Dan,<br><br>Thanks for the reply. The client is a laptop running Windows XP Home EditionI&#39;. Server is a tower running Gentoo 2006.1, shorewall 3.0.8.<br><br>The client is setup as follows:<br>IP address: <a href="http://192.168.1.2">
192.168.1.2</a><br>Netmask:&nbsp;&nbsp;&nbsp; <a href="http://255.255.255.0">255.255.255.0</a><br>Gateway:&nbsp;&nbsp;&nbsp; <a href="http://192.168.1.1">192.168.1.1</a><br>DNS:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="http://192.168.1.1">192.168.1.1</a><br><br>I&#39;ve changed my /etc/conf.d/net to:
<br><br># Interface Handler<br>modules=( &quot;ifconfig&quot; )<br><br># eth0 (WAN) config<br>config_eth0=( &quot;dhcp&quot; )<br><br># eth1 (LAN) config<br>config_eth1=( &quot;<a href="http://192.168.1.1">192.168.1.1</a>
 netmask <a href="http://255.255.255.0">255.255.255.0</a> broadcast <a href="http://192.168.1.255">192.168.1.255</a>&quot; )<br><br>Amongst many other things, shorewall dump shows:<br><br>Shorewall has detected the following iptables/netfilter capabilities:
<br>&nbsp;&nbsp; NAT: Available<br>&nbsp;&nbsp; Packet Mangling: Available<br>&nbsp;&nbsp; Multi-port Match: Available<br>&nbsp;&nbsp; Extended Multi-port Match: Available<br>&nbsp;&nbsp; Connection Tracking Match: Available<br>&nbsp;&nbsp; Packet Type Match: Available<br>&nbsp;&nbsp; Policy Match: Available
<br>&nbsp;&nbsp; Physdev Match: Not available<br>&nbsp;&nbsp; IP range Match: Available<br>&nbsp;&nbsp; Recent Match: Available<br>&nbsp;&nbsp; Owner Match: Available<br>&nbsp;&nbsp; Ipset Match: Not available<br>&nbsp;&nbsp; CONNMARK Target: Not available<br>&nbsp;&nbsp; Connmark Match: Available
<br>&nbsp;&nbsp; Raw Table: Available<br>&nbsp;&nbsp; CLASSIFY Target: Available<br>&nbsp;&nbsp; FORWARD Mangle Chain: Available<br><br>So, I think I have all that I need compiled into my kernel (2.6.19-r1). I&#39;ll be home in a bit, and I&#39;ll get on the Windows computer and run ipconfig and route to find out what the IP info and routing table looks like on the client and post that.
<br><br>Thanks again for your help.<br><br>Shawn<br><br><div><span class="gmail_quote">On 2/2/07, <b class="gmail_sendername">Dan Farrell</b> &lt;<a href="mailto:dan@spore.ath.cx">dan@spore.ath.cx</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Fri, 2 Feb 2007 12:07:59 -0500<br>&quot;Shawn Singh&quot; &lt;<a href="mailto:callmeshawn@gmail.com">callmeshawn@gmail.com</a>&gt; wrote:<br><br>&gt; Hello list,<br>&gt;<br>&gt; I&#39;ve got my /etc/conf.d/net setup as follows:
<br>&gt;<br>&gt; # Interface Handler<br>&gt; modules=( &quot;ifconfig&quot; )<br>&gt;<br>&gt; # eth0 (WAN) config<br>&gt; config_eth0=( &quot;dhcp&quot; )<br>&gt;<br>&gt; # eth1 (LAN) config<br>&gt; config_eth1=( &quot;<a href="http://192.168.1.1">
192.168.1.1</a> netmask <a href="http://255.255.255.0">255.255.255.0</a> broadcast<br>&gt; <a href="http://192.168.1.255">192.168.1.255</a>&quot; ) routes_eth1=( &quot;<a href="http://192.168.1.0">192.168.1.0</a> via <a href="http://192.168.1.1">
192.168.1.1</a>&quot; ) # the<br>&gt; idea here is that I wish to have all traffic intended for hosts on<br>&gt; <a href="http://192.168.1.0">192.168.1.0</a> pass through <a href="http://192.168.1.1">192.168.1.1</a>.<br><br>
all on the &#39;server&#39; right?&nbsp;&nbsp;The &#39;server&#39; doesn&#39;t need a route to<br><a href="http://192.168.1.0">192.168.1.0</a> through <a href="http://192.168.1.1">192.168.1.1</a>.&nbsp;&nbsp;That&#39;s going to be automatic on the
<br>server&#39;s end because of the line<br>&gt; <a href="http://192.168.1.0">192.168.1.0</a>&nbsp;&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://255.255.255.0">255.255.255.0</a>&nbsp;&nbsp; U&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;0 eth1<br>in route.&nbsp;&nbsp;A route through eth1 to the subnet eth1 is on will
<br>automatically be added.&nbsp;&nbsp;But does the &#39;client&#39; computer have such a<br>default route through <a href="http://192.168.1.1">192.168.1.1</a>?&nbsp;&nbsp;The command to set up such a route<br>(again, on the client) would be
<br><br>&nbsp;&nbsp;route add default gw <a href="http://192.168.1.1">192.168.1.1</a>;<br><br>&gt; Here&#39;s the output from ifconfig eth1:<br>looks fine.<br><br>&gt; This is my routing table:<br>looks fine, as long as it&#39;s from the server and not the client.
<br><br>&gt; One odd thing is, if I run mii-tool eth1, I get:<br>&gt; eth1: no link<br>&gt; eth1 is connected to my client machine via crossover cable (the wire<br>&gt; scheme A end is plugged into eth1, and the wire scheme b end is
<br>&gt; plugged into the client machine)<br>You clearly know the difference between a patch and a crossover, but i<br>don&#39;t see why the interfaces arent&#39; registering a conection.<br>&gt; I&#39;m experiencing difficulty where my client can&#39;t get to the Internet
<br>&gt; (the pages just time out)<br>you need ip forwarding enabled to pull that off.<br>&gt; I can&#39;t ping the gateway (<a href="http://192.168.1.1">192.168.1.1</a>)<br>&gt; from the client. Also, from the firewall, I can&#39;t ping the client
<br>&gt; machine ( <a href="http://192.168.1.2">192.168.1.2</a>).<br>This should be working right now, though.&nbsp;&nbsp;Can you post the ipconfig<br>and route output from the &#39;client&#39; ?<br><br>&gt; Pings from the firewall to the client result in Destination
<br>&gt; Unreachable, and if I remember correctly, pings from the client to<br>&gt; the firewall just time out.<br>sounds like the client is not actually &#39;connected&#39;.&nbsp;&nbsp;Although, clearly<br>the physical connection is there.
<br><br>&gt; I&#39;m running shorewall (v 3.0.8), so I&#39;ve tried shutting it down<br>&gt; (shorewall clear) to eliminate that as an option, but still not<br>&gt; getting anywhere.<br>oh oh.&nbsp;&nbsp;shorewall can really confuse things.&nbsp;&nbsp;Stop shorewall and have
<br>it save your iptables output, then I would suggest flushing<br>&gt; .config has the following entries in it, please let me know if there<br>&gt; are others that you need to see.<br>&gt;<br>&gt; CONFIG_IP_ADVANCED_ROUTER=y
<br>you don&#39;t need this.<br>&gt; CONFIG_NETFILTER=y<br>&gt; CONFIG_IP_NF_NAT=y<br>you will need this.&nbsp;&nbsp;But only oce you get connected to <a href="http://192.168.1.1">192.168.1.1</a> !<br>remember, the client needs a default route set.&nbsp;&nbsp;The server _isn&#39;t_
<br>going to need a route to 192.168.1/24 explicitly set in conf.d/net<br><br>&gt; Thanks,<br>&gt;<br>&gt; Shawn<br>I&#39;m on comcast too:<br><br>20:&nbsp;&nbsp;<a href="http://c-71-xxx-144-1.hsd1.fl.comcast.net">c-71-xxx-144-1.hsd1.fl.comcast.net
</a><br>(<a href="http://71.203.144.1">71.203.144.1</a>)&nbsp;&nbsp;&nbsp;&nbsp;asymm 21 167.516ms reached Resume: pmtu 1500 hops 20<br>back 21<br><br>only 1 country&#39;s width and 20/21 hops away from you!&nbsp;&nbsp;I mangled your ip<br>address even though you provide it yourself, to allow you to be the one
<br>invading your privacy and not me .<br><br>ps, if you have a switch around, i bet it would work if you plugged in<br>both to switch (/ hub) via patch cable.&nbsp;&nbsp;I bet your crossover is bad.<br>--<br><a href="mailto:gentoo-user@gentoo.org">
gentoo-user@gentoo.org</a> mailing list<br><br></blockquote></div><br><br clear="all"><br>-- <br>&quot;Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi.&quot;<br>Larry Wall