Hello guys,
I didn't just let this thread die off. Just been doing alot of work on
this machine and currently here is the update since my last posting.
1) Knocked off SuSE 9.1 and installed 8.0, just to C how it will
behave. There was no change with 9.0.
2) Knocked off 8.0 and placed on Windoze 2K Server. Windoze behaved
well!!! Could ping both the router and my internal network,
perfectly!!! This practically ruled out hardware malfunction.
3) Knocked off Windoze and placed back 9.1. No firewall configured, no
named, no nothing, the weird behaviour returned, can ping the internal
network, returns network unreachable when pinging the router.
4) Since the router is a 2611 with a 10Mbps connection Simon advised
me
not to allow the card facing the router to autonegotiate but fix it at
10Mbs Half Duplex. I did that but there was no change.
5) Went to the stores and picked another new 2611, gave it a
configuration just enough for us to get onto the Internet, plugged it
in in place of the old one. Still no change.
So at this point I start to answer your questions:
> Hi,
>
> Could you drop us the following configs (you can censor your IPs )
>
> Router
> - sh run,
UMU#sh running-config
Building configuration...
Current configuration : 790 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname UMU
!
enable secret 5 $1$MHGk$wXIwNX2OPyqpApF3xAyGm1
enable password ************
!
ip subnet-zero
!
!
ip name-server 212.88.97.**
ip name-server 212.88.97.**
!
!
!
!
interface Ethernet0/0
ip address 212.88.97.** 255.255.255.**
no ip mroute-cache
half-duplex
!
interface Serial0/0
ip address 212.88.96.** 255.255.255.**
no ip mroute-cache
!
interface Ethernet0/1
no ip address
no ip mroute-cache
shutdown
half-duplex
!
ip default-gateway 212.88.96.**
ip classless
ip route 0.0.0.0 0.0.0.0 212.88.96.**
ip route 0.0.0.0 0.0.0.0 212.88.96.**
ip http server
ip pim bidir-enable
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 30 0
password ********
login
!
end
UMU#
> - sh int e0 (or sh int fa0)
UMU#sh interfaces ethernet 0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0009.b7fe.6620 (bia 0009.b7fe.6620)
Internet address is 212.88.97.**/**
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:23, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 3000 bits/sec, 2 packets/sec
5 minute output rate 8000 bits/sec, 3 packets/sec
11235 packets input, 1445083 bytes, 0 no buffer
Received 6 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
10791 packets output, 7595172 bytes, 0 underruns
11 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 2 deferred
11 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
> - debug interface e0 (or debug int fa0)
UMU#debug interface ethernet 0/0
Condition 1 set
UMU#debug interface ethernet 0/0
% Condition already set
>
> Firewall
> - ifconfig
eth0 Link encap:Ethernet HWaddr 00:0B:CD:D0:C2:48
inet addr:192.168.22.5 Bcast:192.168.255.255
Mask:255.255.0.0
inet6 addr: fe80::20b:cdff:fed0:c248/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500
Metric:1
RX packets:1306 errors:0 dropped:0 overruns:0 frame:0
TX packets:204 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:415917 (406.1 Kb) TX bytes:32097 (31.3 Kb)
Interrupt:19
eth1 Link encap:Ethernet HWaddr 00:04:79:67:E5:4B
inet addr:212.88.97.222 Bcast:212.88.97.223
Mask:255.255.255.240
inet6 addr: fe80::204:79ff:fe67:e54b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:556 errors:0 dropped:0 overruns:0 frame:0
TX packets:1077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:46195 (45.1 Kb) TX bytes:81764 (79.8 Kb)
Interrupt:27 Base address:0x3000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:132 errors:0 dropped:0 overruns:0 frame:0
TX packets:132 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12332 (12.0 Kb) TX bytes:12332 (12.0 Kb)
> - iptables -nv --list
umupo:~ # iptables -nv --list
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
10 652 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- eth1 * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- eth1 * 0.0.0.0/0
212.88.97.223
0 0 input_ext all -- eth1 * 0.0.0.0/0
0.0.0.0/0
499 292K input_int all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- eth0 * 0.0.0.0/0
212.88.97.222 LOG flags 6 level 4 prefix `SFW2-IN-ACC_DENIED_INT
'
0 0 DROP all -- eth0 * 0.0.0.0/0
212.88.97.222
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
10 652 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix
`SFW2-OUT-TRACERT-ATTEMPT '
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 code 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 code 9
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 code 10
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 code 13
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3
224 30943 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-OUTPUT-ERROR '
Chain forward_dmz (0 references)
pkts bytes target prot opt in out source
destination
Chain forward_ext (0 references)
pkts bytes target prot opt in out source
destination
Chain forward_int (0 references)
pkts bytes target prot opt in out source
destination
Chain input_dmz (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-ICMP-CRIT '
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject_func tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INdmz-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INdmz-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INdmz-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02 LOG
flags 6 level 4 prefix `SFW2-INdmz-ACC-HiTCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:22 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:111 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:111 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631 state NEW
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-DEFLT '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-DEFLT
'
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix
`SFW2-INdmz-DROP-DEFLT-INV '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain input_ext (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
`SFW2-INext-ACC-SOURCEQUENCH '
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-ICMP-CRIT '
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject_func tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INext-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INext-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INext-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02 LOG
flags 6 level 4 prefix `SFW2-INext-ACC-HiTCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:22 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:111 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:111 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631 state NEW
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT
'
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT-INV '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain input_int (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-ICMP-CRIT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-ICMP-CRIT '
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0
3 144 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:23 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INint-ACC-TCP '
3 144 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:23
0 0 reject_func tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
5 240 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INint-DROP '
5 240 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INint-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4
prefix `SFW2-INint-DROP '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631 flags:0x16/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02 LOG
flags 6 level 4 prefix `SFW2-INint-ACC-HiTCP '
197 184K ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
12 1268 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:22 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:111 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:111 state NEW
9 1494 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631 state NEW
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631 state NEW
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
`SFW2-INint-DROP-DEFLT '
273 104K LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT
'
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix
`SFW2-INint-DROP-DEFLT-INV '
273 104K DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain reject_func (3 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-proto-unreachable
umupo:~ #
>
> This should tell us a better story.
