missing something simple in 3 NIC configuration

qweqwe · 06-15-2003, 04:08 AM

Hi All,

i am in the process of configuring 3 network cards on my new firewall machine. i am rebuilding my firewall with a DMZ. All the three cards are configured correctly and comes up properly during boot.

My external IP is 66.
Internal is 192.168.0.x
DMZ is 192.168.1.x

ifconfig shows the details of all the cards properly. i am able to ping any external IP address (for e.g. google). i am ble to ping any of my machines in my internal network (192.168.0.x). but i am unable to ping any machines in my DMZ network (192.168.1.x).

Looks like i am unable to forward packets to 192.168.1.x thru eth2 (my DMZ card). i tried this command

route add -net 192.168.1.0 netmask 255.255.255.0 dev eth2

still no luck

But suprising thing is that from my DMZ machines i am able to ping 192.168.1.1 (IP address of the DMZ card in the firewall).
this means the network is working and the card is up.

i dont know what mistake i am making.

Any help appreciated.

thanks a lot,
-qweqwe

My Ifconfig

eth0 Link encap:Ethernet HWaddr 00:20:18:3C:2E:20
inet addr:66.235.61.118 Bcast:66.235.61.119 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:3120 (3.0 Kb)
Interrupt:11 Base address:0xff80

eth1 Link encap:Ethernet HWaddr 00:20:18:3C:2E:17
inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:57 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:7099 (6.9 Kb) TX bytes:932 (932.0 b)
Interrupt:9 Base address:0xff40

eth2 Link encap:Ethernet HWaddr 00:40:33

0:F4:71
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:276 errors:0 dropped:0 overruns:0 frame:0
TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:36000 (35.1 Kb) TX bytes:4038 (3.9 Kb)
Interrupt:5 Base address:0x280

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2456 (2.3 Kb) TX bytes:2456 (2.3 Kb)

my route

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
255.255.255.255 * 255.255.255.255 UH 0 0 0 eth2
66.235.61.116 * 255.255.255.252 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth2
192.168.1.0 * 255.255.255.0 U 0 0 0 eth2
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 66.235.61.117 0.0.0.0 UG 0 0 0 eth0

david_ross · 06-15-2003, 07:01 AM

Try configuring your DMZ on a 172 range - it is much easier to work with 2 entirely different ranges.

qweqwe · 06-15-2003, 12:01 PM

thanks i ll try that ...i forgot to mention that i hvnt started my firewall scripts yet on this machine ...so this is not a firewall script problem ...

-qweqwe

siddiqu · 06-16-2003, 12:15 AM

Hi..

In the routing table

255.255.255.255 * 255.255.255.255 UH 0 0 0 eth2

is it added for DHCP ??

1. As per the update u are able to ping 192.168.1.1 from DMZ segment. Please check any other machine configured with same ip address ( May be stupid..). Verify the MAC address.

Siddiqu.T

qweqwe · 06-16-2003, 01:55 AM

i knew i was doing something stupid ..

the 192.168.1.2 machine in my DMZ was a Win2k machine. i had 'Internet connection firewalled' enabled on that machine. that was blocking the ping from the firewall (192.168.1.1). i removed the ICF and it works fine now ...thanks for ur suggestion.

-qweqwe