Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 01 November 2024, 11:27:45 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Installation Support
| | |-+  EFW box unreachable from green network
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW box unreachable from green network  (Read 16456 times)
ecky
Jr. Member
*
Offline Offline

Posts: 4


« on: Tuesday 14 August 2012, 09:22:00 am »

Hi out there,

I saw quite a lot of similar postings, but the problem I run into is somehow a bit different and strange:
- I am able to identify the green and the red interface (even though I don't know how to change them yet)
- With factory default settings I am able ping the EFW from the green network
- as soon as I apply the settings (fixed IP 192.168.0.1 on the green side DHCP on the red side) on the last step, my workstation (fixed adress 192.168.0.Cool is not able to reach the EFW any more (neither ping nor http GUI) ... unless I connect both interfaces (eth1 and br0) to the same switch.
- I tried to remove one or the other in order to work around the interface identification problem, but nothing helps ... my EFW box needs both interfaces connected to the same switch

This is quite odd, ant not what I intended or even expected  Huh

Any clues anyone?

Thanx in advance
ecky
Logged
ecky
Jr. Member
*
Offline Offline

Posts: 4


« Reply #1 on: Wednesday 15 August 2012, 07:49:29 pm »

Hello, me again,

Further investigation on the subject : disconnected red network cable completely and rebooted the EFW box. Now the workstation finds the EFW box and is able to connect to the GUI (ping is possible as well). A look into the kernel messages indicates that the dhcp client peeks for a server every 2 minutes. As soon as I plug the red network interface to the internet, access from the workstation on the green network to the EFW box becomes impossible ... and remains impossible even after unplugging the internet again.

I conclude that the fact plugging internet on the red network interface is doing some automatic configuration that messes all up ... trying to find what configuration gets actually done after plugging the red network.

cu
ecky
Logged
ecky
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: Thursday 16 August 2012, 07:52:13 am »

Hello again,

did some more investigation (still unable to get a hold on the problem) : thought that the firewall on the efw box itself blocks the communication and disabled all firewall rules with

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

After that it still does not work out, the workstation is unable to reach the efw box. Found out that there may be a problem with adress resolution, because if I issue an "arp -a" on the efw box it lists the workstation on the wrong interface (eth1 (red) instead of br0 (green)). So I deleted this entry manually with "arp -d ..." and inserted the correct one with "arp -s 192.168.0.1 XX:XX:XX:XX:XX:XX -i br0". Doing this, the command "arp -a" brings up the expected result with the green interface (br0) attached to the host.

BUT then, if I issue a ping command from the workstation onto the efw box it is still unreachable and issuing the "arp -a" command again on the efw box shows that the old configuration popped up again so that "arp -a" shows two entries for the same host (the workstation that I'm using for setting up and testing the efw box).

So next question to resolve is : what mechanism makes the old configuration pop up ? and where does this mechanism get his information from ? Tried to find that out with the command "find / -type f -exec grep -il "eth1" {} \;", this command works fine on my other linux boxes, but on the efw box it sais : "find: missing argument to '-exec'". BTW ethtool seems not to work neither on this distribution (2.5.1) keeps on telling "No data available".

Well I think I'll give it a last try and restart installation from the beginning

so long
ecky
Logged
ecky
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Monday 20 August 2012, 07:40:47 am »

Ok then,

got it working finally ... the problem was the following :
- i had configured my private network (green side) with network address 192.168.0.x
- the dhcp server on the red side used the same network address !
so the router / firewall got mixed up ...

Solution : I now use a different network adress for my private network and the dhcp of the isp sticks to its 192.168.0.X but now there is no conflict any more so it runs

cu
ecky
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com