Always test RED first before starting to play with GREEN. I mean, if your EFW box have problems with red, any client connected to it will have the same problem.
You are trying just a simple GREEN-RED setup, with nothing more. This is simply. Be a.nalitical, create your checklist of things you must test:
1- Test DHCP Server - Check your Endian firewall has DHCP Server OK. If you connect a PC and EFW gives you an IP with the correct IP, mask, Gateway and DNS servers you are ok.
2- Test DHCP Server 2 - Ping your EFW firewall from one machine from LAN.
3- Test RED from GREEN - Use tracert on one machine from LAN to see what route your traffic is trying to go. The important thing at this point is to use an external IP address, not a name server. We want to test the connection, not the DNS yet. Use the DOS command:
tracert 74.125.67.104. You should see the traffic going out from your EFW box to the internet. If you see that traceroute stops after the 1st jump (on your EFW box), there is a problem with the RED interface.
3b- If above fails, test RED from Endian Firewall console: From Endian console, use the command:
traceroute 74.125.67.104. In some jumps should reach its destination (google.com). If it gives some error, then your RED interface is not working. If it works its some misconfig in Outgoing Firewall, that blocks traffic from client. Recheck Firewall->Outgoing FWall
4- Test DNS from GREEN:: If 3 is ok try
nslookup www.google.com. If it doesnt resolve, there must be some DNS problem.
4b- If above fails, test DNS from Endian console: Use the same command
nslookup www.google.com. If it doesnt resolve, your DNS servers are wrong, recheck your DNS servers on your config, use Network->Interfaces->main uplink --> Edit and recheck the config you used.
5- Test RED from GREEN with DNS: Once fixed the RED iface and DNS, just use a tracert
www.google.com from any client, it should reach google.
Author