charlescurley at charlescurley.com
Fri Feb 24 09:57:56 MST 2006
On Fri, Feb 24, 2006 at 09:10:20AM -0700, Jeff Nyman wrote:
> I have been fighting this for a few months and can't resolve it so I thought
> I would come to the experts.
> First my set up-
> Utopia with xmission as the ISP
> 4 linux boxes and 2 windows boxes on the internal network with a smoothwall
> router/firewall/DHCP server
> int. network - smoothwall - linksys router - utopia box
Why is there a router between the firewall (smoothwall) and the
outside world? Your firewall should be multi-homed (multiple Ethernet
cards), and the outside world connection go directly to the broadband
(utopia) box. What do you need the router for?
I take it the internal network consists of the 6 computers and a hub
or switch, and the firewall also connects to the hub or switch. I also
take it that the hub or switch does no routing, that all 7 machines
are on the same network (e.g. 192.168.1.0/24).
> The linux boxes (Fedora 4) can never seem to find the internet. They can
> ping each other and the windows boxes but for some reason can't ping the
> smoothwall box. The windows boxes can ping everything. But, if I ping my
> static IP which is on the linksys router outside the smoothwall that works
> and then I have internet access. But if they sit for a while they seem to
> forget about it and not work again. I have set static routes, turned off
> IPV6 and tried fedora 3 and open suse 10 with the same results. The windows
> boxes never have a problem.
> Any ideas?
You don't say whether you are addressing the various boxes by host
name or IP address. If the former, you could have a domain name
resolution problem, so try it by IP address. If that works and host
name lookup still fails, you have a domain name resolution problem.
I suspect a routing problem. I have Fedora Core 4 on my network, so
you should see just about what I see:
[root at dragon ~]# ifconfig
eth1 Link encap:Ethernet HWaddr 00:13:CE:70:53:C8
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:ceff:fe70:53c8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19756 errors:0 dropped:0 overruns:0 frame:0
TX packets:16341 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:6452598 (6.1 MiB) TX bytes:2014515 (1.9 MiB)
Interrupt:11 Base address:0xe000 Memory:c0204000-c0204fff
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:76 errors:0 dropped:0 overruns:0 frame:0
TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:23243 (22.6 KiB) TX bytes:23243 (22.6 KiB)
[root at dragon ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.23 0.0.0.0 UG 0 0 0 eth1
The first entry in my routing table is for my local network,
192.168.1.0/24, a class C private network, which I use behind a
The last route is the gateway route, to the outside world. It should
forward to your firewall. My firewall is at 192.168.1.23. The
firewall's other IP address is assigned by the ISP's DHCP server.
The order of entries in the routing table is significant, so not only
should you see the same entries, but they should be in the same order.
You will notice that I have eth1 but not eth0. This machine has both
Ethernet and wireless, and is running just the wireless, eth1. That
should be transparent to you. Check to see that your Ethernet cards
look more or less like mine.
IPv6 should be irrelevant to you. I have it enabled, but don't use
it. I'm too lazy to track down how to get rid of it. You should not
need to set any static routes by hand. Let DHCP set the one route to
the outside world.
Also, Windows has a command line route command; play with that until
you see output similar to mine above. That should give you the numbers
you need to fill in the blanks on your Linux boxen.
You are running a DHCP server. Good. Each machine should have a
different IP address. Sorry if I am restating the obvious, but
sometimes doing so gives one a clue. The firewall MUST have a fixed
address so that the other machines can use that IP address in their
Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20060224/c028eaae/attachment.bin
More information about the PLUG