Quoting Marc Breslow <marc at radiusIM.com>: > Jeff, > > I think we are on to something here. I added a static route on the > 192.168.1.1 router to the 192.168.1.224 with the gateway address equal to > the eth1 IP address on the firewall. I can now ping 192.168.1.1 from behind > the firewall but I still can't ping 209.73.186.238 (yahoo) from behind the > firewall. I can ping yahoo from the firewall. > > Any other thoughts? Couple of questions. Is your firewall (the CentOS box with 192.168.1.224 and 192.168.202.1 interfaces) configured to perform NAT? Or is the firewall on it completely turned off? What is exactly the route you added to your external router? That router probably has two network interfaces and therefore two routes with link scope associted with them. One telling it how to reach the router at the ISP end, and second one for your 192.168.1.0/24 network. Everything else will be routed to the default route (meaning outside). You want to add static route on your external router for 192.168.202.0/24 pointing to 192.168.1.224. Is that what you did? If that is what you did, you might want to check configuration of your external router, and see how firewalling is configured on it. Many of those small devices have some firewalling enabled by default in them. Maybe it considers only 192.168.1.0/24 to be internal network, and drops everything else from inside. Try doing traceroute from 192.168.202.10. Also, running tcpdump on your firewall's eth1 and eth3 interfaces in parallel (for example from two terminal windows) while you are doing traceroute or simply attempting to ping outside world and comparing the outputs might give you an idea what is going on. -- See Ya' later, alligator! http://www.8-P.ca/