Ray Olszewski (and all else) :
<i>First be more specific about what you mean by \"see the internet\".</i>:
The
inside LAN can do NOTHING on the net as no ping no www, etc, BUT still has
telnet \"to the server (nowhere else)\" and can still read off the shared
folders on the server.
Ping errors : (emerge.net.au is my isp)
[root@mr_bumpy rc.d]# ping emerge.net.au
PING emerge.net.au (203.57.130.34): 56 data bytes
--- emerge.net.au ping statistics ---
149 packets transmitted, 0 packets received, 100% packet loss
and from the inside : (DOS)
C:\\WINDOWS>ping -t emerge.net.au
Pinging emerge.net.au [203.57.130.34] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 203.57.130.34:
Packets: Sent = 5, Received = 0, Lost = 5 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
For pings.. the modem lights flash. For www and telnet past the server they
don\'t.
Your commands :
ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:A0:CC:56:1E:6A
inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:417526 errors:0 dropped:0 overruns:0 frame:0
TX packets:502650 errors:0 dropped:0 overruns:0 carrier:0
collisions:1917 txqueuelen:100
Interrupt:9 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:344 errors:0 dropped:0 overruns:0 frame:0
TX packets:344 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.57.131.145 P-t-P:203.57.130.22 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:16432 errors:2 dropped:0 overruns:0 frame:2
TX packets:16182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
203.57.130.22 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.100.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
255.255.255.255 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.100.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 203.57.130.22 0.0.0.0 UG 0 0 0 ppp0
0.0.0.0 192.168.100.1 0.0.0.0 UG 1 0 0 eth0
ipchains -L input -n
Chain input (policy DENY):
target prot opt source destination ports
DENY all ---f-- 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
DENY all ----l- 203.57.0.0/16 0.0.0.0/0 n/a
DENY all ------ 10.0.0.0/8 0.0.0.0/0 n/a
DENY all ------ 0.0.0.0/0 10.0.0.0/8 n/a
DENY all ------ 172.16.0.0/12 0.0.0.0/0 n/a
DENY all ------ 0.0.0.0/0 172.16.0.0/12 n/a
DENY all ------ 192.168.0.0/16 0.0.0.0/0 n/a
DENY all ------ 0.0.0.0/0 192.168.0.0/16 n/a
DENY all ------ 127.0.0.0/8 0.0.0.0/0 n/a
DENY all ----l- 0.0.0.0/0 127.0.0.0/8 n/a
DENY all ----l- 255.255.255.255 0.0.0.0/0 n/a
DENY all ----l- 0.0.0.0/0 0.0.0.0 n/a
DENY all ----l- 224.0.0.0/4 0.0.0.0/0 n/a
DENY all ----l- 240.0.0.0/5 0.0.0.0/0 n/a
ACCEPT icmp ------ 0.0.0.0/0 203.57.0.0/16 4 -> *
ACCEPT icmp ------ 0.0.0.0/0 203.57.0.0/16 12 -> *
ACCEPT icmp ------ 0.0.0.0/0 203.57.0.0/16 3 -> *
ACCEPT icmp ------ 0.0.0.0/0 203.57.0.0/16 11 -> *
ACCEPT icmp ------ 0.0.0.0/0 203.57.0.0/16 0 -> *
ACCEPT icmp ------ 203.57.131.0/24 203.57.0.0/16 8 -> *
DENY tcp -y---- 0.0.0.0/0 203.57.0.0/16 * ->
2000
DENY tcp -y---- 0.0.0.0/0 203.57.0.0/16 * -> *
DENY tcp -y--l- 0.0.0.0/0 203.57.0.0/16 * ->
2049
DENY udp ----l- 0.0.0.0/0 203.57.0.0/16 * ->
2049
ACCEPT udp ------ 139.130.4.5 203.57.0.0/16 53 ->
1024
:65535
ACCEPT tcp !y---- 139.130.4.5 203.57.0.0/16 53 ->
1024
:65535
ACCEPT udp ------ 139.130.4.5 203.57.0.0/16 53 -> 53
ACCEPT udp ------ 192.168.100.0/24 203.57.0.0/16
1024:65535 -
> 53
ACCEPT tcp ------ 192.168.100.1 203.57.0.0/16
1024:65535 -
> 53
ACCEPT tcp !y---- 0.0.0.0/0 203.57.0.0/16 113 ->
102
4:65535
ACCEPT tcp ------ 0.0.0.0/0 203.57.0.0/16
1024:65535 -
