> Hmmm... has anybody contacted Kiggs on this matter? Bwana Kiggs, where art thou? If I do remember correctly, he does market SuSE in East and central Africa now doesn't he? > > As for Lule George William (Mr) I think your linux/cisco skills need honing.
1) True, I wont deny that but I wonder if you are so many on this list that have reached the pinnacle of your Linux/Cisco skills and no longer need to horn them. 2) If you are making that statement basing on the configurations I posted, you have forgetten that somewhere in my posting I mentioned that the last installation of this server has no firewall, no named, no bind no nothing installed. And as for the router I picked a new one(not my regular prouction one), I just made the basic of configurations just enough to get to get me on the internet and plugged it in. It isn't my regular fully configured router and neither is this server that is disturbing me my regular proxy. I am just setting it up and with this router, we(those who still need to horn their Linux/Cisco skills) can fiddle around with a variety of configurations till we sort out this problem without disturbing a hair of my installed setup. >A bad workman always blames his tools! Choose an OS and stick to it. OOOPssss, someone is telling me to stick to 7.2!!!! >This world has too many double agents already! I bought my software (two original copies) from a one Kiggs of kymnet, could he be one of those agents you warn me about? > > Simon says Slackware! You simply can't go wrong... Let us first fail to solve the SuSE problem then only can I be conviced to look at another distribution. And my final say Mr. Ssekidde calling me a bad workman because I have posted a problem I have failed to solve doesn't do this list any good. I think that is why it was created in the first place and that is the impression James Wire Lunghabo gave me when he introduced me to it and unfortunately it is the same impression I gave some four young linux enthusiasts when I encouraged them to sign up. Are we wrong Mr. Ssekidde? > > http://www.slackware.com/ > http://www.slackware.com/announce/10.0.php > > Sekidde > > > "Lule George William" <[EMAIL PROTECTED]> wrote: > > > > >Hello guys, > >I didn't just let this thread die off. Just been doing alot of work on > >this machine and currently here is the update since my last posting. > >1) Knocked off SuSE 9.1 and installed 8.0, just to C how it will > >behave. There was no change with 9.0. > >2) Knocked off 8.0 and placed on Windoze 2K Server. Windoze behaved > >well!!! Could ping both the router and my internal network, > >perfectly!!! This practically ruled out hardware malfunction. > >3) Knocked off Windoze and placed back 9.1. No firewall configured, no > >named, no nothing, the weird behaviour returned, can ping the internal > >network, returns network unreachable when pinging the router. > >4) Since the router is a 2611 with a 10Mbps connection Simon advised > >me > >not to allow the card facing the router to autonegotiate but fix it at > >10Mbs Half Duplex. I did that but there was no change. > >5) Went to the stores and picked another new 2611, gave it a > >configuration just enough for us to get onto the Internet, plugged it > >in in place of the old one. Still no change. > >So at this point I start to answer your questions: > > > > > >> Hi, > >> > >> Could you drop us the following configs (you can censor your IPs ) > >> > >> Router > >> - sh run, > > > > > >UMU#sh running-config > >Building configuration... > > > >Current configuration : 790 bytes > >! > >version 12.2 > >service timestamps debug uptime > >service timestamps log uptime > >no service password-encryption > >! > >hostname UMU > >! > >enable secret 5 $1$MHGk$wXIwNX2OPyqpApF3xAyGm1 > >enable password ************ > >! > >ip subnet-zero > >! > >! > >ip name-server 212.88.97.** > >ip name-server 212.88.97.** > >! > >! > >! > >! > >interface Ethernet0/0 > > ip address 212.88.97.** 255.255.255.** > > no ip mroute-cache > > half-duplex > >! > >interface Serial0/0 > > ip address 212.88.96.** 255.255.255.** > > no ip mroute-cache > >! > >interface Ethernet0/1 > > no ip address > > no ip mroute-cache > > shutdown > > half-duplex > >! > >ip default-gateway 212.88.96.** > >ip classless > >ip route 0.0.0.0 0.0.0.0 212.88.96.** > >ip route 0.0.0.0 0.0.0.0 212.88.96.** > >ip http server > >ip pim bidir-enable > >! > >! > >line con 0 > >line aux 0 > >line vty 0 4 > > exec-timeout 30 0 > > password ******** > > login > >! > >end > > > >UMU# > > > >> - sh int e0 (or sh int fa0) > > > >UMU#sh interfaces ethernet 0/0 > >Ethernet0/0 is up, line protocol is up > > Hardware is AmdP2, address is 0009.b7fe.6620 (bia 0009.b7fe.6620) > > Internet address is 212.88.97.