Lan to Wan reprise

Claude Jones claude_jones at levitjames.com
Mon Mar 14 04:05:54 UTC 2005


Claude Jones wrote:

> I had successfully configured an FC3 box at work to serve as internet 
> router, firewall, web server, DHCP server to my Lan, etc. Tonight, I 
> moved it to its final destination, my home, and I'm completely stuck 
> on one issue.
> The web server works.
> The box has internet access.
> Machines on the Lan are getting DHCP assigned IP addresses. They are 
> also able to see my lone web page.
> However, the machines on the Lan can't get past the firewall. It's not 
> a DNS problem because it doesn't go away if you put an IP address in. 
> I can ping the Wan NIC from the LAN but nothing further than that.
> I've reviewed the procedures over and over  that I used successfully, 
> and I can't find the problem.
> DHCPD loads without errors.
> I've checked and rechecked the firewall and SELinux settings, and they 
> appear to be the same as at the office.
> I've reviewed the network settings for my NICs twenty times.
> IP forwarding and masquerade have been set up.
> What have I overlooked??? I have to have this running in three hours 
> so any suggestions would be greatly appreciated!
>
> Claude Jones
> Bluemont, VA, USA
>
Another elaboration of the investigation:
Below are 3 lines from a tcpdump monitoring the external nic as I 
attempted to access the web from a lan machine. It looks to me like the 
requests are making it to the external nic, because DNS lookups are 
being attempted, no?  
22:49:22.142576 IP (tos 0x0, ttl 127, id 924, offset 0, flags [none], 
proto 17, length: 64) 192.168.2.253.1031 > ns1.nlayer.net.domain:  
62240+ A? www.levitjames.com. (36)
22:49:22.603798 arp who-has 10.0.0.1 tell 10.0.4.62
22:49:22.735672 IP (tos 0x0, ttl 127, id 925, offset 0, flags [none], 
proto 17, length: 61) 192.168.2.253.1025 > 
ns2.rec.servercentral.net.domain:  7458+ A? www.directv.com. (33)
22:49:22.735936 IP (tos 0x0, ttl 127, id 926, offset 0, flags [none], 
proto 17, length: 61) 192.168.2.253.1025 > ns1.nlayer.net.domain:  7458+ 
A? www.directv.com. (33)

-- 
Claude Jones
Bluemont, VA, USA




More information about the fedora-list mailing list