Support Requests item #617946, was opened at 2002-10-03 02:20 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=617946&group_id=13751
Category: Release/Branch: Bering Group: None >Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Can't ping/connect to firewall Initial Comment: Hi, I am new to Linux (six months), and am trying to setup a Linux Router using Bering_1.0- rc3_img_bering_1680.exe. I have followed the Bering Installation/Users Guide step-by-step to setup the router using mostly default settings where possible. My problem is that my local LAN (192.168.1.0/24) cannot ping and/or connect to the Bering/Shorewall firewall? The following is the configuration of my LAN at the moment: Win2000P Bering +---------------+ +-------------------- + LAN2<---------| 192.168.72.74 | | eth0:65.95.176.193 |---> PPPoE/ADSL | | | | | 192.168.1.10 |<-xLink RJ45->| eth1:192.168.1.254 | | | | | +---------------+ +-------------------- + On the Bering LRP, I can ping (1) eth0, (2) eth1, and the Internet, except when I tried to ping loc:192.168.1.10, I receive the following message: "PING 192.168.1.10 (192.168.1.10): 56 data bytes --- 192.168.1.10 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss" I think it is something to do with either (1) iptables or (2) shorewall. But I don't have the necessary knowledge to fix it. Other information: uname -a: Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown ip addr show: 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:35:c6:7b brd ff:ff:ff:ff:ff:ff 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:93:ba:3a brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 65.95.176.193 peer 65.95.176.1/32 scope global ppp0 ip route show: 65.95.176.1 dev ppp0 proto kernel scope link src 65.95.176.193 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 65.95.176.1 dev ppp0 iptables -L: Chain INPUT (policy DROP) target prot opt source destination ACCEPT ah -- anywhere anywhere ppp0_in ah -- anywhere anywhere eth1_in ah -- anywhere anywhere common ah -- anywhere anywhere LOG ah -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject ah -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ppp0_fwd ah -- anywhere anywhere eth1_fwd ah -- anywhere anywhere common ah -- anywhere anywhere LOG ah -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:' reject ah -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT ah -- anywhere anywhere DROP icmp -- anywhere anywhere state INVALID ACCEPT icmp -- anywhere anywhere fw2net ah -- anywhere anywhere all2all ah -- anywhere anywhere common ah -- anywhere anywhere LOG ah -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:' reject ah -- anywhere anywhere Chain all2all (3 references) target prot opt source destination ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED common ah -- anywhere anywhere LOG ah -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:' reject ah -- anywhere anywhere Chain common (5 references) target prot opt source destination icmpdef icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK ACCEPT tcp -- anywhere anywhere tcp flags:RST/RST REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port- unreachable REJECT udp -- anywhere anywhere udp dpt:445 reject-with icmp-port-unreachable reject tcp -- anywhere anywhere tcp dpt:135 DROP udp -- anywhere anywhere udp dpt:1900 DROP ah -- anywhere 255.255.255.255 DROP ah -- anywhere BASE- ADDRESS.MCAST.NET/4 reject tcp -- anywhere anywhere tcp dpt:auth DROP udp -- anywhere anywhere udp spt:domain state NEW DROP ah -- anywhere 192.168.1.255 Chain eth1_fwd (1 references) target prot opt source destination loc2net ah -- anywhere anywhere Chain eth1_in (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request loc2fw ah -- anywhere anywhere Chain fw2net (1 references) target prot opt source destination ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain all2all ah -- anywhere anywhere Chain icmpdef (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem Chain loc2fw (1 references) target prot opt source destination ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www all2all ah -- anywhere anywhere Chain loc2net (1 references) target prot opt source destination ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT ah -- anywhere anywhere Chain net2all (2 references) target prot opt source destination ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED common ah -- anywhere anywhere LOG ah -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:' DROP ah -- anywhere anywhere Chain ppp0_fwd (1 references) target prot opt source destination net2all ah -- anywhere anywhere Chain ppp0_in (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request net2all ah -- anywhere anywhere Chain reject (6 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT ah -- anywhere anywhere reject-with icmp-port-unreachable Chain shorewall (0 references) target prot opt source destination /var/log/messages: Nothing unusual! Ping -c 2 google.com (from LRP): PING google.com (216.239.35.100): 56 data bytes 64 bytes from 216.239.35.100: icmp_seq=0 ttl=51 time=138.8 ms 64 bytes from 216.239.35.100: icmp_seq=1 ttl=51 time=136.2 ms --- google.com ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 136.2/137.5/138.8 ms PS Sorry for the length of this posting! ---------------------------------------------------------------------- >Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:25 Message: Logged In: YES user_id=176069 There appears to be either a problem with your Shorewall configuration or you LAN client(s) configuration. Really there is not enough information to make a good guess w/o the Shorewall configuration. See http://www.shorewall.net for more information on possible errors. I am closing this request due to response for an extended time. If there is still an issue, please open a new request. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=617946&group_id=13751 ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html