> > > You've probably set it to masq packets from the private > > > network, which (though it doesn't seem very logical) might > > > be preventing the private network from getting ICMP packets > > > back. Try turning off the firewall and pinging to help > > > localise the problem. > > Uh, before doing this, I'd opted to look at what masq is > > doing: > > /sbin/ipchains -L > > Chain input (policy ACCEPT): > > target prot opt source destination > > ports > > icmp icmp ------ anywhere anywhere > > any -> any > > ACCEPT tcp ----l- 192.168.0.0/24 192.168.0.3 > > any -> any > > ACCEPT tcp ----l- 192.168.0.3 192.168.0.0/24 > > any -> any > > Chain forward (policy ACCEPT): > > target prot opt source destination > > ports > > MASQ all ------ 192.168.0.0/24 anywhere > > n/a > > MASQ all ------ 10.0.0.0/24 anywhere > > n/a > > Chain output (policy ACCEPT): > > Chain icmp (1 references): > > target prot opt source destination > > ports > > ACCEPT all ------ anywhere anywhere > > n/a > > While I don't know what the deal iw with the 192's -- know > > how I remove them & replace with 10.etc's -- if necessary. > > Anyway, is this normal? > Hm, where do the rules come from at all? Got me. As you'll see below, there are no 192.'s in the routing table. > Do you use some firewall script that automatically generates > rules? Haven't, still, had time to read up on chains or tables, so I use RH's setup app wiich has a listing for firewalling. I allow only eth0, www, ssh, & ftp. Till I have the chance to really look into specifics, this has done well enough to keep others out. > There might be some residue of previous setting orgies you > forgot to remove, that makes the firewall script think there is > a 192.168/24 network which needs them. Possibly. Dunno. > Well, anyway, I don't think they're a problem since your chains > all have a default policy of ACCEPT, so packets which match no > rules are accepted (which is not very secure, by the way - it's > better to do it the other way around and DENY everything except > explicitly allowed communications). There is a rule to masq > packets from 10.0/24, so that's fine. Oh, I'd agree, but RH -- even back in the wrappers days -- seems to think otherwise. First thing I do after installing is run setup, get the firewall in place, quickly set the other things in there I trouble with & reboot. It's worked so far.... > But this rule masquerades also the packets intended for your > public addresses. This is unnecessary and can be resolved by > adding rules that allow simple forwarding before the > masquerading rule. Ah, but all this is new territory for me, so I've no idea how to do that. > For now, temporarily turning off the firewall while trying to > ping should be enough to exclude the firewall as the source of > trouble. Heh. One look at ps aux shows nothing remotely like ipchains or firewall running. What would I be looking for? > > OK. Well, I've switched it back to :1 now. But nothing > > still. Where, exactly, should I find the routing tables? > > I've looked & looked, but I can't find them. > route -n will display you the routing tables in numerical form. > They're set automatically based on subnets the box is a member > of OK. Well, here're the results: /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 10.0.0.1 255.255.255.0 UG 0 0 0 eth0 10.0.0.0 10.0.0.2 255.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 63.0.0.0 63.249.19.72 255.0.0.0 UG 0 0 0 eth0 63.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 0.0.0.0 63.249.19.1 0.0.0.0 UG 0 0 0 eth0 Hey, while all these (save .1) are on the same subnet, my W98 is on the subnet .1 is on. Shouldn't all these be 255.255.255.0 for them to all work together properly...? > to configure additional, non-volatile routes you can use the > /etc/route.conf file. Ah, well, there is no such file, but from what you say, I only need it if I have different networks than I already have which I want to add, yes? -- There is no act of treachery or mean-ness of which a political party is not capable; for in politics there is no honour. -Benjamin Disraeli, "Vivian Grey" To unsubcribe send e-mail with the word unsubscribe in the body to: Linux-Anyway-Request@xxxxxxxxxxxxx?body=unsubscribe