Hi, I am new to Linux (six months), and am trying to setup a Linux Router using
Bering_1.0-rc3_img_bering_1680.exe. I have followed the Bering Installation/Users
Guide step-by-step to setup the router using mostly default settings where possible.
My problem is that my local LAN (192.168.1.0/24) cannot ping and/or connect to the
Bering/Shorewall firewall?
The following is the configuration of my LAN at the moment:
Win2000P Bering
+---------------+ +--------------------+
LAN2<---------| 192.168.72.74 | | eth0:65.95.176.193 |---> PPPoE/ADSL
| | | |
| 192.168.1.10 |<-xLink RJ45->| eth1:192.168.1.254 |
| | | |
+---------------+ +--------------------+
On the Bering LRP, I can ping (1) eth0, (2) eth1, and the Internet, except when I
tried to ping loc:192.168.1.10, I receive the following message:
"PING 192.168.1.10 (192.168.1.10): 56 data bytes
--- 192.168.1.10 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss"
I think it is something to do with either (1) iptables or (2) shorewall. But I don't
have the necessary knowledge to fix it.
Other information:
uname -a:
Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown
ip addr show:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:35:c6:7b brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:93:ba:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 65.95.176.193 peer 65.95.176.1/32 scope global ppp0
ip route show:
65.95.176.1 dev ppp0 proto kernel scope link src 65.95.176.193
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
default via 65.95.176.1 dev ppp0
iptables -L:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
ppp0_in ah -- anywhere anywhere
eth1_in ah -- anywhere anywhere
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere LOG level info prefix
`Shorewall:INPUT:REJECT:'
reject ah -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN
TCPMSS clamp to PMTU
ppp0_fwd ah -- anywhere anywhere
eth1_fwd ah -- anywhere anywhere
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere LOG level info prefix
`Shorewall:FORWARD:REJECT:'
reject ah -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
DROP icmp -- anywhere anywhere state INVALID
ACCEPT icmp -- anywhere anywhere
fw2net ah -- anywhere anywhere
all2all ah -- anywhere anywhere
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere LOG level info prefix
`Shorewall:OUTPUT:REJECT:'
reject ah -- anywhere anywhere
Chain all2all (3 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere LOG level info prefix
`Shorewall:all2all:REJECT:'
reject ah -- anywhere anywhere
Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK
ACCEPT tcp -- anywhere anywhere tcp flags:RST/RST
REJECT udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:445 reject-with
icmp-port-unreachable
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP ah -- anywhere 255.255.255.255
DROP ah -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp spt:domain state NEW
DROP ah -- anywhere 192.168.1.255
Chain eth1_fwd (1 references)
target prot opt source destination
loc2net ah -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
loc2fw ah -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
all2all ah -- anywhere anywhere
Chain icmpdef (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
Chain loc2fw (1 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
all2all ah -- anywhere anywhere
Chain loc2net (1 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT ah -- anywhere anywhere
Chain net2all (2 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere LOG level info prefix
`Shorewall:net2all:DROP:'
DROP ah -- anywhere anywhere
Chain ppp0_fwd (1 references)
target prot opt source destination
net2all ah -- anywhere anywhere
Chain ppp0_in (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
net2all ah -- anywhere anywhere
Chain reject (6 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT ah -- anywhere anywhere reject-with
icmp-port-unreachable
Chain shorewall (0 references)
target prot opt source destination
/var/log/messages:
Nothing unusual!
Ping -c 2 google.com (from LRP):
PING google.com (216.239.35.100): 56 data bytes
64 bytes from 216.239.35.100: icmp_seq=0 ttl=51 time=138.8 ms
64 bytes from 216.239.35.100: icmp_seq=1 ttl=51 time=136.2 ms
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 136.2/137.5/138.8 ms
PS Sorry for the length of this posting!
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
