Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 15 December 2024, 12:03:20 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  New Install Please Help Not passing traffic
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: New Install Please Help Not passing traffic  (Read 15725 times)
kilimanj99
Full Member
***
Offline Offline

Posts: 13


« on: Monday 26 September 2011, 02:20:11 am »

Hello,

I just installed the Community version of Endian with 2 NIC's, one <RED> one <GREEN> I have a pretty basic setup (I think). Basically

PC(10.10.10.10)-----<GREEN 10.10.10.1>ENDIAN<RED 68.68.68.68>-----<ISP 68.68.68.1>

When I have my old firewall setup it works with no problem so i know my ISP is reachable. When I hook up Endian and I SSH to the box I can ping the RED interface but not the 68.68.68.1 IP (GW). I cannot figure out why.

As far as configurations go, here's what I have setup so far:
1. On the Inbound of the Firewall a few PAT's going to the PC i.e. 80,443,25
2. On the Inbound of the firewall incoming routed traffic to enable traffic to my PAT's above, last rule is deny all but I tried turning that off too

I have noticed on the dashboard page bottom right I notice the uplink shows up but if i refresh it goes inactive then up again, not sure if that is normal but doesnt seem good. The top right interface section always shows up though.

I also tried setting up Network->Routing for ANY ANY -> GW IP but that didnt work.

I fear I am missing something simple, any suggestions are much appreciated.
Thanks
Logged
kilimanj99
Full Member
***
Offline Offline

Posts: 13


« Reply #1 on: Tuesday 27 September 2011, 03:36:20 am »

If it helps, I have a bit more info on my latest troubleshooting steps:

1. Tried different IP, different switch port, different network cable, none made a difference.
2. I have 2 NIC's in the PC 1 is intel (internal) the other is Broadcom (RED) - internal is passing traffic with no problem so I reversed them to make sure it wasnt a NIC issue. Internal on Broadcom continued to pass traffic where now the external on intel stopped.
3. Also want to note that during install It would not install when I have both NIC's enabled. It would fail at the point where you enter the IP and it tries to bring up the network. When I removed one NIC it completed the install, then I reinstalled the second NIC and it picked it up. If this is an issue why would it not install with 2 NIC's?
4. Through SSH verified the link is up and all the IFCONFIG, NETSTAT, ARP, etc look good. Tried disabling ebtables and services but that didnt help either.
5. Reset factory defaults a few times too

Only thing I can think to do is try a reinstall again from scratch... but if I do I would like both NICS working because the only thing I can think of is that is the root cause of this. Anyone have any ideas as to what else to try and or why it would not install with 2 NICs? (Broadcom is onboard DELL Optiplex 520 and the Intel is a PCI card)

Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #2 on: Wednesday 28 September 2011, 01:27:02 am »

It's really strange that you can't install with both NIC's installed, that doesn't sounds good.

But it also seems strange that when you switch cables it worked.

Try using a switch between your ISP and Endian, to avoid crossover cables problems. Also try to connect a PC on RED, as 68.68.68.67
Disconnect your ISP from the switch and try to ping the RED PC from Endian.
Disconnect the Endian and reconnect the ISP to the switch, try to ping your ISP from the PC
Logged
kilimanj99
Full Member
***
Offline Offline

Posts: 13


« Reply #3 on: Thursday 29 September 2011, 12:12:06 am »

Thanks for the reply, I will try a few of these things tonight. in order to troubleshoot Endian and keep my current network up I kind of did some of these too. Here's where I am at:

Current network config:

                                  ____  <GREEN 10.10.10.2>ENDIAN<RED 68.68.68.68> _______
                                /                                                                                                \
PC(10.10.10.10)----SW                                                                                                 SW -----<ISP 68.68.68.1>
                                \_____ <GREEN 10.10.10.1>Production FW<RED 68.68.68.69> ___/


Try using a switch between your ISP and Endian, to avoid crossover cables problems.
> Cable modem didnt require a crossover, although I tried one anyway - no difference
> I have hooked up a switch so that I can get out to the internet on my old FW and still be able to test my new one, I have a few public IPs.

