Hi!

I don't know if this is the right place for the question I have, but it's related to a honeynet, so I take my chances.

I have a router that's configured with two ethernet devices, one points to the Internet, and the other one to my network.

The router config looks like this: (the ip-addresses are fake..)
----
interface Ethernet0
ip address 219.18.129.205 255.255.255.252
half-duplex
!
interface FastEthernet0
ip address 84.12.145.41 255.255.255.248
speed auto
half-duplex
!
ip default-gateway 219.18.129.206
ip classless
ip route 0.0.0.0 0.0.0.0 219.18.129.206
ip route 84.12.145.40 255.255.255.248 FastEthernet0
ip route 194.19.32.96 255.255.255.224 FastEthernet0
----
And as you can see I have two public networks 84.12.x.x and 194.19.x.x, and I want to
route both those network into my network (Fast0). And this seems to be working just fine.


On the inside I have a Debian 2.4.18-x server with two network cards:

eth0
inet addr:84.12.145.43 Bcast:84.255.255.255 Mask:255.255.255.248

eth1
inet addr:194.19.32.97 Bcast:194.19.32.127 Mask:255.255.255.224


The routing table looks like this:
----
Destination Gateway Genmask Flags Metric Ref Use Iface
84.12.145.40 0.0.0.0 255.255.255.248 U 0 0 0 eth0
193.71.32.96 0.0.0.0 255.255.255.224 U 0 0 0 eth1
0.0.0.0 84.12.145.41 0.0.0.0 UG 0 0 0 eth0
----


And connected to eth1 I have another Debian server with one interface:

eth0
inet addr:194.19.32.98 Bcast:194.19.32.127 Mask:255.255.255.224


And the routing table looks like this:
----
Destination Gateway Genmask Flags Metric Ref Use Iface
194.19.32.96 0.0.0.0 255.255.255.224 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 194.19.32.97 0.0.0.0 UG 0 0 0 eth0
----

I thought that this should work, but it doesn't. When I ping Debian server #2
server (194.19.32.98) from Debian server #1 (194.19.32.97) it answers and everything
looks fine. And it works fine the other way around as well.

And if I try to ping eth0 (84.12.145.43) from Debian server #2 (194.19.32.98) I get
an answer.

But, if I try to ping the router (84.12.145.41) I get no answer.

I have connected a hub between Debian server #1 and the router and I am trying to
tcpdump/tethereal to find out what's happening.

The ping goes through, but Debian server #1 (84.12.145.43) does not want to tell
the router (84.12.145.41) where to find Debian server #2 (194.19.32.98).
-----
0.000000 194.19.32.98 -> 84.12.145.41 ICMP Echo (ping) request
0.001085 00:14:d1:3f:4a:f1 -> ff:ff:ff:ff:ff:ff ARP Who has 194.19.32.98? Tell 84.12.145.41
0.729126 00:14:d1:3f:4a:f1 -> 00:14:d1:3f:4a:f1 LOOP Loopback
-----

I suspect that I cannot see the forest because the trees are in my view, and that the
Loopback message should tell me something. But, I am a blank.

Does anyone have any suggestions? Please? I am going slightly mad.. (Blupp)

Maybe I am attacking this the wrong way, and I appreciate any suggestion at this moment.

Thanks!

- Ole S -