Hi suse-linux-e folks, I read the last thread about routing but it does not seem to contain the answer to my problem. I am setting up a fw/router. It runs on a NForce2 based mb with 8.2 standard athlon kernel. It three NICS with static IPs eth0 10.0.0.1 (255.0.0.0) eth1 192.168.1.1 (255.255.255.0) eth2 192.168.2.1 (255.255.255.0) The eth0 is connected via a crossover cable to an ADSL modem and provides connection by PPPoE to the upstream ISP which provides me with a fixed IP. Interface eth1 is intended for the local network Interface eth2 is intended for the DMZ I enabled IP forwarding for both IPv4 and IPv6.
From my fw/router, I have the following routing tables and connection status
hotel:~ # adsl-status adsl-status: Link is up and running on interface ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:213.41.132.65 P-t-P:62.4.16.247 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:1709537 errors:0 dropped:0 overruns:0 frame:0 TX packets:877788 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:2473788663 (2359.1 Mb) TX bytes:47091795 (44.9 Mb) hotel:~ # ip route show 62.4.16.247 dev ppp0 proto kernel scope link src 213.41.132.65 10.0.0.0/24 via 10.0.0.137 dev eth0 192.168.2.0/24 via 192.168.2.1 dev eth2 192.168.1.0/24 via 192.168.1.1 dev eth1 default via 62.4.16.247 dev ppp0
From my server in DMZ (192.168.2.5), I have :
echo:~ # ip route show 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.5 default via 192.168.2.1 dev eth0 (Server echo is a dual Athlon with an AMD760MP chipset) NICs are e muix of RTL81399 and VIA-Rhine III based cards. Problems : 1- I cannot establish any connection from the DMZ machine to the outter net. Packets are neither droppedor rejected by the firewall (rules to ACCEPT outgoing connections and NATing incoming ones have been set) when it is started. Anyway, the same occurs when it is stopped. 2 - Establishing cnnections between hotel and echo are slow. For instance a ssh password prompt may ask up to 10 seconds after command launch. NB: I do not use Suse firewall but Shorewall (http://www.shorewall.net), but IMHO Shorewall is not to be blamed. I already successfully setup a fw/router using Shorewall and Suse 8.0 a year ago without any trouble. I removed references to start_firewall in /etc/ppp/ip-up but without any results. I also checked IP forwarding was correctly set in the relevant files under /proc. What am I missing ? APIC ? kernel flaws ? Hardware flaws ? I would prefer to keep Suse on my fw rather than trying yet another distro (like Debian) that I will have to manage Regards J6M