> 113
ACCEPT tcp !y---- 206.135.142.36 203.57.0.0/16 25 ->
1024
:65535
ACCEPT udp ------ 203.57.131.0/24 203.57.0.0/16
32769:65535
-> 33434:33523
ACCEPT all ------ 192.168.100.0/24 0.0.0.0/0 n/a
ipchains -L output -n
Chain output (policy REJECT):
target prot opt source destination ports
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
DENY all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
DENY all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
DENY all ----l- 172.16.0.0/12 0.0.0.0/0 n/a
DENY all ----l- 0.0.0.0/0 172.16.0.0/12 n/a
DENY all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
DENY all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
DENY all ----l- 255.255.255.255 0.0.0.0/0 n/a
DENY all ----l- 0.0.0.0/0 0.0.0.0 n/a
REJECT all ----l- 224.0.0.0/4 0.0.0.0/0 n/a
REJECT all ----l- 240.0.0.0/5 0.0.0.0/0 n/a
ACCEPT icmp ------ 0.0.0.0/0 203.57.0.0/16 4 -> *
ACCEPT icmp ------ 0.0.0.0/0 203.57.0.0/16 12 -> *
ACCEPT icmp ------ 0.0.0.0/0 203.57.131.0/24 3 -> *
ACCEPT icmp ------ 203.57.0.0/16 0.0.0.0/0 3 -> 4
ACCEPT icmp ------ 0.0.0.0/0 203.57.131.0/24 11 -> *
ACCEPT icmp ------ 203.57.0.0/16 0.0.0.0/0 8 -> *
ACCEPT icmp ------ 203.57.0.0/16 203.57.131.0/24 0 -> *
REJECT tcp -y---- 203.57.0.0/16 0.0.0.0/0 * ->
2000
REJECT tcp -y--l- 203.57.0.0/16 0.0.0.0/0 * -> *
REJECT tcp -y--l- 0.0.0.0/0 0.0.0.0/0 * ->
2049
REJECT udp ----l- 0.0.0.0/0 0.0.0.0/0 * ->
2049
ACCEPT udp ------ 203.57.0.0/16 139.130.4.5
1024:65535 -> 53
ACCEPT tcp ------ 203.57.0.0/16 139.130.4.5
1024:65535 -> 53
ACCEPT udp ------ 203.57.0.0/16 139.130.4.5 53 -> 53
ACCEPT udp ------ 203.57.0.0/16 192.168.100.0/24 53 ->
1024:65535
ACCEPT tcp !y---- 203.57.0.0/16 192.168.100.1 53 ->
1024:65535
ACCEPT tcp ------ 203.57.0.0/16 0.0.0.0/0
1024:65535 -> 113
ACCEPT tcp !y---- 203.57.0.0/16 0.0.0.0/0 113 ->
1024:65535
ACCEPT tcp ------ 203.57.0.0/16 206.135.142.36
1024:65535 -> 25
ACCEPT all ------ 0.0.0.0/0 192.168.100.0/24 n/a
ipchains -L forward -n
Chain forward (policy REJECT):
target prot opt source destination ports
MASQ all ------ 192.168.100.0/24 0.0.0.0/0 n/a
ipchains -M -L (needed cap L)
IP masquerading entries
cat /proc/sys/net/ipv4/ip_forward
1
FROM the SERVER I can ping internal LAN and its ppp0 addy.
FROM the internal clients I can also ping the eth0 and the ppp0.
using the gateway of 192.168.100.1 (the servers ip same as eth0)
My level of expertise is a very mixed bag.. I have some low level some med
level and some high (though not much)
The server works as a router excellently when the firewall isn\'t running.
and the question about IPADDR=\"203.57.130.145/16\" # the ip
addy
given by my isp .....
IPADDR is a \"definition\" so that when the firewall needs to know what
IPADDR
is it refers to it at the top of the firewall script (saves having to put it
in lots of times) What I need is to find a way so that when the server dials
up again it automaticaly changes the value of IPDDR. does that make any sense?
Sorry If this e-mail is a little long.. If anyone objects to the length of it
I will take note for future refrance and not do it again.
Thank you for any time taken out of your days/nights to contemplate my
problems..
Marcus Giles
PS. I have just noticed that I am getting errors when rebooting the machine,
all I could make out was some sort of error sending release packets to
mr_bumpy (the servers name :-). Any idea where I might find these errors
recoreded, so I might look closer?
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
