Thank you very much. I wont be able to get to the router until later this week, but I'll let you know if there is still problems. Thanks again, Joe >>> drue at therub.org 01/11/05 03:02PM >>> Ok, here's your problem. You wireless access point isn't configured correctly. Your "router", which i'll refer to as your wireless access point from now on, or WAP, is NATing. So is your firewall. Only NAT once! Also, both devices are handling DHCP - it's a mess. You should look for a 'bridge mode' option in your WAP. If I were at home i'd look at mine and tell you exactly what it's called. Turn off NAT, turn off DHCP. That's the job of your firebox. Then the wireless devices will use 192.168.1.2 as their default gateway (the firebox). Think of the WAP as simply a wireless switch - that's all you want it to do. Let me know if you're still having problems and i'll probe my configuration at home and tell you more specifically. I run almost the same configuration as you do. Dan On Tue, Jan 11, 2005 at 02:41:29PM -0600, Joe Stuart wrote: > Sorry I dont know much about networking, but all I did to the wireless > router was gave it an external Ip of 192.168.1.4 set the gateway to > 192.168.1.2, disabled the firewall and left the internal ip which is set > to 192.168.1.1 and connected the uplink port on the router to a regular > port on the firewall. > > Here is the info on both devices. > > Firebox: > External IP: 24.123.*.* > External Gateway: 24.123.*.* > Dns Server: 24.123.*.* > > Internal Ip: 192.168.1.2 > Subnet 255.255.255.0 > > Firewall completely open going out and only allowing vpn connections > coming in. > > Router: > External Ip: 192.168.1.4 > External Gateway: 192.168.1.2 > Dns 24.123.*.* > > Internal Ip: 192.168.1.1 > Submet 255.255.255.0 > > Firewall disabled. > > Thanks, > Joe > > >>> drue at therub.org 01/11/05 01:52PM >>> > *head explodes* > > draw us a picture? > > I don't get why your gateway isn't 192.168.1.2 (the internal address > of > the firebox). I don't get how your wireless router is setup (bridge > mode?). Are you NATing twice? > > dan > > On Tue, Jan 11, 2005 at 01:38:14PM -0600, Joe Stuart wrote: > > I disabled the firewall on the router. > > > > >>> "Garrett Krueger" <gkrueger at cleosci.com> 01/11/05 01:18PM >>> > > How is NAT set on the router? Normally you cannot ping inside > unless > > you > > specifically tell the router to let people ping the inside > addresses. > > > > > Machine on the internal network plugged into the Linksys router. > > > > > > > > > ip address 192.168.1.5 > > > gateway 192.168.1.1 > > > netmask 255.255.255.0 > > > dns 24.123.*.* > > > > > > I cannot ping the 192.168.1.2 address which is the internal > > interface > > > on the firewall > > > > > > Let me know if you need anything more. > > > > > > Thanks > > > > > > > > >>>> smac at visi.com 01/11/05 10:35AM >>> > > > > > > Need a little more information. > > > > > > Linux > > > ifconfig = results > > > > > > M$ > > > ipconfig /all = results > > > > > > Joe Stuart wrote: > > > > > >>I have a wireless Linksys router setup behind a Watchguard firebox > > >>firewall with a vpn setup on the firebox. I have an external Ip > > > setup > > >>on the external interface and an internal ip of 192.168.1.2 setup > > on > > >>the internal interface of the firebox. The problem I have is that > > when > > > I > > >>vpn in I can only ping the 192.168.1.2 address and nothing after > > that > > >>including the Linksys router right behind the firewall. I also > > cannot > > >>ping the internal interface of the firebox when plugged into the > > > Linksys > > >>router. Which you would think I should be able to do, because the > > >>internal interface of the firebox is the gateway for the external > > >>interface on the Linksys router. > > >> > > >>Any help is appreciated. > > >> > > >>_______________________________________________ > > >>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > >>Help beta test TCLUG's potential new home: > http://plone.mn-linux.org > > > > >>Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > > > >>tclug-list at mn-linux.org > > >>https://mailman.real-time.com/mailman/listinfo/tclug-list > > >> > > >> > > >> > > >> > > > > > > > > > > > > -- > > > No virus found in this outgoing message. > > > Checked by AVG Anti-Virus. > > > Version: 7.0.300 / Virus Database: 265.6.10 - Release Date: > > 1/10/2005 > > > > > > > > > _______________________________________________ > > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > > Help beta test TCLUG's potential new home: > http://plone.mn-linux.org > > > > > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > > > > tclug-list at mn-linux.org > > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > > > > > _______________________________________________ > > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > > Help beta test TCLUG's potential new home: > http://plone.mn-linux.org > > > > > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > > > > tclug-list at mn-linux.org > > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > > > > > > > > > > _______________________________________________ > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > Help beta test TCLUG's potential new home: http://plone.mn-linux.org > > > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > > tclug-list at mn-linux.org > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > > > _______________________________________________ > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > Help beta test TCLUG's potential new home: http://plone.mn-linux.org > > > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > > tclug-list at mn-linux.org > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > Help beta test TCLUG's potential new home: http://plone.mn-linux.org > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > Help beta test TCLUG's potential new home: http://plone.mn-linux.org > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery > tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list