Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Rob Salsgiver on October 25, 2002, 08:09:35 PM
-
Greetings all,
I have an interesting one that I would like some input on if any of you have run across it before.
I have a 5.5 private gateway sitting as the firewall on a 192.168.100.x subnet, followed by (structurally):
Cisco 25xx router (100.x subnet)
Wireless router (between 100 and 111 subnets)
PCs on both subnets.
The PCs in the 100 subnet work great.
The PCs in the wireless 111 subnet can talk to everything on the 100 subnet, and to the SME box.
The PCs in the 111 subnet cannot access the 'net. When doing an NSLOOKUP, the PCs find the SME box and the first half-dozen or so queries timeout, then they will get an address for whatever is being queried. Even after that, I cannot access a webpage through iexploiter.
Once the IP address is resolved, I CAN get POP3 E-mail via outlook express, but only if I put in the IP address of the SMTP host. I CANNOT get POP3 E-mail if I put in the hostname of the SMTP host.
I have disabled the firewall and made the wireless router a simple router. Gateways are configured as such:
Cisco 25xx router - gateway is the SME box local interface.
100 subnet PCs - gateway is the Cisco 25xx
Wireless router - gateway is the Cisco 25xx (also tried direct to SME local if, no diff)
111 subnet PCs - gateway is the local wireless router IP
Any ideas, anyone?
Cheers,
Rob
-
sorry - forgot to add that I have the 111 subnet listed as a local network on the SME box.
Cheers,
Rob
Rob Salsgiver wrote:
>
> Greetings all,
>
> I have an interesting one that I would like some input on if
> any of you have run across it before.
>
> I have a 5.5 private gateway sitting as the firewall on a
> 192.168.100.x subnet, followed by (structurally):
> Cisco 25xx router (100.x subnet)
> Wireless router (between 100 and 111 subnets)
> PCs on both subnets.
>
> The PCs in the 100 subnet work great.
> The PCs in the wireless 111 subnet can talk to everything on
> the 100 subnet, and to the SME box.
>
> The PCs in the 111 subnet cannot access the 'net. When doing
> an NSLOOKUP, the PCs find the SME box and the first
> half-dozen or so queries timeout, then they will get an
> address for whatever is being queried. Even after that, I
> cannot access a webpage through iexploiter.
>
> Once the IP address is resolved, I CAN get POP3 E-mail via
> outlook express, but only if I put in the IP address of the
> SMTP host. I CANNOT get POP3 E-mail if I put in the hostname
> of the SMTP host.
>
> I have disabled the firewall and made the wireless router a
> simple router. Gateways are configured as such:
>
> Cisco 25xx router - gateway is the SME box local interface.
> 100 subnet PCs - gateway is the Cisco 25xx
> Wireless router - gateway is the Cisco 25xx (also tried
> direct to SME local if, no diff)
> 111 subnet PCs - gateway is the local wireless router IP
>
> Any ideas, anyone?
>
> Cheers,
> Rob
-
Greetings all,
Just dropping a line to let everyone know that I found a work-around on my previously posted problem - and a possible but in v5.5.
The original problem was this - I have a v5.5 system operating in private dialup mode with two subnets behind it. One subnet is directly connected, the other serviced by a wireless router. The directly connected subnet could access the 'net fine. The wireless subnet would only resolve names after about 8-12 nslookup statements, and would NEVER be able to access the 'net via a browser whether the names would resolve or not. I could, however, obtain SMTP/POP3 email if I used my ISPs IP addresses, but not if I used the system DNS names.
My e-smith box was the DNS server entry for both subnets.
Resolution:
I moved all PCs in both subnets to use an internal DNS server, inside the perimiter of the e-smith box. The internal DNS server pointed to the e-smith box as it's forwarder.
Results:
Both subnets are now able to access the 'net fine.
Possible problem/bug:
I haven't dug into it to verify anything, but my suspicion is that either the firewall or routing on the E-smith box is faulty when dealing with multiple subnets. My stronger suspicion is the firewall. I believe the e-smith box is not properly returning udp and/or tcp packets to the requestor on the remote (in this case wireless) subnet. Verification and further resolution of the problem will be left to other experts in the forum who may be interested. I am moving on from e-smith to a self-packaged redhat install that will allow me to work around a couple other limitations of the e-smith implementation. "Good job" to everyone who has put time and effort into the e-smith project - it's a good distribution!
Cheers,
Rob