On Wed, 2004-09-01 at 03:16, Sanjay Arora wrote: > Hi all > > This question is not Fedora related, but could not find how to do this. > Being a newbie, decided to ask the masters ;-) > > Network 1. > > Ipcop firewall gateway.. > > Public address: 202.x.x.139 Netmask 255.255.255.248 given by ISP > DMZ: 192.168.100.1 > Lan: 192.168.200.1 > > Gateway to Internet through 202.x.x.137 provided by ISP. > > Network 2 (ISP Network...mostly hubs/repeaters & some switches) > > NAT Gateway to internet through ISP provided by ISP through 172.16.0.1 > My FC1 machine address: 172.16.0.133 Netmask 255.255.255.0, though I > have not set it, as the ISP does not allow me to go on the net through > this GW...only has given me an IP address to use on the local > net...basically to test my machine his network i.e. from outside my > network. > > Other friends on ISP LAN connected through the ISP: 172.16.0.x > > Now, the problem is that my FC1 machine though physically connected to > my public IP (three connections to the hub...my ISP, my Ipcop machine > and my FC1 machine), does not talk to my public IP. > > Ping says destination unreachable...I used ethereal to check the > problem...my public IP firewall machine (202.x.x.139) is not responding > to FC1 (172.16.0.133) ARP requests. I have set route in both machines > by: > > On 172.16.0.133 > route add -host 202.x.x.139 dev eth2 Ugh, don't use dev next hops unless you must, a very very very bad practice. > > On 202.x.x.139 > route add -host 172.16.0.133 dev eth2 > > I think that the problem lies with different broadcast addresses, so the > 202.x.x.139 machine is not getting the ARP request. You don't see arp's for the next hops? May be related to you using dev ethX instead of gw ip. > > My firewall does not block ICMP requests. Service iptables stop for a few seconds to test, why chase a ghost > > Second problems is with my friends having 172.16.0.0 address with my ISP > and having a GW address of 172.16.0.1 (which my FC1 machine does not > have). They cant connect to my machine despite being on the same segment > of my ISP Lan, without going through the internet. As their Internet > bandwidth is capped...they cant transfer files with me. How to get their > machines to talk with mine, without going to the ISP Gateway...some are > Win machines & some Linux. > > Hope someone will help me...wont say can help me because I know > otherwise ;-) Also, please provide pointers to some resources to this > type of (not normal) TCP/IP routing...so I can learn and maybe someday > be able to help some newbie like myself. Strangely...Google was not my > friend this time ;-( www.cisco.com, you can also google to scrounge up some very good university lab stuff as well. I used to live in Ohio States web site years back, they used to have lots of excellent on line lab materials. Their where may other as well. > > My thanks for reading ALL the above. > > With best regards. > Sanjay. > If you can put a little ascii diagram together it may be easier to help. Ted
