/proc/sys/net/ipv4/ip_forward perhaps. IOW, have you got forwarding
enabled on the firewall.
--
Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>
On Tue, 24 Oct 2000, Marshall, Joshua wrote:
> Hi,
>
> I'm having weird happenings on my firewall.
>
> I have two ethernet connections, with this setup:
>
> 10.10.10.x LAN
> |
> 10.10.10.4 (eth0)
> Firewall
> 10.0.5.6 (eth1)
> |
> 10.0.5.10
> WAN
> 10.0.5.9
> |
> 10.0.5.5
> Firewall 2
> 10.0.1.x
> |
> 10.0.1.x LAN
>
> The problem I'm having is forwarding data between the 10.0.5.6 eth1 to
> the 10.10.10.x eth0. Packets are working fine for the rest of the
> system.
>
> On the firewall machine, I can successfully ping anything, anywhere.
>
> The 10.10.10.x LAN cannot ping the system past 10.0.5.6 (which is
> firewall) - every second packet is being dropped, no matter what the
> size.
>
> The 10.0.1.x LAN can ping to 10.0.5.6 also, but cannot ping past it.
>
> The routing tables on the firewall say that the 10.0.5.x subnet is on
> eth1, as is the 10.0.1.x subnet. I can ping these from the firewall so
> that is working fine.
>
> The routing tables on the firewall say that the 10.10.10.x subnet is on
> eth0. I can ping these from the firewall also so that is working fine.
>
> The ipchains rules (in, out, forward) accept the 10.x.x.x subnet on both
> eth0 and eth1. These shouldn't be affecting it as half of the packets
> get out. At least, the in and out are working fine - the forward one
> isn't anything spectacular (accept 10.x.x.x on device eth0 or eth1)
>
> For those interested, I need to have ipchains there as I have other
> interfaces on this machine (three PPP dialups) that need firewalling.
>
> Is there anything I've overlooked? This one is getting me beat.
>
> Josh.
>
>
>
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug