| View previous topic :: View next topic |
| Author |
Message |
joePRL
n00b
Joined: 26 Jul 2004
Posts: 45
|
 Posted: Wed Sep 14, 2005 7:17 pm Post subject: no connectivity for clent machines but gateway works |
 |
|
Hello Everyone:
I'm working on a new server adding wireless connectivity WITHOUT having the wired and the wireless networks seeing each other. So the new firewall has 3 NICs. One for the external gateway (eth0), one for our wired LAN (eth1) and one for our
wireless LAN (eth2).
Our old firewall is running Gentoo with kernel 2.4.27 and the new firewall has kernel 2.6.12. Both use gentoo-sources.
I can't get our new firewall to allow our internal clients to surf the 'net although named and dhcp work.
I first thought that my firewall was doing something wrong, so to simplify task I used the firewall which I know works (i.e. from our old, functional firewall) although it is doesn't do anything about wireless.
Here's what happened.
New firewall started up with no complaints. All interfaces came up with the proper numbers
eg.
Starting eth1
Bringing up eth1
192.168.0.214 [ok]
named and dhcp were started manually and responses were [ok]
Turn on firewall manually:
./firewall-temporary
no complaints
Ping google from new-firewall, no response. But this was expected.
I have to give the following command:
"route add default eth0"
Ping google from new-firewall, success. Lynx connects to MIT too.
Go to a client machine, release the dhcp lease, renew it. Success.
Client can NOT access internet.
Client can access our mail server via internal ip.
Client can NOT access new-firewall's internal interface (192.168.0.214).
192.168.0.214 is supposed to up and is plugged into the hub with a cable that I proved works earlier.
Plus, the cable must work if a client machine get obtain a lease from the dhcp server.
So what's not happening?
Here's my configuration file for the interfaces:
NOTE: the external ip was changed for security, there is a real number in the actual file.
| Code: |
# /etc/conf.d/net:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/conf.d/net,v 1.7 2002/11/18
19:39:22 azarah Exp $
# Global config file for net.* rc-scripts
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_eth2="192.168.1.214 broadcast 192.168.1.255 netmask 255.255.255.0"
iface_eth1="192.168.0.214 broadcast 192.168.0.255 netmask 255.255.255.0"
iface_eth0="xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx netmask 255.255.255.248"
# For adding aliases to a interface
#Doing this to get webserver working
alias_eth0="xxx.xxx.xxx.yyy"
broadcast_eth0="xxx.xxx.xxx.xxx"
netmask_eth0="255.255.255.248"
# For setting the default gateway
#
gateway="eth0"
|
Any troubleshooting recommendations would really be appreciated?
Joe |
|
| Back to top |
|
 |
Ph0eniX
Guru
Joined: 24 Sep 2004
Posts: 502
Location: New York, U.S.
|
| Posted: Wed Sep 14, 2005 7:23 pm Post subject: Re: no connectivity for clent machines but gateway works |
|
|
| joePRL wrote: | Hello Everyone:
I'm working on a new server adding wireless connectivity WITHOUT having the wired and the wireless networks seeing each other. So the new firewall has 3 NICs. One for the external gateway (eth0), one for our wired LAN (eth1) and one for our
wireless LAN (eth2).
Our old firewall is running Gentoo with kernel 2.4.27 and the new firewall has kernel 2.6.12. Both use gentoo-sources.
I can't get our new firewall to allow our internal clients to surf the 'net although named and dhcp work.
I first thought that my firewall was doing something wrong, so to simplify task I used the firewall which I know works (i.e. from our old, functional firewall) although it is doesn't do anything about wireless.
Here's what happened.
New firewall started up with no complaints. All interfaces came up with the proper numbers
eg.
Starting eth1
Bringing up eth1
192.168.0.214 [ok]
named and dhcp were started manually and responses were [ok]
Turn on firewall manually:
./firewall-temporary
no complaints
Ping google from new-firewall, no response. But this was expected.
I have to give the following command:
"route add default eth0"
Ping google from new-firewall, success. Lynx connects to MIT too.
Go to a client machine, release the dhcp lease, renew it. Success.
Client can NOT access internet.
Client can access our mail server via internal ip.
Client can NOT access new-firewall's internal interface (192.168.0.214).
192.168.0.214 is supposed to up and is plugged into the hub with a cable that I proved works earlier.
Plus, the cable must work if a client machine get obtain a lease from the dhcp server.
So what's not happening?
Here's my configuration file for the interfaces:
NOTE: the external ip was changed for security, there is a real number in the actual file.
| Code: |
# /etc/conf.d/net:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/conf.d/net,v 1.7 2002/11/18
19:39:22 azarah Exp $
# Global config file for net.* rc-scripts
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_eth2="192.168.1.214 broadcast 192.168.1.255 netmask 255.255.255.0"
iface_eth1="192.168.0.214 broadcast 192.168.0.255 netmask 255.255.255.0"
iface_eth0="xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx netmask 255.255.255.248"
# For adding aliases to a interface
#Doing this to get webserver working
alias_eth0="xxx.xxx.xxx.yyy"
broadcast_eth0="xxx.xxx.xxx.xxx"
netmask_eth0="255.255.255.248"
# For setting the default gateway
#
gateway="eth0"
|
Any troubleshooting recommendations would really be appreciated?
Joe |
What subnet are your DHCP addresses on? ...I'm assuming 192.168.0.0/24[?] |
|
| Back to top |
|
|
joePRL
n00b
Joined: 26 Jul 2004
Posts: 45
|
| Posted: Wed Sep 14, 2005 7:41 pm Post subject: |
|
|
That's my intention. The following code segment comes from /etc/dhcp/dhcpd.conf:
| Code: |
# This is a basic subnet declaration for the wired LAN
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.140 192.168.0.190;
option routers 192.168.0.214;
|
Should it also be in /etc/conf.d/net? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
