Support Requests item #617946, was opened at 2002-10-03 02:20
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=213751&aid=617946&group_id=13751
Category: Release/Branch: Bering
Group: None
>Status: Closed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Mike Noyes (mhnoyes)
Summary: Can't ping/connect to firewall
Initial Comment:
Hi, I am new to Linux (six months), and am trying to
setup a Linux Router using Bering_1.0-
rc3_img_bering_1680.exe. I have followed the Bering
Installation/Users Guide step-by-step to setup the router
using mostly default settings where possible. My
problem is that my local LAN (192.168.1.0/24) cannot
ping and/or connect to the Bering/Shorewall firewall?
The following is the configuration of my LAN at the
moment:
Win2000P Bering
+---------------+ +--------------------
+
LAN2<---------| 192.168.72.74 | |
eth0:65.95.176.193 |---> PPPoE/ADSL
| | | |
| 192.168.1.10 |<-xLink RJ45->|
eth1:192.168.1.254 |
| | | |
+---------------+ +--------------------
+
On the Bering LRP, I can ping (1) eth0, (2) eth1, and the
Internet, except when I tried to ping loc:192.168.1.10, I
receive the following message:
"PING 192.168.1.10 (192.168.1.10): 56 data bytes
--- 192.168.1.10 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet
loss"
I think it is something to do with either (1) iptables or (2)
shorewall. But I don't have the necessary knowledge to
fix it.
Other information:
uname -a:
Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002
i486 unknown
ip addr show:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc
noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 100
link/ether 00:80:c8:35:c6:7b brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 100
link/ether 00:80:c8:93:ba:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global
eth1
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu
1492 qdisc pfifo_fast qlen 3
link/ppp
inet 65.95.176.193 peer 65.95.176.1/32 scope global
ppp0
ip route show:
65.95.176.1 dev ppp0 proto kernel scope link src
65.95.176.193
192.168.1.0/24 dev eth1 proto kernel scope link src
192.168.1.254
default via 65.95.176.1 dev ppp0
iptables -L:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
ppp0_in ah -- anywhere anywhere
eth1_in ah -- anywhere anywhere
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere
LOG level info prefix `Shorewall:INPUT:REJECT:'
reject ah -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere
tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ppp0_fwd ah -- anywhere anywhere
eth1_fwd ah -- anywhere anywhere
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere
LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject ah -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
DROP icmp -- anywhere anywhere
state INVALID
ACCEPT icmp -- anywhere anywhere
fw2net ah -- anywhere anywhere
all2all ah -- anywhere anywhere
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere
LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject ah -- anywhere anywhere
Chain all2all (3 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
state RELATED,ESTABLISHED
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere
LOG level info prefix `Shorewall:all2all:REJECT:'
reject ah -- anywhere anywhere
Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere
tcp flags:ACK/ACK
ACCEPT tcp -- anywhere anywhere
tcp flags:RST/RST
REJECT udp -- anywhere anywhere
udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-
unreachable
REJECT udp -- anywhere anywhere
udp dpt:445 reject-with icmp-port-unreachable
reject tcp -- anywhere anywhere tcp
dpt:135
DROP udp -- anywhere anywhere
udp dpt:1900
DROP ah -- anywhere 255.255.255.255
DROP ah -- anywhere BASE-
ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp
dpt:auth
DROP udp -- anywhere anywhere
udp spt:domain state NEW
DROP ah -- anywhere 192.168.1.255
Chain eth1_fwd (1 references)
target prot opt source destination
loc2net ah -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
icmp echo-request
loc2fw ah -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere
state NEW udp dpt:domain
all2all ah -- anywhere anywhere
Chain icmpdef (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
icmp echo-reply
ACCEPT icmp -- anywhere anywhere
icmp source-quench
ACCEPT icmp -- anywhere anywhere
icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere
icmp time-exceeded
ACCEPT icmp -- anywhere anywhere
icmp parameter-problem
Chain loc2fw (1 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere
state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:www
all2all ah -- anywhere anywhere
Chain loc2net (1 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
state RELATED,ESTABLISHED
ACCEPT ah -- anywhere anywhere
Chain net2all (2 references)
target prot opt source destination
ACCEPT ah -- anywhere anywhere
state RELATED,ESTABLISHED
common ah -- anywhere anywhere
LOG ah -- anywhere anywhere
LOG level info prefix `Shorewall:net2all:DROP:'
DROP ah -- anywhere anywhere
Chain ppp0_fwd (1 references)
target prot opt source destination
net2all ah -- anywhere anywhere
Chain ppp0_in (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
icmp echo-request
net2all ah -- anywhere anywhere
Chain reject (6 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere
reject-with tcp-reset
REJECT ah -- anywhere anywhere
reject-with icmp-port-unreachable
Chain shorewall (0 references)
target prot opt source destination
/var/log/messages:
Nothing unusual!
Ping -c 2 google.com (from LRP):
PING google.com (216.239.35.100): 56 data bytes
64 bytes from 216.239.35.100: icmp_seq=0 ttl=51
time=138.8 ms
64 bytes from 216.239.35.100: icmp_seq=1 ttl=51
time=136.2 ms
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet
loss
round-trip min/avg/max = 136.2/137.5/138.8 ms
PS Sorry for the length of this posting!
----------------------------------------------------------------------
>Comment By: Lynn Avants (guitarlynn)
Date: 2003-01-28 20:25
Message:
Logged In: YES
user_id=176069
There appears to be either a problem with your Shorewall
configuration
or you LAN client(s) configuration. Really there is not
enough information
to make a good guess w/o the Shorewall configuration. See
http://www.shorewall.net for more information on possible
errors.
I am closing this request due to response for an extended
time. If there is
still an issue, please open a new request.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=213751&aid=617946&group_id=13751
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
