Web Proxy can't ping subnets - SuSE 9.0
 

Everything works fine on our 10.100.0.0 network...proxy can ping hardware firewall (192.168.250.1) and can ping all the servers in 10.100.0.0 network...squid runs fine, dansguardian is blocking sites...however, when we go to a computer out in the 10.110.0.0 subnet, it can't see proxy...any ideas? I'm a pretty big newb when it comes to networking as it is, but toss linux into it, and I'm a brand new newb altogether... blink.gif

any help would be GREATLY appreciated...
btw, I'm running SuSE 64 9.0...

Kevin

How are all these subnets physically connected? What does the kernel routing table and ip configuration on the proxy look like (output of ifconfig -a and route)?

first I want to thank you for replying...it can sometimes be difficult to get responses...

ifconfig -a yields:

> ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:11:43:E0:88:65
inet addr:10.100.4.50 Bcast:10.100.255.255 Mask:255.255.0.0
inet6 addr: fe80::211:43ff:fee0:8865/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:261817 errors:0 dropped:0 overruns:0 frame:0
TX packets:152834 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:72396081 (69.0 Mb) TX bytes:44340220 (42.2 Mb)
Base address:0xecc0 Memory:dfae0000-dfb00000

eth1 Link encap:Ethernet HWaddr 00:11:43:E0:88:66
inet addr:192.168.250.2 Bcast:192.168.250.255 Mask:255.255.255.0
inet6 addr: fe80::211:43ff:fee0:8866/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:3684 errors:0 dropped:0 overruns:0 frame:0
TX packets:2304 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1572782 (1.4 Mb) TX bytes:346533 (338.4 Kb)
Base address:0xdcc0 Memory:df8e0000-df900000

eth2 Link encap:Ethernet HWaddr 00:0E:0C:70:65:94
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xccc0 Memory:df5e0000-df600000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:98223 errors:0 dropped:0 overruns:0 frame:0
TX packets:98223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:43356086 (41.3 Mb) TX bytes:43356086 (41.3 Mb)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

---------------------------------------------------------------------------------------
> route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.250.0 * 255.255.255.0 U 0 0 0 eth1
10.100.0.0 * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.250.1 0.0.0.0 UG 0 0 0 eth1

Is the 10.110.0.0 network connected to eth1 as well? If so, a 'route add -net 10.110.0.0 netmask 255.255.0.0 dev eth1' should take care of things.

If it's hooked up to eth2, well, eth2 has no IP :)

not sure if I understand...there isn't an eth2, eth0 is connected to the internal network and eth1 is connected to the Cisco PIX which in turn is connected to the internet...

we have 10.20., 10.30., ... , 10.80. subnets....do I add a route command just like the one you posted for each subnet?

Yes, you'll need to.

I'm sorry...I forgot about eth2...it's a management NIC on the back of the server...it is not being used in our setup...thanks for your help...I'll be finding out tomorrow night, when I can take our internet down, if this works...thanks again for your help...

Kevin

As far as I can tell this will fix the problem....however, when we reboot, the routes go away and we have to re-add them....is there a file I can edit that would make these changes permanent?

Yeah, you just need to add it to your init scripts. Not sure how SuSE handles those, but you should be able to look in /etc/init.d/ or /etc/rc.d/ and see what it has.