Hi all
This question is not Fedora related, but could not find how to do this. Being a newbie, decided to ask the masters ;-)
Network 1.
Ipcop firewall gateway..
Public address: 202.x.x.139 Netmask 255.255.255.248 given by ISP DMZ: 192.168.100.1 Lan: 192.168.200.1
Gateway to Internet through 202.x.x.137 provided by ISP.
Network 2 (ISP Network...mostly hubs/repeaters & some switches)
NAT Gateway to internet through ISP provided by ISP through 172.16.0.1 My FC1 machine address: 172.16.0.133 Netmask 255.255.255.0, though I have not set it, as the ISP does not allow me to go on the net through this GW...only has given me an IP address to use on the local net...basically to test my machine his network i.e. from outside my network.
Other friends on ISP LAN connected through the ISP: 172.16.0.x
Now, the problem is that my FC1 machine though physically connected to my public IP (three connections to the hub...my ISP, my Ipcop machine and my FC1 machine), does not talk to my public IP.
Ping says destination unreachable...I used ethereal to check the problem...my public IP firewall machine (202.x.x.139) is not responding to FC1 (172.16.0.133) ARP requests. I have set route in both machines by:
On 172.16.0.133 route add -host 202.x.x.139 dev eth2
On 202.x.x.139 route add -host 172.16.0.133 dev eth2
I think that the problem lies with different broadcast addresses, so the 202.x.x.139 machine is not getting the ARP request.
My firewall does not block ICMP requests.
Second problems is with my friends having 172.16.0.0 address with my ISP and having a GW address of 172.16.0.1 (which my FC1 machine does not have). They cant connect to my machine despite being on the same segment of my ISP Lan, without going through the internet. As their Internet bandwidth is capped...they cant transfer files with me. How to get their machines to talk with mine, without going to the ISP Gateway...some are Win machines & some Linux.
Hope someone will help me...wont say can help me because I know otherwise ;-) Also, please provide pointers to some resources to this type of (not normal) TCP/IP routing...so I can learn and maybe someday be able to help some newbie like myself. Strangely...Google was not my friend this time ;-(
My thanks for reading ALL the above.
With best regards. Sanjay.
On Wed, 2004-09-01 at 03:16, Sanjay Arora wrote:
Hi all
This question is not Fedora related, but could not find how to do this. Being a newbie, decided to ask the masters ;-)
Network 1.
Ipcop firewall gateway..
Public address: 202.x.x.139 Netmask 255.255.255.248 given by ISP DMZ: 192.168.100.1 Lan: 192.168.200.1
Gateway to Internet through 202.x.x.137 provided by ISP.
Network 2 (ISP Network...mostly hubs/repeaters & some switches)
NAT Gateway to internet through ISP provided by ISP through 172.16.0.1 My FC1 machine address: 172.16.0.133 Netmask 255.255.255.0, though I have not set it, as the ISP does not allow me to go on the net through this GW...only has given me an IP address to use on the local net...basically to test my machine his network i.e. from outside my network.
Other friends on ISP LAN connected through the ISP: 172.16.0.x
Now, the problem is that my FC1 machine though physically connected to my public IP (three connections to the hub...my ISP, my Ipcop machine and my FC1 machine), does not talk to my public IP.
Ping says destination unreachable...I used ethereal to check the problem...my public IP firewall machine (202.x.x.139) is not responding to FC1 (172.16.0.133) ARP requests. I have set route in both machines by:
On 172.16.0.133 route add -host 202.x.x.139 dev eth2
Ugh, don't use dev next hops unless you must, a very very very bad practice.
On 202.x.x.139 route add -host 172.16.0.133 dev eth2
I think that the problem lies with different broadcast addresses, so the 202.x.x.139 machine is not getting the ARP request.
You don't see arp's for the next hops? May be related to you using dev ethX instead of gw ip.
My firewall does not block ICMP requests.
Service iptables stop for a few seconds to test, why chase a ghost
Second problems is with my friends having 172.16.0.0 address with my ISP and having a GW address of 172.16.0.1 (which my FC1 machine does not have). They cant connect to my machine despite being on the same segment of my ISP Lan, without going through the internet. As their Internet bandwidth is capped...they cant transfer files with me. How to get their machines to talk with mine, without going to the ISP Gateway...some are Win machines & some Linux.
Hope someone will help me...wont say can help me because I know otherwise ;-) Also, please provide pointers to some resources to this type of (not normal) TCP/IP routing...so I can learn and maybe someday be able to help some newbie like myself. Strangely...Google was not my friend this time ;-(
www.cisco.com, you can also google to scrounge up some very good university lab stuff as well. I used to live in Ohio States web site years back, they used to have lots of excellent on line lab materials. Their where may other as well.
My thanks for reading ALL the above.
With best regards. Sanjay.
If you can put a little ascii diagram together it may be easier to help.
Ted
-
Listman -
Sanjay Arora