Just get each interface going one at a time.Quote:
>I am trying to set up a testbed system for McAfee's Webshield product
>(scans in/outgoing Internet stream for viruses) which uses Linux as it's
>OS. I'm using the 1.0 version of the product with a patch provided by
>McAfee to make it recognize our SMC Etherpower cards (w/DEC 21041 chip).
>You normally stick this product in-between your firewall and internal
>router, but for testing I just hooked both NICs onto our external Ethernet
>line (10Base2 [Thin net]). You are supposed to be able to manage the
>Webshield product via http or telnet, so I wanted to see if I am able to
>do so before I set up down-time on our Internet connection to insert this
Do you get replies?Quote:>The problem is that I'm not able to http/telnet to the Webshield system,
>or even ping it. However, I *am* able to ping out from the Webshield
What does "netstat -i -n; netstat -r -n" on the WS box say?Quote:>On the same segment as the Webshield server is our Web server. I
>can ping the Web server from the Webshield server but cannot ping
>the Webshield server from the Web server.
Hmm, does it know that's its address? Is the interface up?Quote:>I put a General Networks Sniffer
>on the line and when looking for broadcasts to/from the Web server's MAC
>address, I can see the Web server sending out ARP requests looking for the
>Webshield TCP/IP address, but the Webshield machine never responds to the
Ha ha. Morons!Quote:>Talking to McAfee they told me I have to be using cross-over cables. I
>told them we were using 10Base2 and shouldn't need cross-over cables.
They're probably being stupid unless these patches you are using for thoseQuote:>They
>then said their product won't work with 10Base2 (BNC connector). I don't
>think that's quite right. This seems to be more of a Linux problem than a
network cards don't support 10base2.
bzzt? Is the webshield not functioning as an application gateway then?Quote:>I used the setup program that comes with the SMC Etherpower cards to force
>the cards to use the BNC connector, and forced the IRQ's to 10 and 11. One
>card (eth1) doesn't get a TCP/IP address as it will just be a passthrough
>from the outside.
Whew.Quote:>The version of Linux Webshield is running is 1.2. I wouldn't think it is
>necessary to upgrade the Linux in this case, and at any rate I don't want
>to as this product was purchased as a stand-alone Internet virus scanner.
>We haven't paid for the product yet (demo copy)
This seems enormously overpowered to me, is that the hardware they reccomended?Quote:>but we did sink the money
>into the hardware (DEC 5166 Prioris, 64 Megs RAM, a couple SCSI hard
Remember, it's their product. There is nothing special about your network.Quote:>I'm not a Linux guru and don't want to be at this point in
>time, but I feel I'm so close to getting this product working I'm willing
>to pursue it (I feel my reputation as a computer professional is on the
>line if I can't make it work).
netstat -i -n ?Quote:>Reading back through the newsgroup messages I tried such things as
>cat /proc/ksyms | grep ip_forward and
>and got nothing. It's almost as if Linux doesn't recognize it's own TCP/IP
arp -a ?Quote:>and thus doesn't respond to ARP requests (then again, how could
>Linux receive the responses to its ping if it couldn't recognize its own
ifconfig -a on the WebShield and the firewall?Quote:>Since the Web server and Webshield machines are on the same
>LAN segment, the router shouldn't be involved. Incidently, we are using a
>sub-netted segment and I do have the correct subnet mask, broadcast
>address, etc.. set on the Webshield machine. I set the Webshield portion
>up so anyone could http or telnet to it, not just the trusted host (and it
>doesn't work from the trusted host either).
James Youngman VG Gas Analysis Systems The trouble with the rat-race
Before sending advertising material, read is, even if you win, you're
http://www.law.cornell.edu/uscode/47/227.html still a rat.