Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 06-07-2007, 10:09 AM   #1
Registered: Jun 2004
Distribution: debian etch
Posts: 40

Rep: Reputation: 15
shorewall routing issue: "no route to host" from dmz

hey folks,
i've been messing with this issue for the past couple of days and have realized that i need help.

heres my network layout:
www is connected to a DSL modem
DSL modem is connected to 1 computer running debian etch and shorewall
shorewall machine has three NICs:
- eth0 connected to DSL modem pulling a dhcp address -
- eth1 connected to a local (wired, trusted) network, handing out dhcp address -
there is a printer, and a file server on this network receiving static IPs based on
HW addresses.
- eth2 connected to a wireless router, but still handing out dhcp addresses -
the fact that eth2 is ( will be ) connected to a wireless router is ( somewhat )
irrelevant ( i believe ).
all the testing i'm doing is from another machine connected directly to eth2.
yes, i'm using a crossover cable. sometimes, its the easy stuff you overlook.

- the *.1.0 NW is referred to as 'net'
- the *.2.0 NW is referred to as 'loc'
- the *.3.0 NW is referred to as 'dmz'

whats happening:
ok, so, it seems that dhcp is working just fine on all needed interfaces. It pulls an address on eth0, and it dishes em out on eth1 and 2, keeping track of the ones that need static addresses.

traffic originating on the *.2.0 NW seems to do fine. It can get to the internet, and ssh to the machines on the *.3.0 NW, as well as ssh into the firewall ( which i haven't decided if thats a good thing yet or not ).

traffic originating on the *.3.0 NW however, seems to be running into a problem. It can pull an IP address, but whenever i attempt to ping google, the firewall or anything on the *.2.0 NW i get the response: "ping: unknown host" or "Destination Host Unreachable."

in addition, i can't get to the internet from the dmz (*.3.0), which is the main issue.
i am refraining from posting my config files at the moment in order to keep this post brief and not fill it up with unneeded copy, as well as to keep from giving away all of my ACLs.
I DO understand that you folks will need to see them in order to lend me a hand, so upon request, i will be happy to post any file you need, or provide any further information.

much thanks,


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
a/p connected, route correct, ping router: "Destination Host Unreachable". DebianEtch shinyblue Linux - Wireless Networking 1 08-29-2006 09:34 PM
Pan :: "No route to host" error tireseas Linux - Networking 3 05-02-2005 09:47 PM
"No route to host" on RH 8.0 + W2K LAN szatki Linux - Networking 8 02-19-2004 12:30 PM
could "no route to host" be caused by non-crossover cable? brandonweinberg Linux - Networking 13 01-31-2004 09:47 AM
Permanently set "route add" -host and default gw sacants Linux - Newbie 1 07-18-2003 04:04 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:45 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration