On Thu, 2003-02-13 at 19:10, Mark Ferlatte wrote: > Jerome Lacoste (Frisurf) said on Thu, Feb 13, 2003 at 10:13:09AM +0100: > > I have this network configuration > > > > E > > | > > Internet > > | > > | (EXT-IP) > > ** R ** (Firewall) > > | (192.168.1.1) > > ___|___ > > | | | | > > M S M M > > > > > > E: external machine > > R: router firewall for our intranet > > S: internal server running Linux (in fact it runs Mandrake 9.0) > > M: internal machines > > What is R? Routerbox, Linux box being a router...?
No it's a dedicated box. ZyXEL ZYWALL. http://www.zyxel.com (their site is in bad shape now due to mysql problems apparently). > > Thus doing a ping EXT-IP or wget EXT-IP ends up with a timeout. > > So you're blocking all ICMP at your router? That's not a good idea: you > should rate limit ping (to say 5/sec), and allow many of the other ones. > ICMP is necessary for IP to function properly. I am not sure I have that level of control. Not from the web interface at least. I will have to look more deeply at the command line interface of the beast. > > If I am in my internal network: > > > > > ssh [EMAIL PROTECTED] works > > > ssh [EMAIL PROTECTED] fails > > > ssh login@EXT-IP fails > > Sounds like your router isn't allowing DNS packets to go from behind > your internal network to your nameservers. In addition, it sounds like > your router/firewall is blocking ssh traffic from your internal network > to your external IP. The solution is perhaps as Jeremy pointed out to have an internal DNS server. Does that sound OK to you? > > >From a windows machine, pring and tracert to EXT-IP work. > > >From any Linux machine on my network (M), I can ping my EXT-IP, but > > cannot traceroute it. > > traceroute on Linux works differently than tracert on Windows. By > default, traceroute on Linux uses UDP packets, while tracert on Windows > uses ICMP. Try traceroute -I from your Linux boxes, and see if that > works. > > > Now I am out of ideas. > > So if anybody can tell me why I cannot make a traceroute on linux or an > > ssh to my external ip from within my network, I would be happy. > > Can you tell us what your router is? That might help. Answered above. > Are you sure > that your router is configured to NAT your internal network properly? I am as sure as what the router tells me ;) We have no other problem that I know of. Thanks a lot, Jerome -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
