-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Kevin F. Berrien wrote:
| With the help of many on the previous thread (Firewall - Very limited | Access - suggestions), I've built my firewall using fwbuilder & FC1. At | present I've got it set up in a test environment. The firewall seems to | be operating correctly with one exception, but my real problem is with | my routing. I've always been terrible with routing.... At present, I | can't traverse from a workstation on the "internal" subnet to host on | "external" subnet, or internet. | | I am not using NAT on this firewall, it just bridges two subnets - | allowing very specific traffic through (antivirus/windows-sus, remote | desktop). I need to get the routing between subnets working through the | firewall. | | "external subnet" - eth0 - 192.168.50.0 | gatway to internet - 192.168.50.1 | eth0 ip 192.168.50.48/255.255.255.0 gw = 192.168.50.1 | | "internal subnet" - eth1 - 192.168.5.0 | eth1 ip 192.168.5.200/255.255.255.0 gw = 192.168.50.1?? | | test host "internal" | ip 192.168.5.3/255.255.255.0 gw = 192.168.5.200?? | <<-- snip -->>
Keven,
1) Routing is a step by step process. You seem to have 2 servers involved... 192.168.50.1 and yours at 192.168.50.48 and 192.168.5.3.
The problem, you will need access to both servers to update routing for both machines so you can get everything working.
a) make a route in 192.168.50.1 that routes traffic for 192.168.5.0 to your IP of 192.168.50.48... This will allow your gateway server/router to route packets to this additional network properly.
b) I don't believe you need a gateway for eth1. I could be wrong....
c) NOW, try pinging 192.168.5.200 from 192.168.50.48... You should get responses back. If so, try 192.168.5.3 next.
d) NOW, try pinging 192.168.50.48 from 192.168.5.3. You should get responses back. If so, try 192.168.50.1 next.
Let us know the results of the tests and get back with us.
Thanks, James Kosin
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAyJXQc7lFLjBWKW0RAkAaAJ4mManHnONmpWoVgSTm4DVtnbxOwQCePDTT IU4xlrnKQwl1cVD5Y1XYFmU= =SACH -----END PGP SIGNATURE-----