Also try to connect a PC on RED, as 68.68.68.67
> I will try a direct crossover from PC to Endian on RED but technically in the above config Endian RED should be able to ping Production RED without going to the ISP.

Disconnect your ISP from the switch and try to ping the RED PC from Endian.
> I will try this tonight

Disconnect the Endian and reconnect the ISP to the switch, try to ping your ISP from the PC
> I've moved them around a bit, in the process I'm sure this has been done. I've also powered off the ISP for a few.

- In addition to help the install I have another intel nic identical to the one in the endian pc, I am going to disable the broadcom and try 2 of the same type then reinstall. Maybe that will help the install process.
Logged
kilimanj99
Full Member
***
Offline Offline

Posts: 13


« Reply #4 on: Friday 30 September 2011, 12:12:45 am »

Did a few more tests last night. I started with trying to put another NIC in the box but then realized it has no more slots. So I'm stuck with the 2 NIC's I have. I ran a few install tests.

1. Re-install 1: Both NICs enabled, GREEN on Intel - install failed when trying to bring up network, on reboot it just flashes GRUB GRUB GRUB GRUB GRUB GRUB GRUB across the screen.

2. Re-install 2: Both NIC's enabled, GREEN on Broadcom - install failed when trying to bring up network, on reboot it just flashes GRUB GRUB GRUB GRUB GRUB GRUB GRUB across the screen.

3. Re-install 3: Intel enabled, Broadcom Disabled - install failed when trying to bring up network, on reboot it just flashes GRUB GRUB GRUB GRUB GRUB GRUB GRUB across the screen.

4. Re-install 4: Broadcom enabled, Intel Disabled (Actually the entire PCI bus disabled) - Installed. Re-enabled the PCI bus. Detected the NIC. Ran the wizard. Same problem, no ping on external NIC, even with a direct x-connect to another PC.

...Looks like I'm headed back to Untangle Sad and I was so looking forward to some of these options Endian has.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #5 on: Friday 30 September 2011, 02:30:46 am »

Seems a hardware issue, maybe with IRQ's and those things.
I had a problem like that some time ago, with a 4 port PCI card.
Never worked (even on Windows it causes problems), so I changed the NIC for a different one.

If you don't have any other PC to test out Endian (with different HW), I'm afraid you need to test out another Distro (ClearOS, Untangle, etc).
Logged
kilimanj99
Full Member
***
Offline Offline

Posts: 13


« Reply #6 on: Friday 30 September 2011, 04:01:22 am »

I have another PC, unfortunately its the same model Sad They only have 1 PCI slot in them. Maybe I can borrow another brand PCI NIC or try Gateway mode. Will update if I figure it out.
Logged
kilimanj99
Full Member
***
Offline Offline

Posts: 13


« Reply #7 on: Saturday 01 October 2011, 12:09:42 am »

Bit of good news...

So last night I replaced the network card with a different model and was able to reinstall correctly, without it failing at the end. However I still was unable to ping out the RED interface so...
1. I tried telnet 80 to my RED end of my website. I was able to connect. So I tried to telnet to yahoo and it would not connect. I tried ping again and no dice.
2. I checked my Juniper FW and it was restricting ICMP so I enabled that and I was able to ping out the RED interface to the RED interface of the Juniper. But still not out my ISP.
3. I hooked the RED cable directly to the cable modem - no dice (At this point I was watching my cable modem lights and there was clearly a difference in transmit packats which was almost nothing. Recieve was addly fairly active though)
4. Switched the cable to a cross over - no dice
5. Powered off the cable modem for about 5 minutes and WAH LAH!

So I think I had a series of issues, 1) the NIC was not compatible, 2) ICMP on my FW was off, 3) The cable modem needed to be powered off for a few minutes to forget whatever it needed to forget.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com