Hi suse-linux-e folks, I read the last thread about routing but it does not seem to contain the answer to my problem. I am setting up a fw/router. It runs on a NForce2 based mb with 8.2 standard athlon kernel. It three NICS with static IPs eth0 10.0.0.1 (255.0.0.0) eth1 192.168.1.1 (255.255.255.0) eth2 192.168.2.1 (255.255.255.0) The eth0 is connected via a crossover cable to an ADSL modem and provides connection by PPPoE to the upstream ISP which provides me with a fixed IP. Interface eth1 is intended for the local network Interface eth2 is intended for the DMZ I enabled IP forwarding for both IPv4 and IPv6.
From my fw/router, I have the following routing tables and connection status
hotel:~ # adsl-status adsl-status: Link is up and running on interface ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:213.41.132.65 P-t-P:62.4.16.247 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:1709537 errors:0 dropped:0 overruns:0 frame:0 TX packets:877788 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:2473788663 (2359.1 Mb) TX bytes:47091795 (44.9 Mb) hotel:~ # ip route show 62.4.16.247 dev ppp0 proto kernel scope link src 213.41.132.65 10.0.0.0/24 via 10.0.0.137 dev eth0 192.168.2.0/24 via 192.168.2.1 dev eth2 192.168.1.0/24 via 192.168.1.1 dev eth1 default via 62.4.16.247 dev ppp0
From my server in DMZ (192.168.2.5), I have :
echo:~ # ip route show 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.5 default via 192.168.2.1 dev eth0 (Server echo is a dual Athlon with an AMD760MP chipset) NICs are e muix of RTL81399 and VIA-Rhine III based cards. Problems : 1- I cannot establish any connection from the DMZ machine to the outter net. Packets are neither droppedor rejected by the firewall (rules to ACCEPT outgoing connections and NATing incoming ones have been set) when it is started. Anyway, the same occurs when it is stopped. 2 - Establishing cnnections between hotel and echo are slow. For instance a ssh password prompt may ask up to 10 seconds after command launch. NB: I do not use Suse firewall but Shorewall (http://www.shorewall.net), but IMHO Shorewall is not to be blamed. I already successfully setup a fw/router using Shorewall and Suse 8.0 a year ago without any trouble. I removed references to start_firewall in /etc/ppp/ip-up but without any results. I also checked IP forwarding was correctly set in the relevant files under /proc. What am I missing ? APIC ? kernel flaws ? Hardware flaws ? I would prefer to keep Suse on my fw rather than trying yet another distro (like Debian) that I will have to manage Regards J6M
Hello,
The eth0 is connected via a crossover cable to an ADSL modem and provides connection by PPPoE to the upstream ISP which provides me with a fixed IP.
Is this your trouble? My ASDL router, Alcatel SpeedTouch 530 comes with a standard cable to plug into a hub. Try the cable that came with the modem or a card-to-hub type. Another gotcha: Crossover cable has to matched to the type of ethernet used. There are apparently two types. I had cable that connected two recent (late 2001 vintage Realtek 8139 cards perfectly. When I tried to use two older 3com cards, the cable did not work. Hope this helps Basil Fowler
You may have seen the thread started by me over a similar sort of routing problem about a week to ten days ago. That may help. Hopefully the thread is archived. One extra tip that may help, it certainly helped me when when for some obsure reason I could only receive certain BBC streams on-line and not others. Set your firewall to log all dropped packets. Look in /var/log/messages for lines with DROP. This will provide very valuable clues. Use 'ping' to check that the internal connections are up. If you can't ping your modem, you will get no further either literally or metaphorically. The address for Alcatel modems is 10.0.0.138. I have a backup dialup account on ppp0. I have found that if I activated the ppp0 interface, and then disconnected, connection to Alcatel through eth0 could not be reestablished. Worse still, only a complete power-down restored the system (SuSE 8.0). From now on, I will ensure that the network is completely shut down before the dialup is activated. This is not a real problem, because the system is intended for emergency use. As it a pay-as-you-go account I must activate it regularly, but this can be done through a cron script timed to run in slack period - in my case lunchtime. Hope this helps Basil Fowler
Quoting Basil Fowler
You may have seen the thread started by me over a similar sort of routing problem about a week to ten days ago. That may help. Hopefully the thread
is archived.
I read it thoroughly.
One extra tip that may help, it certainly helped me when when for some obsure
reason I could only receive certain BBC streams on-line and not others.
Set your firewall to log all dropped packets. Look in /var/log/messages for
lines with DROP. This will provide very valuable clues.
This is no firewall rules issue. Even when the firewall is down there is nothing in /var/log/messages
Use 'ping' to check that the internal connections are up. If you can't ping
your modem, you will get no further either literally or metaphorically.
The address for Alcatel modems is 10.0.0.138.
When the firewall is up, I cannot ping any thing but that is normal as the fxw blocks ICMP requests. I use PPPoE, so my regular outter world interface is ppp0. The connection runs fine, otherwise I could not use the Webmail I am currently relyin on to send this message.
I have a backup dialup account on ppp0. I have found that if I activated the
Regards J6M
participants (2)
-
Basil Fowler
-
j6m@adm.estp.fr