I recently changed my internet provider and wireless AP, now the DMZ cannot access the internet.

My Setup:
Wireless LAN - Wireless AP (D-Link Dir-655) - Linux Server - AT&T Modem - Internet

Everything worked properly before the setup and no changes have been made on the Linux Server/Firewall(shorewall).

My LAN can access the internet and the firewall but the firewall cannot access the internet. The only problem That I know of is that my LAN is on 192.168.0.* and the internal NIC of the Linux Server is 192.168.1.1 but since my LAN can access the internet (that goes through the Linux Server) it just seems odd why the server cannot.

Any suggestions you have is appreciated.

Answer - you have too many NATs

0 members found this post helpful.

nimnull22, do you mean that you think double NAT-ing is causing the problem? -- Please explain why.

I have had a double NAT-ed, production, WiFi LAN in place for 6 months w/ no trouble.


TheGNUbie,

1. Where in the diagram is your DMZ?
   1. Off the Linux Server/Firewall(shorewall)
   2. Off the Wireless AP (D-Link Dir-655)?
   3. Elsewhere?
2. What did you [have to] change when you made the ISP switch?
3. Who was your previous ISP?

Ok, lets see.
1. Internet.
2. AT&T Modem - is it route, or router/switch, or bridge. How do you get IP from it? How many ports does it have?

0 members found this post helpful.

@archtoad6,

1. Where in the diagram is your DMZ? ok I guess there isnt a DMZ
2. What did you [have to] change when you made the ISP switch? Almost nothing... once I got access to the internet, I just plugged the modem into the server, modified my interfaces file (see below) and it worked.
3. Who was your previous ISP? Local cable provider (outsourced from charter)

@nimnull22,
AT&T modem is a single port.
http://www.att.com/equipment/accesso...urer=&q_model=

Thanks guys.

So it is a bridge, but it understands LAN and its mask, so please log into it and check what LAN network is assigned.

And you did not answer: how does Linux Server get IP address?

NO, it's NOT a bridge. It's a fairly std. aDSL modem w/ a built-in router, but no switch.

from http://www.att.com/equipment/accesso...rer=&q_model=:
from http://www.dslreports.com/forum/r228...em-Model-2210:
The reference to DHCP explicitly answers where the LAN IP address assignments are, or should be, coming from (remember, this is AT&T we/he are dealing w/ here).

If it matters, the reference to Texas tells us that the WAN IP is obtained through PPPoE.

How did you find that Server or/and Firewall can't access to internet?

TheGNUbie,

I assume that the "Linux Server/Firewall(shorewall)" DID connect to the 'Net under your previous ISP? -- Please confirm, just for my peace of mind .

Do you still have the old copy of the interfaces file you provided above? I suspect the changes to it may be the root of your problem.


BTW, If your LAN is connecting ok, what does it matter if the Firewall doesn't connect? Perhaps that's more secure.


OTOH, you may want to figure out what's going on. Consider my drawing of your networks:
Each of the #'s, 1-6, represents a interface & it's IP address.
If you consider a "LAN" to be the hosts served by a DHCP server or any home subnet, then there are 4 "LAN's" here:

1. the modem's LAN -- consisting of it & the Firewall's WAN port,
2. the Firewall's LAN -- consisting of it & the DIR-655's WAN port,
3. the DIR-655's WiFi cloud,
4. the DIR-655's wired ports (4).

They may not be needed to solve your problem, but we still don't know the values of m, q, s, & n.


D-Link DIR-655 info.
http://www.dlink.com/products/?pid=530
http://i.i.com.com/cnwk.1d/sc/321450...overview-1.gif
http://i.i.com.com/cnwk.1d/sc/321450...40-front-2.gif
http://i.i.com.com/cnwk.1d/sc/32145084-2-440-side-3.gif
http://i.i.com.com/cnwk.1d/sc/32145084-2-440-back-4.gif
ftp://ftp10.dlink.com/pdfs/products/...DIR-655_ds.pdf

The WAN IP is obtained via PPPoE.
Eth0 192.168.1.1 static
Eth1 192.168.1.64 dynamic (I assume this is assigned by the modem and I have no idea how/if it can be configured)

I found out the server could not connect when trying to get updates, after that i tried to ping, telnet, or just access the web via browser.. none worked.

Yes the previous configuration (charter) did allow me to connect to the web, but eth1 was my external (internet) IP address.

The old interfaces file was exactaly the same except it did not have the following lines:
If my firewall does not connect, how do I download updates? (I guess its fine if I cannot connect.. but not knowing why its not working is kinda bothering me)

if this diagram is correct:
The the problem could be that I have 2 IP addresses that are 192.168.1.1 (see below)
# IP Address Description
0 W.X.Y.Z ISP provided via PPPoE

1 192.168.m.1 modem's LAN - gateway & DHCP server
2 192.168.1.64 modem provided via DHCP

3 192.168.1.1 Firewall's LAN - gateway, DHCP server off
4 192.168.1.254 static IP for Firewall's LAN

5 192.168.0.1 WiFi gateway & DHCP server
6 192.168.n.1 Doesnt exist.

Thats did it! Thanks everyone.

You're welcome, but what did you actually do to fix the problem?