Strange linux debian

Hello group,
after upgrade 6 months old debian stable to current stable, my router
stopped working. My network is as follows:
internet---linux_router---access_point_client1--accesspoint--access_point_client2---m0n0wall
configuration:
linux_router has internet connection on eth3 and has private network on
eth0. routing table on linux_router:

ei83:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
80.xx.xx.80 0.0.0.0 255.255.255.240 U 0 0
0 eth3
10.0.0.0 10.255.255.249 255.255.255.0 UG 0 0 0
eth0
10.0.1.0 10.255.255.249 255.255.255.0 UG 0 0 0
eth0
10.255.255.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
172.17.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
0.0.0.0 80.xx.xx.81 0.0.0.0 UG 0 0
0 eth3

where 10.255.255.249 is an ip of m0n0wall accesspoint
behind m0n0wall there are two networks: 10.0.0.0/24 and 10.0.1.0/24
There are also sob virtual networks for pptp.
I've enabled forwarding:
ei83:~# sysctl -a | grep forwarding
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth3.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.lo.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth2.mc_forwarding = 0
net.ipv4.conf.eth2.forwarding = 1
net.ipv4.conf.eth3.mc_forwarding = 0
net.ipv4.conf.eth3.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1

and setup NAT in iptables:
ei83:~# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 5470 packets, 324K bytes)
pkts bytes target prot opt in out source
destination
43 4227 DNAT all -- * * 0.0.0.0/0
80.53.8.82 to:10.255.255.249

Chain POSTROUTING (policy ACCEPT 2020 packets, 96721 bytes)
pkts bytes target prot opt in out source
destination
2 131 SNAT all -- * * 10.0.0.0/24
0.0.0.0/0 to:80.xx.xx.83
0 0 SNAT all -- * * 10.0.1.0/24
0.0.0.0/0 to:80.xx.xx.83
2 130 SNAT all -- * * 10.255.255.0/24
0.0.0.0/0 to:80.xx.xx.83

Chain OUTPUT (policy ACCEPT 1881 packets, 81531 bytes)
pkts bytes target prot opt in out source
destination

m0n0wall has 3 interfaces:
1 WAN: 10.255.255.249/24 with gateway 10.255.255.1 - can ping onlu
linux_router
1 LAN: 10.0.1.0/24 - can ping only ip's from linux_router
1 WIFI: 10.0.0.0/24 - can ping only ip's from linux_router

What is an issue?
From m0n0wall I can only ping addresses on linux_router, I can't ping
anything outsite linux_router including his default router.
I've sniffed network on linux_router and discovered, that nothing is
forwarded from interface eth0 to eth3.

I've spent 2 nights and I've didn't find anything.

Please help me diagnose this issue.

Regards,
Grzegorz

On Tue, 30 May 2006 02:22:53 +0200, tt
<(E-Mail Removed)> wrote:
>
> m0n0wall has 3 interfaces:
> 1 WAN: 10.255.255.249/24 with gateway 10.255.255.1 - can ping onlu
> linux_router
> 1 LAN: 10.0.1.0/24 - can ping only ip's from linux_router
> 1 WIFI: 10.0.0.0/24 - can ping only ip's from linux_router
>
> What is an issue?
> From m0n0wall I can only ping addresses on linux_router, I can't ping
> anything outsite linux_router including his default router.
> I've sniffed network on linux_router and discovered, that nothing is
> forwarded from interface eth0 to eth3.
>
Can linux_router ping itself? Does ifconfig show the lo interface is
up? Have you tried /etc/init.d/networking restart ?



--
Who does not trust enough will not be trusted.
-- Lao Tsu

> Can linux_router ping itself?
Yes, no problem.

> Does ifconfig show the lo interface is up?
Yes.

> Have you tried /etc/init.d/networking restart ?
Yes, more than once. Including rebooting machine. Including upgrading
the kernel to 2.6.16.

The firewall is VERY simple. Default rules are set to ACCEPT.

Please help. It is stupid from my site to ask for this help but my ideas
finished.

Cheers,
Grzegorz

> Can linux_router ping itself?
Yes, no problem.

> Does ifconfig show the lo interface is up?
Yes.

> Have you tried /etc/init.d/networking restart ?
Yes, more than once. Including rebooting machine. Including upgrading
the kernel to 2.6.16.

The firewall is VERY simple. Default rules are set to ACCEPT.

Please help. It is stupid from my site to ask for this help but my ideas
finished.

Cheers,
Grzegorz

And I found strange behaviour. I've temporary added PREROUTING rule to
nat to forward all trafic orginating to specific host on the Internet to
one of linux_router ip. After that I was able to ping that "host" from
m0n0wall and responses were from linux_router.
I've cleaned up this rule and... m0n0wall was able to ping taht host!
Trace route showed good route from m0n0wall!!!

Regards,
Grzegorz