It does work as planed with John's
correction. Did I miss something else? Keith
Wink wrote:
Also the next-hop is in a different subnet than the ethernet
interface. Look at the third octet.
John Gong wrote:
Hi Keith,
After a quick glance, I see that your default route needs to be
corrected:
delete protocols static route 0.0.0.0/24
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
Give that a try and please let us know if it worked.
Regards,
John
Keith Steensma wrote:
I have been trying to get VC3 to work as a firewall in our office
(and I have monitoring the mailing list for some months) but have
come up against a problem that I can't figure out. The
'production' VC3 (by following the Vyatta Eval Guide exactly) does
not communicate out on the web (no matter what I try to do).
Finally, I went back to the training video on 'Vyatta Routing
Basics' and followed along with that video (step by single step).
That does not work either. I can't ping the internet.
The situation is -
I have an online web server (a Debian box handling 4 web sites)
attached (through a switch) to a Comcast (SMC 8014) business
gateway (that's what they call it; I call it a
modem/firewall/router) that supplies the office with 5 static
incoming IPs and 1 outgoing IP. I have other Windows (wired and
wireless) and Linux systems attached through a 16 port (unmanaged)
switch (same as above). All the Windows and Linux boxes work just
fine except for the Vyatta box.
Doing it 'by the video', I configure eth1 (of the VC3 box) for a
static IP (192.168.1.150/24), designate the next-hop to be
192.168.1.1 (the SMC router), and setup a dns entry pointing at our
dns server (192.168.1.253), Vyatta cannot ping the internet. It can
ping every other box on the 192.168.0.0 network (including the
gateway @ IP of 192.168.1.1). If I ping (from the Vyatta vox) to
Google as a IP address or a http name, it returns 'Network is
unreachable'. When I 'dig host.internal.lan' (an internal name) or
'dig www.google.com', I get the correct results (dns is working?).
When I ping (or browse the web) from any other machine, everything
works fine.
The problem seems to be in the Comcast gateway but I don't see
anything wrong anywhere.
Here's the basic setup config (eth0 would go to a separate subnet
eventually).
Keith Steensma
protocols {
static {
disable: false
route 0.0.0.0/24 {
next-hop: 192.168.1.1
metric: 1
}
}
}
policy {
}
interfaces {
restore: false
loopback lo {
description:
}
ethernet eth0 {
disable: false
discard: false
description:
hw-id: 00:50:04:ae:70:26
duplex: auto
speed: auto
address 192.168.0.150 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description:
hw-id: 00:48:54:8a:63:00
duplex: auto
speed: auto
address 192.168.1.150 {
prefix-length: 24
disable: false
}
}
}
service {
ssh {
port: 22
protocol-version: v2
}
webgui {
http-port: 80
https-port: 443
}
}
firewall {
log-martians: enable
send-redirects: disable
receive-redirects: disable
ip-src-route: disable
broadcast-ping: disable
syn-cookies: enable
}
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] jdocs anything like this for vyatta
JDocs are man-pages for commands. There are also general technical tutorials available. Its like having a book about JunOS available on the router. Justin Fletcher wrote: Not sure what like this means, but there's full documentation available at vyatta.com, and on-line CLI help; just use the '?' key. Best, Justin On Jan 2, 2008 2:55 PM, Ken Felix (C) [EMAIL PROTECTED] wrote: Do we have any future support for something similar in vyatta? Cli online help. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
