EFW Support

Support => Installation Support => Topic started by: ecky on Tuesday 14 August 2012, 09:22:00 am



Title: EFW box unreachable from green network
Post by: ecky on Tuesday 14 August 2012, 09:22:00 am
Hi out there,

I saw quite a lot of similar postings, but the problem I run into is somehow a bit different and strange:
- I am able to identify the green and the red interface (even though I don't know how to change them yet)
- With factory default settings I am able ping the EFW from the green network
- as soon as I apply the settings (fixed IP 192.168.0.1 on the green side DHCP on the red side) on the last step, my workstation (fixed adress 192.168.0.8) is not able to reach the EFW any more (neither ping nor http GUI) ... unless I connect both interfaces (eth1 and br0) to the same switch.
- I tried to remove one or the other in order to work around the interface identification problem, but nothing helps ... my EFW box needs both interfaces connected to the same switch

This is quite odd, ant not what I intended or even expected  ???

Any clues anyone?

Thanx in advance
ecky


Title: Re: EFW box unreachable from green network
Post by: ecky on Wednesday 15 August 2012, 07:49:29 pm
Hello, me again,

Further investigation on the subject : disconnected red network cable completely and rebooted the EFW box. Now the workstation finds the EFW box and is able to connect to the GUI (ping is possible as well). A look into the kernel messages indicates that the dhcp client peeks for a server every 2 minutes. As soon as I plug the red network interface to the internet, access from the workstation on the green network to the EFW box becomes impossible ... and remains impossible even after unplugging the internet again.

I conclude that the fact plugging internet on the red network interface is doing some automatic configuration that messes all up ... trying to find what configuration gets actually done after plugging the red network.

cu
ecky


Title: Re: EFW box unreachable from green network
Post by: ecky on Thursday 16 August 2012, 07:52:13 am
Hello again,

did some more investigation (still unable to get a hold on the problem) : thought that the firewall on the efw box itself blocks the communication and disabled all firewall rules with

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

After that it still does not work out, the workstation is unable to reach the efw box. Found out that there may be a problem with adress resolution, because if I issue an "arp -a" on the efw box it lists the workstation on the wrong interface (eth1 (red) instead of br0 (green)). So I deleted this entry manually with "arp -d ..." and inserted the correct one with "arp -s 192.168.0.1 XX:XX:XX:XX:XX:XX -i br0". Doing this, the command "arp -a" brings up the expected result with the green interface (br0) attached to the host.

BUT then, if I issue a ping command from the workstation onto the efw box it is still unreachable and issuing the "arp -a" command again on the efw box shows that the old configuration popped up again so that "arp -a" shows two entries for the same host (the workstation that I'm using for setting up and testing the efw box).

So next question to resolve is : what mechanism makes the old configuration pop up ? and where does this mechanism get his information from ? Tried to find that out with the command "find / -type f -exec grep -il "eth1" {} \;", this command works fine on my other linux boxes, but on the efw box it sais : "find: missing argument to '-exec'". BTW ethtool seems not to work neither on this distribution (2.5.1) keeps on telling "No data available".

Well I think I'll give it a last try and restart installation from the beginning

so long
ecky


Title: Re: EFW box unreachable from green network
Post by: ecky on Monday 20 August 2012, 07:40:47 am
Ok then,

got it working finally ... the problem was the following :
- i had configured my private network (green side) with network address 192.168.0.x
- the dhcp server on the red side used the same network address !
so the router / firewall got mixed up ...

Solution : I now use a different network adress for my private network and the dhcp of the isp sticks to its 192.168.0.X but now there is no conflict any more so it runs

cu
ecky