Quoting Marc Breslow <marc@xxxxxxxxxxxx>:
Jeff,
I think we are on to something here. I added a static route on the
192.168.1.1 router to the 192.168.1.224 with the gateway address equal to
the eth1 IP address on the firewall. I can now ping 192.168.1.1 from behind
the firewall but I still can't ping 209.73.186.238 (yahoo) from behind the
firewall. I can ping yahoo from the firewall.
Any other thoughts?
Couple of questions.
Is your firewall (the CentOS box with 192.168.1.224 and 192.168.202.1
interfaces) configured to perform NAT? Or is the firewall on it
completely turned off?
What is exactly the route you added to your external router? That
router probably has two network interfaces and therefore two routes
with link scope associted with them. One telling it how to reach the
router at the ISP end, and second one for your 192.168.1.0/24 network.
Everything else will be routed to the default route (meaning
outside). You want to add static route on your external router for
192.168.202.0/24 pointing to 192.168.1.224. Is that what you did?
If that is what you did, you might want to check configuration of your
external router, and see how firewalling is configured on it. Many of
those small devices have some firewalling enabled by default in them.
Maybe it considers only 192.168.1.0/24 to be internal network, and
drops everything else from inside.
Try doing traceroute from 192.168.202.10. Also, running tcpdump on
your firewall's eth1 and eth3 interfaces in parallel (for example from
two terminal windows) while you are doing traceroute or simply
attempting to ping outside world and comparing the outputs might give
you an idea what is going on.
--
See Ya' later, alligator!
http://www.8-P.ca/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