Hope this story will have a good ending.
Someone in another post had requested asked to do something using
mii-tool. Before I could even do it, mii-tool refused to run on the
machine as shown below
umupo:~ # mii-tool -w eth2
SIOCGMIIPHY on 'eth2' failed: Invalid argument
When I insisted:
umupo:~ # mii-tool -F 10BaseT-HD eth1
SIOCGMIIPHY on 'eth1' failed: Operation not supported
ethtool didn't behave any better. Was giving me also errors.
Someone in another post also mentioned something to do with vlans on
the catalyst 2950. Well I haven't done any configuration on that
switch as yet. Just got it out of its box and plucked it into the
network. And besides, if that were the case, I would have already had
this problem with my current proxy and also the windoze earlier
mentioned wouldn't have behaved at all!!
I really appreciate all your help, and I have a very strong feeling
that I am not the last one to have this problem with 9.1. We need a
solution early...
>
> Bernard Wanyama
> Support Engineer
> Linux Solutions Uganda
> Cell: +256 71 193 979
>
> > Hello Guys,
> > I am dying to say (read type) some very, very, very nasty things
about
> > SuSE 9.1 but let me hold them back and just put across the source
of my
> > frustration.
> > Last Friday (I am typing this mail at the end of Wednesday) I made
a
> > clean install of SuSE 9.1 on a new machine with specs: HP Compaq,
Intel
> > Xeon Processor 2.4 GHZ, 1 GB RAM, 2 x 40GB HDD. Since among its
other
> > intended functions, it also going to be our proxy, I added a 2nd
n/w
> > card on top of its onboard gigabit ethernet card and then embarked
on
> > the installation.
> > It detected my network cards O.K and using YAST, I I.P addressed
them
> > and after which I did the proverbial ping test. I had configured
the
> > onboard to face our internal network and the other card to face
the
> > internet. The onboard returned the ping from all the internal
machines
> > O.K, but the second card gave me a network unreachable error. Re-
check
> > the values, re-enter them all O.K but still network unreachable
errors.
> > As a test, at this point, I decided to configure the onboard
instead to
> > face the internet and the second card to face the internal
network.
The
> > ping responded form all the machines on the internal network but
got
> > network unreachable errors from the onboard card. That confirmed
both
> > cards to be O.K.
> > When I switched the onboard to face the internal n/w again, BOTH
cards
> > returned network unreachable errors!!!!!! I got two other WORKING
cards
> > placed them into the machine, spent my saturday, my sunday,
monday,
> > tuesday, googled my (oops no nasty words!!) off and the circus
> > continued, ping from inside, network unreachable errors from
outside.
> > In between, I configured BIND which returns a succesfull dig
@localhost
> > but no remote servers found error when I try to dig anything else.
I
> > think its because of the other problem. I installed and configured
> > squid which is also dying with a DNS name lookup tests failed
error. I
> > still think it is the other problem. I have configured and
reconfigured
> > SuSEfirewall2 a million times but still no luck. I have disabled
ipv6,
> > set static routes, checked all files in /etc/sysconfig/network
against
> > recommended ones and so many other things but still no luck.
> > Can someone out there save my sanity?? Honest!! This thing is
driving
> > me mad!!!!
> >
> >
************************************************************************
> > Lule George William (Mr)
> > Network and Systems Administrator
> > Uganda Martyrs University, Nkozi
> > P.O. Box 5498 Kampala
> > Uganda
> >
> >
> > ---------------------------------------------
> > This service is hosted on the Infocom network
> > http://www.infocom.co.ug
>
>
>
>
>
> ---------------------------------------------
> This service is hosted on the Infocom network
> http://www.infocom.co.ug
>
>
************************************************************************
Lule George William (Mr)
Network and Systems Administrator
Uganda Martyrs University, Nkozi
P.O. Box 5498 Kampala
Uganda
---------------------------------------------
This service is hosted on the Infocom network
http://www.infocom.co.ug
