Thank you very much.  I wont be able to get to the router until later
this week, but I'll let you know if there is still problems.

Thanks again,
Joe

>>> drue at therub.org 01/11/05 03:02PM >>>
Ok, here's your problem.  You wireless access point isn't configured
correctly.  Your "router", which i'll refer to as your wireless access
point from now on, or WAP, is NATing.  So is your firewall.  Only NAT
once!  Also, both devices are handling DHCP - it's a mess.

You should look for a 'bridge mode' option in your WAP.  If I were at
home i'd look at mine and tell you exactly what it's called.

Turn off NAT, turn off DHCP.  That's the job of your firebox.  Then
the
wireless devices will use 192.168.1.2 as their default gateway (the
firebox).  Think of the WAP as simply a wireless switch - that's all
you
want it to do.

Let me know if you're still having problems and i'll probe my
configuration at home and tell you more specifically.  I run almost
the
same configuration as you do.

Dan

On Tue, Jan 11, 2005 at 02:41:29PM -0600, Joe Stuart wrote:
> Sorry I dont know much about networking, but all I did to the
wireless
> router was gave it an external Ip of 192.168.1.4 set the gateway to
> 192.168.1.2, disabled the firewall and left the internal ip which is
set
> to 192.168.1.1 and connected the uplink port on the router to a
regular
> port on the firewall.  
> 
> Here is the info on both devices.
> 
> Firebox:
> External IP: 24.123.*.*
> External Gateway: 24.123.*.*
> Dns Server: 24.123.*.*
> 
> Internal Ip: 192.168.1.2
> Subnet 255.255.255.0
> 
> Firewall completely open going out and only allowing vpn connections
> coming in.
> 
> Router:
> External Ip: 192.168.1.4
> External Gateway: 192.168.1.2
> Dns 24.123.*.*
> 
> Internal Ip: 192.168.1.1
> Submet 255.255.255.0
> 
> Firewall disabled.
> 
> Thanks,
> Joe
> 
> >>> drue at therub.org 01/11/05 01:52PM >>>
> *head explodes*
> 
> draw us a picture?
> 
> I don't get why your gateway isn't 192.168.1.2 (the internal address
> of
> the firebox).  I don't get how your wireless router is setup (bridge
> mode?).  Are you NATing twice?
> 
> dan
> 
> On Tue, Jan 11, 2005 at 01:38:14PM -0600, Joe Stuart wrote:
> > I disabled the firewall on the router.
> > 
> > >>> "Garrett Krueger" <gkrueger at cleosci.com> 01/11/05 01:18PM >>>
> > How is NAT set on the router?  Normally you cannot ping inside
> unless
> > you
> > specifically tell the router to let people ping the inside
> addresses.
> > 
> > > Machine on the internal network plugged into the Linksys router.
> > >
> > >
> > > ip address 192.168.1.5
> > > gateway 192.168.1.1
> > > netmask 255.255.255.0
> > > dns 24.123.*.*
> > >
> > > I cannot ping the 192.168.1.2 address which is the internal
> > interface
> > > on the firewall
> > >
> > > Let me know if you need anything more.
> > >
> > > Thanks
> > >
> > >
> > >>>> smac at visi.com 01/11/05 10:35AM >>>
> > >
> > > Need a little more information.
> > >
> > > Linux
> > > ifconfig  = results
> > >
> > > M$
> > > ipconfig /all = results
> > >
> > > Joe Stuart wrote:
> > >
> > >>I have a wireless Linksys router setup behind a Watchguard
firebox
> > >>firewall with a vpn setup on the firebox.  I have an external Ip
> > > setup
> > >>on the external interface  and an internal ip of 192.168.1.2
setup
> > on
> > >>the internal interface of the firebox. The problem I have is
that
> > when
> > > I
> > >>vpn in I can only ping the 192.168.1.2 address and nothing after
> > that
> > >>including the Linksys router right behind the firewall. I also
> > cannot
> > >>ping the internal interface of the firebox when plugged into the
> > > Linksys
> > >>router.  Which you would think I should be able to do, because
the
> > >>internal interface of the firebox is the gateway for the
external
> > >>interface on the Linksys router.
> > >>
> > >>Any help is appreciated.
> > >>
> > >>_______________________________________________
> > >>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > >>Help beta test TCLUG's potential new home:
> http://plone.mn-linux.org 
> > 
> > >>Got pictures for TCLUG? Beta test
http://plone.mn-linux.org/gallery 
> 
> > >>tclug-list at mn-linux.org 
> > >>https://mailman.real-time.com/mailman/listinfo/tclug-list 
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > > --
> > > No virus found in this outgoing message.
> > > Checked by AVG Anti-Virus.
> > > Version: 7.0.300 / Virus Database: 265.6.10 - Release Date:
> > 1/10/2005
> > >
> > >
> > > _______________________________________________
> > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > > Help beta test TCLUG's potential new home:
> http://plone.mn-linux.org 
> > 
> > > Got pictures for TCLUG? Beta test
http://plone.mn-linux.org/gallery 
> 
> > > tclug-list at mn-linux.org 
> > > https://mailman.real-time.com/mailman/listinfo/tclug-list 
> > >
> > > _______________________________________________
> > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > > Help beta test TCLUG's potential new home:
> http://plone.mn-linux.org 
> > 
> > > Got pictures for TCLUG? Beta test
http://plone.mn-linux.org/gallery 
> 
> > > tclug-list at mn-linux.org 
> > > https://mailman.real-time.com/mailman/listinfo/tclug-list 
> > >
> > 
> > 
> > 
> > _______________________________________________
> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > Help beta test TCLUG's potential new home:
http://plone.mn-linux.org 
> 
> > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery

> > tclug-list at mn-linux.org 
> > https://mailman.real-time.com/mailman/listinfo/tclug-list 
> > 
> > _______________________________________________
> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > Help beta test TCLUG's potential new home:
http://plone.mn-linux.org 
> 
> > Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery

> > tclug-list at mn-linux.org 
> > https://mailman.real-time.com/mailman/listinfo/tclug-list 
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> Help beta test TCLUG's potential new home: http://plone.mn-linux.org

> Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery 
> tclug-list at mn-linux.org 
> https://mailman.real-time.com/mailman/listinfo/tclug-list 
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> Help beta test TCLUG's potential new home: http://plone.mn-linux.org

> Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery 
> tclug-list at mn-linux.org 
> https://mailman.real-time.com/mailman/listinfo/tclug-list 

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org 
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery 
tclug-list at mn-linux.org 
https://mailman.real-time.com/mailman/listinfo/tclug-list

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list