**/** > > MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, > > reliability 255/255, txload 1/255, rxload 1/255 > > Encapsulation ARPA, loopback not set > > Keepalive set (10 sec) > > ARP type: ARPA, ARP Timeout 04:00:00 > > Last input 00:00:23, output 00:00:00, output hang never > > Last clearing of "show interface" counters never > > Queueing strategy: fifo > > Output queue 0/40, 0 drops; input queue 0/75, 0 drops > > 5 minute input rate 3000 bits/sec, 2 packets/sec > > 5 minute output rate 8000 bits/sec, 3 packets/sec > > 11235 packets input, 1445083 bytes, 0 no buffer > > Received 6 broadcasts, 0 runts, 0 giants, 0 throttles > > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > > 0 input packets with dribble condition detected > > 10791 packets output, 7595172 bytes, 0 underruns > > 11 output errors, 0 collisions, 1 interface resets > > 0 babbles, 0 late collision, 2 deferred > > 11 lost carrier, 0 no carrier > > 0 output buffer failures, 0 output buffers swapped out > > > > > >> - debug interface e0 (or debug int fa0) > > > >UMU#debug interface ethernet 0/0 > >Condition 1 set > >UMU#debug interface ethernet 0/0 > >% Condition already set > > > > > >> > >> Firewall > >> - ifconfig > > > >eth0 Link encap:Ethernet HWaddr 00:0B:CD:D0:C2:48 > > inet addr:192.168.22.5 Bcast:192.168.255.255 > >Mask:255.255.0.0 > > inet6 addr: fe80::20b:cdff:fed0:c248/64 Scope:Link > > UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 > >Metric:1 > > RX packets:1306 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:204 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:415917 (406.1 Kb) TX bytes:32097 (31.3 Kb) > > Interrupt:19 > > > >eth1 Link encap:Ethernet HWaddr 00:04:79:67:E5:4B > > inet addr:212.88.97.222 Bcast:212.88.97.223 > >Mask:255.255.255.240 > > inet6 addr: fe80::204:79ff:fe67:e54b/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:556 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1077 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:46195 (45.1 Kb) TX bytes:81764 (79.8 Kb) > > Interrupt:27 Base address:0x3000 > > > >lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:132 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:132 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:12332 (12.0 Kb) TX bytes:12332 (12.0 Kb) > > > > > >> - iptables -nv --list > > > >umupo:~ # iptables -nv --list > >Chain INPUT (policy DROP 0 packets, 0 bytes) > > pkts bytes target prot opt in out source > >destination > > 10 652 ACCEPT all -- lo * 0.0.0.0/0 > >0.0.0.0/0 > > 0 0 DROP all -- eth1 * 0.0.0.0/0 > >255.255.255.255 > > 0 0 DROP all -- eth1 * 0.0.0.0/0 > >212.88.97.223 > > 0 0 input_ext all -- eth1 * 0.0.0.0/0 > >0.0.0.0/0 > > 499 292K input_int all -- eth0 * 0.0.0.0/0 > >0.0.0.0/0 > > 0 0 LOG all -- eth0 * 0.0.0.0/0 > >212.88.97.222 LOG flags 6 level 4 prefix `SFW2-IN- ACC_DENIED_INT > >' > > 0 0 DROP all -- eth0 * 0.0.0.0/0 > >212.88.97.222 > > 0 0 LOG all -- * * 0.0.0.0/0 > >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET ' > > 0 0 DROP all -- * * 0.0.0.0/0 > >0.0.0.0/0 > > > >Chain FORWARD (policy DROP 0 packets, 0 bytes) > > pkts bytes target prot opt in out source > >destination > > 0 0 TCPMSS tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU > > > >Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > > pkts bytes target prot opt in out source > >destination > > 10 652 ACCEPT all -- * lo 0.0.0.0/0 > >0.0.0.0/0 > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix > >`SFW2-OUT-TRACERT-ATTEMPT ' > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 11 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 3 code 3 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 3 code 4 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 3 code 9 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 3 code 10 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 3 code 13 > > 0 0 DROP icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 3 > > 224 30943 ACCEPT all -- * * 0.0.0.0/0 > >0.0.0.0/0 state NEW,RELATED,ESTABLISHED > > 0 0 LOG all -- * * 0.0.0.0/0 > >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-OUTPUT-ERROR ' > > > >Chain forward_dmz (0 references) > > pkts bytes target prot opt in out source > >destination > > > >Chain forward_ext (0 references) > > pkts bytes target prot opt in out source > >destination > > > >Chain forward_int (0 references) > > pkts bytes target prot opt in out source > >destination > > > >Chain input_dmz (0 references) > > pkts bytes target prot opt in out source > >destination > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 8 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-ICMP-CRIT ' > > 0 0 DROP icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 > > 0 0 reject_func tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INdmz-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INdmz-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INdmz-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02 LOG > >flags 6 level 4 prefix `SFW2-INdmz-ACC-HiTCP ' > > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED > > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:22 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:111 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:111 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:631 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:631 state NEW > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-DEFLT ' > > 0 0 LOG udp -- * * 0.0.0.0/0 > >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP- DEFLT > >' > > 0 0 LOG all -- * * 0.0.0.0/0 > >0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix > >`SFW2-INdmz-DROP-DEFLT-INV ' > > 0 0 DROP all -- * * 0.0.0.0/0 > >0.0.0.0/0 > > > >Chain input_ext (1 references) > > pkts bytes target prot opt in out source > >destination > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix > >`SFW2-INext-ACC-SOURCEQUENCH ' > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 8 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-ICMP-CRIT ' > > 0 0 DROP icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 > > 0 0 reject_func tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INext-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INext-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INext-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02 LOG > >flags 6 level 4 prefix `SFW2-INext-ACC-HiTCP ' > > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED > > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:22 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:111 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:111 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:631 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:631 state NEW > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-DEFLT ' > > 0 0 LOG udp -- * * 0.0.0.0/0 > >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INext-DROP- DEFLT > >' > > 0 0 LOG all -- * * 0.0.0.0/0 > >0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix > >`SFW2-INext-DROP-DEFLT-INV ' > > 0 0 DROP all -- * * 0.0.0.0/0 > >0.0.0.0/0 > > > >Chain input_int (1 references) > > pkts bytes target prot opt in out source > >destination > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 8 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-ICMP-CRIT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-ICMP-CRIT ' > > 0 0 DROP icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 > > 3 144 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:23 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INint-ACC-TCP ' > > 3 144 ACCEPT tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:23 > > 0 0 reject_func tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 > > 5 240 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INint-DROP ' > > 5 240 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INint-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4 > >prefix `SFW2-INint-DROP ' > > 0 0 DROP tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02 LOG > >flags 6 level 4 prefix `SFW2-INint-ACC-HiTCP ' > > 197 184K ACCEPT tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED > > 12 1268 ACCEPT udp -- * * 0.0.0.0/0 > >0.0.0.0/0 state RELATED,ESTABLISHED > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:22 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:111 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:111 state NEW > > 9 1494 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:631 state NEW > > 0 0 DROP udp -- * * 0.0.0.0/0 > >0.0.0.0/0 udp dpt:631 state NEW > > 0 0 LOG tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-DEFLT ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-DEFLT ' > > 273 104K LOG udp -- * * 0.0.0.0/0 > >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INint-DROP- DEFLT > >' > > 0 0 LOG all -- * * 0.0.0.0/0 > >0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix > >`SFW2-INint-DROP-DEFLT-INV ' > > 273 104K DROP all -- * * 0.0.0.0/0 > >0.0.0.0/0 > > > >Chain reject_func (3 references) > > pkts bytes target prot opt in out source > >destination > > 0 0 REJECT tcp -- * * 0.0.0.0/0 > >0.0.0.0/0 reject-with tcp-reset > > 0 0 REJECT udp -- * * 0.0.0.0/0 > >0.0.0.0/0 reject-with icmp-port-unreachable > > 0 0 REJECT all -- * * 0.0.0.0/0 > >0.0.0.0/0 reject-with icmp-proto-unreachable > >umupo:~ # > > > >> > >> This should tell us a better story. > > > >Hope this story will have a good ending. > > > >Someone in another post had requested asked to do something using > >mii-tool. Before I could even do it, mii-tool refused to run on the > >machine as shown below > > > >umupo:~ # mii-tool -w eth2 > >SIOCGMIIPHY on 'eth2' failed: Invalid argument > > > >When I insisted: > > > >umupo:~ # mii-tool -F 10BaseT-HD eth1 > >SIOCGMIIPHY on 'eth1' failed: Operation not supported > > > >ethtool didn't behave any better. Was giving me also errors. > > > >Someone in another post also mentioned something to do with vlans on > >the catalyst 