Re: [m0n0wall] Problem getting m0n0wall to work

From:	blaue0 <me at blaue0 dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Problem getting m0n0wall to work
Date:	Thu, 05 Aug 2004 14:47:14 +0200
# mii-tool eth0
eth0: negotiated 100baseTx-FD, link ok

Graham Dunn wrote:

>On Thu, Aug 05, 2004 at 02:34:35PM +0200, blaue0 wrote:
>  
>
>>Ok, I think it's time for some debug output:
>>
>>IP configuration of my NIC on my Gentoo machine:
>>
>># ifconfig eth0
>>eth0   Link encap:Ethernet  HWaddr 00:30:4F:2B:32:D8
>>         inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
>>         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>         RX packets:66308 errors:0 dropped:0 overruns:0 frame:0
>>         TX packets:56775 errors:0 dropped:0 overruns:0 carrier:0
>>         collisions:0 txqueuelen:1000
>>         RX bytes:63189031 (60.2 Mb)  TX bytes:4926310 (4.6 Mb)
>>         Interrupt:10 Base address:0xac00
>>
>>and IP configuration of my m0n0wall:
>>
>>$ ifconfig sis0
>>sis0:   flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>>	ether 00:0d:b9:00:76:7c
>>	media: Ethernet autoselect (100baseTX <full-duplex>)
>>	status: active
>>
>>I really think the IP config is ok.
>>When I say all ok, I mean I can browse the web, send emails etc.. 
>>(Traffic flows).
>>    
>>
>
>What does
>
>mii-tool eth0
>
>on your gentoo say? I wonder if there's a port auto-negotiation
>wierdness happening?
>
>You may have to force your gentoo eth0 to 100BaseT full-duplex.
>
>Graham
>
>  
>
>>Graham Dunn wrote:
>>
>>    
>>
>>>On Wed, Aug 04, 2004 at 11:08:42PM +0200, blaue0 wrote:
>>>
>>>
>>>      
>>>
>>>>Thanks a lot. First: With crossover cable from my machine to m0n0, all 
>>>>works fine.
>>>>I don't know much about electronic and such stuff. I don't know if my 
>>>>switch is grounded correctly, but I think it's not.
>>>>
>>>>I know, that I have to use https instead of http with HTTPS, but it's as 
>>>>I said: nmap shows a completly closed firewall. Not even one port is open.
>>>>
>>>>I'm not using the same IP subnet on WAN and LAN interface, the LAN is 
>>>>192.168.1.x and the WAN is assigned by DHCP from my cable provider.
>>>>
>>>>I can ping the box with a crossover cable (when it's directly connected 
>>>>to my machine), but I can't if it's connected to the switch using 
>>>>crossover or patch cable.
>>>>  
>>>>
>>>>        
>>>>
>>>Switch <-> machine connections will never use a crossover cable (unless
>>>the port on the switch says MDI-X, in which case you should use another
>>>port). Link lights will come on regardless of if you're using a
>>>straight-through, or crossover, so that's not a reliable diagnostic.
>>>
>>>Your cables are known good, right (I think you mentioned using them with
>>>a windows ICS setup).
>>>
>>>Make sure your machine is in the same subnet as the m0n0wall. Double
>>>check the IP and subnet settings on both the client and the m0n0wall.
>>>
>>>Make sure you're plugging the NIC you think you are into the switch (LAN
>>>vs WAN). I've made this mistake, most annoying :/
>>>
>>>When you say "all works fine" above, do you mean that you can send
>>>traffic through the m0n0wall, or just ping it? If traffic flows, then it
>>>sounds like purely a cabling issue, or a broken switch port.
>>>
>>>Graham
>>>
>>>
>>>
>>>
>>>
>>>      
>>>
>>>>Allan D. Piske wrote:
>>>>
>>>>  
>>>>
>>>>        
>>>>
>>>>>Hi, there maybe a compatibility problem with your switch and these 
>>>>>adapters,
>>>>>If you connect the PC to m0n0 with the crossover cable it works or not?
>>>>>Remember that grounding can affect data communications as well, it's 
>>>>>where
>>>>>important that every device interconnnected in the LAN are grounded.
>>>>>If PC-m0n0 works, and PC-SWITCH-m0n0 doesnt, or your switch is broken, or
>>>>>you have a serious grounding problem or it's simple ethernet 
>>>>>adapter/switch
>>>>>imcompatibility ( did i wrote that right? )
>>>>>
>>>>>got it?
>>>>>
>>>>>sorry about my english too, it's not my primary language.
>>>>>
>>>>>regards,
>>>>>
>>>>>Allan.
>>>>>
>>>>>----- Original Message ----- 
>>>>>From: "blaue0" <me at blaue0 dot net>
>>>>>To: <m0n0wall at lists dot m0n0 dot ch>
>>>>>Sent: Wednesday, August 04, 2004 5:16 PM
>>>>>Subject: Re: [m0n0wall] Problem getting m0n0wall to work
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>    
>>>>>
>>>>>          
>>>>>
>>>>>>Yes, I'm sure that they are good, I get a connection with these cables
>>>>>>      
>>>>>>
>>>>>>            
>>>>>>
>>>>>>from my machine.
>>>>>    
>>>>>
>>>>>          
>>>>>
>>>>>>Unfortunately I don't have any hub or something like that.
>>>>>>It does light up on the switch with both cables, with both cables
>>>>>>the light on the switch does flicker a bit... don't know if this is
>>>>>>important.
>>>>>>
>>>>>>I really know the difference between a crossover and a patch cable :)
>>>>>>
>>>>>>You said, pinging is disabled by default. If my machine is connectet to
>>>>>>the m0n0 by crossover cable, then I get a ping to it. Browsing to the
>>>>>>webinterface doesn't work at all with both cables...
>>>>>>
>>>>>>Seth Rothenberg wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>      
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>Are you sure that all the cables you tried are good?
>>>>>>>
>>>>>>>Do you have any other test equipment available?
>>>>>>>eg, a hub, with or without an uplink....
>>>>>>>
>>>>>>>the PC engines should light up a port on the hub
>>>>>>>with one cable or the other.
>>>>>>>
>>>>>>>You didn't mention if you are knowledgable about
>>>>>>>cables.  You can check by eye if it is a crossover.
>>>>>>>If the orange and/or green are reversed from one
>>>>>>>end to the other, it is crossover.
>>>>>>>
>>>>>>>You can test 2 crossover cables with a coupler
>>>>>>>on a regular cable run.
>>>>>>>
>>>>>>>
>>>>>>>These are just some ideas to try...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  
>>>>>>>
>>>>>>>        
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>---------------------------------------------------------------------
>>>>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>>>
>>>>>>
>>>>>>Esta mensagem foi verificada pelo E-mail Protegido Terra.
>>>>>>Scan engine: VirusScan / Atualizado em 04/08/2004 / Vers?o: 1.5.2
>>>>>>Proteja o seu e-mail Terra: http://www.emailprotegido.terra.com.br/
>>>>>>
>>>>>>E-mail classificado pelo Identificador de Spam Inteligente Terra.
>>>>>>Para alterar a categoria classificada, visite
>>>>>>
>>>>>>
>>>>>>
>>>>>>      
>>>>>>
>>>>>>            
>>>>>>
>>>>>http://www.terra.com.br/centralunificada/emailprotegido/imail/imail.cgi?+_u=zyryz&_l=1091650706.438850.21046.gravatal.terra.com.br
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>    
>>>>>
>>>>>          
>>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>  
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>>
>>>
>>>
>>>
>>>      
>>>
>
>
>
>  
>