2950. Well I haven't done any configuration on that > >switch as yet. Just got it out of its box and plucked it into the > >network. And besides, if that were the case, I would have already had > >this problem with my current proxy and also the windoze earlier > >mentioned wouldn't have behaved at all!! > > > >I really appreciate all your help, and I have a very strong feeling > >that I am not the last one to have this problem with 9.1. We need a > >solution early... > > > >> > >> Bernard Wanyama > >> Support Engineer > >> Linux Solutions Uganda > >> Cell: +256 71 193 979 > >> > >> > Hello Guys, > >> > I am dying to say (read type) some very, very, very nasty things > >about > >> > SuSE 9.1 but let me hold them back and just put across the source > >of my > >> > frustration. > >> > Last Friday (I am typing this mail at the end of Wednesday) I made > >a > >> > clean install of SuSE 9.1 on a new machine with specs: HP Compaq, > >Intel > >> > Xeon Processor 2.4 GHZ, 1 GB RAM, 2 x 40GB HDD. Since among its > >other > >> > intended functions, it also going to be our proxy, I added a 2nd > >n/w > >> > card on top of its onboard gigabit ethernet card and then embarked > >on > >> > the installation. > >> > It detected my network cards O.K and using YAST, I I.P addressed > >them > >> > and after which I did the proverbial ping test. I had configured > >the > >> > onboard to face our internal network and the other card to face > >the > >> > internet. The onboard returned the ping from all the internal > >machines > >> > O.K, but the second card gave me a network unreachable error. Re- > >check > >> > the values, re-enter them all O.K but still network unreachable > >errors. > >> > As a test, at this point, I decided to configure the onboard > >instead to > >> > face the internet and the second card to face the internal > >network. > >The > >> > ping responded form all the machines on the internal network but > >got > >> > network unreachable errors from the onboard card. That confirmed > >both > >> > cards to be O.K. > >> > When I switched the onboard to face the internal n/w again, BOTH > >cards > >> > returned network unreachable errors!!!!!! I got two other WORKING > >cards > >> > placed them into the machine, spent my saturday, my sunday, > >monday, > >> > tuesday, googled my (oops no nasty words!!) off and the circus > >> > continued, ping from inside, network unreachable errors from > >outside. > >> > In between, I configured BIND which returns a succesfull dig > >@localhost > >> > but no remote servers found error when I try to dig anything else. > >I > >> > think its because of the other problem. I installed and configured > >> > squid which is also dying with a DNS name lookup tests failed > >error. I > >> > still think it is the other problem. I have configured and > >reconfigured > >> > SuSEfirewall2 a million times but still no luck. I have disabled > >ipv6, > >> > set static routes, checked all files in /etc/sysconfig/network > >against > >> > recommended ones and so many other things but still no luck. > >> > Can someone out there save my sanity?? Honest!! This thing is > >driving > >> > me mad!!!! > >> > > >> > > >*********************************************************************** * > > > >> > Lule George William (Mr) > >> > Network and Systems Administrator > >> > Uganda Martyrs University, Nkozi > >> > P.O. Box 5498 Kampala > >> > Uganda > >> > > >> > > >> > --------------------------------------------- > >> > This service is hosted on the Infocom network > >> > http://www.infocom.co.ug > >> > >> > >> > >> > >> > >> --------------------------------------------- > >> This service is hosted on the Infocom network > >> http://www.infocom.co.ug > >> > >> > > > >*********************************************************************** * > > > >Lule George William (Mr) > >Network and Systems Administrator > >Uganda Martyrs University, Nkozi > >P.O. Box 5498 Kampala > >Uganda > > > > > >--------------------------------------------- > >This service is hosted on the Infocom network > >http://www.infocom.co.ug > > > > __________________________________________________________________ > Switch to Netscape Internet Service. > As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register > > Netscape. Just the Net You Need. > > New! Netscape Toolbar for Internet Explorer > Search from anywhere on the Web and block those annoying pop-ups. > Download now at http://channels.netscape.com/ns/search/install.jsp > > > --------------------------------------------- > This service is hosted on the Infocom network > http://www.infocom.co.ug > > ************************************************************************ Lule George William (Mr) Network and Systems Administrator Uganda Martyrs University, Nkozi P.O. Box 5498 Kampala Uganda --------------------------------------------- This service is hosted on the Infocom network http://www.infocom.co.ug
