Actually I would really appreciate a nice simple ascii diagram of your network
with the ip addresses and subnet masks clearly marked on which server they
are on...something akin to:
internet
|
serial0 ( x.x.x.x/y)
router
e0/0(r.r.r.r/t)
|
eth1 ( x.x.x.x/g)
Linux ( Suse 9.x)
eth0 (f.f.f.f/d)
and etc...just to give a hint of what I expect.
Noah.
On Tuesday 27 July 2004 16:22, Bernard Wanyama wrote:
> Hi Lule (Mr.),
>
> I'm still with you. I pity those people who think it takes a CCIE to
> configure a 2600 series for HDLC. Your configs are looking good.
>
> Can I ask for one last dump, I won't bother you again till I have some
> answers. My experience with SuSE 9.1 on a Dell was worse, it gave me an
> oil paint-like display and I really didn't have the energy to persist.
>
> Give us a dmesg will you. It should tell us what kind of hardware we are
> dealing with.
>
> Bernard Wanyama
> Support Engineer
> Linux Solutions Uganda
> Cell: +256 71 193 979
>
> >> Hmmm... has anybody contacted Kiggs on this matter? Bwana Kiggs,
> >
> > where art thou? If I do remember correctly, he does market SuSE in East
> > and central Africa now doesn't he?
> >
> >> As for Lule George William (Mr) I think your linux/cisco skills need
> >
> > honing.
> >
> > 1) True, I wont deny that but I wonder if you are so many on this list
> > that have reached the pinnacle of your Linux/Cisco skills and no longer
> > need to horn them.
> > 2) If you are making that statement basing on the configurations I
> > posted, you have forgetten that somewhere in my posting I mentioned
> > that the last installation of this server has no firewall, no named, no
> > bind no nothing installed. And as for the router I picked a new one(not
> > my regular prouction one), I just made the basic of configurations just
> > enough to get to get me on the internet and plugged it in. It isn't my
> > regular fully configured router and neither is this server that is
> > disturbing me my regular proxy. I am just setting it up and with this
> > router, we(those who still need to horn their Linux/Cisco skills) can
> > fiddle around with a variety of configurations till we sort out this
> > problem without disturbing a hair of my installed setup.
> >
> >>A bad workman always blames his tools! Choose an OS and stick to it.
> >
> > OOOPssss, someone is telling me to stick to 7.2!!!!
> >
> >>This world has too many double agents already!
> >
> > I bought my software (two original copies) from a one Kiggs of kymnet,
> > could he be one of those agents you warn me about?
> >
> >> Simon says Slackware! You simply can't go wrong...
> >
> > Let us first fail to solve the SuSE problem then only can I be conviced
> > to look at another distribution.
> >
> > And my final say Mr. Ssekidde calling me a bad workman because I have
> > posted a problem I have failed to solve doesn't do this list any good.
> > I think that is why it was created in the first place and that is the
> > impression James Wire Lunghabo gave me when he introduced me to it and
> > unfortunately it is the same impression I gave some four young linux
> > enthusiasts when I encouraged them to sign up. Are we wrong Mr.
> > Ssekidde?
> >
> >> http://www.slackware.com/
> >> http://www.slackware.com/announce/10.0.php
> >>
> >> Sekidde
> >>
> >> "Lule George William" <[EMAIL PROTECTED]> wrote:
> >> >Hello guys,
> >> >I didn't just let this thread die off. Just been doing alot of work
> >
> > on
> >
> >> >this machine and currently here is the update since my last posting.
> >>
> >> 1) Knocked off SuSE 9.1 and installed 8.0, just to C how it will
> >> behave. There was no change with 9.0.
> >>
> >> >2) Knocked off 8.0 and placed on Windoze 2K Server. Windoze behaved
> >>
> >> well!!! Could ping both the router and my internal network,
> >>
> >> >perfectly!!! This practically ruled out hardware malfunction.
> >> >3) Knocked off Windoze and placed back 9.1. No firewall configured,
> >
> > no
> >
> >> >named, no nothing, the weird behaviour returned, can ping the
> >
> > internal
> >
> >> >network, returns network unreachable when pinging the router.
> >> >4) Since the router is a 2611 with a 10Mbps connection Simon advised
> >>
> >> me
> >>
> >> >not to allow the card facing the router to autonegotiate but fix it
> >
> > at
> >
> >> >10Mbs Half Duplex. I did that but there was no change.
> >> >5) Went to the stores and picked another new 2611, gave it a
> >> >configuration just enough for us to get onto the Internet, plugged
> >
> > it
> >
> >> >in in place of the old one. Still no change.
> >> >
> >> >So at this point I start to answer your questions:
> >> >> Hi,
> >> >>
> >> >> Could you drop us the following configs (you can censor your IPs )
> >> >>
> >> >> Router
> >> >> - sh run,
> >> >
> >> >UMU#sh running-config
> >> >Building configuration...
> >> >
> >> >Current configuration : 790 bytes
> >> >!
> >> >version 12.2
> >> >service timestamps debug uptime
> >> >service timestamps log uptime
> >> >no service password-encryption
> >> >!
> >> >hostname UMU
> >> >!
> >> >enable secret 5 $1$MHGk$wXIwNX2OPyqpApF3xAyGm1
> >> >enable password ************
> >> >!
> >> >ip subnet-zero
> >> >!
> >> >!
> >> >ip name-server 212.88.97.**
> >> >ip name-server 212.88.97.**
> >> >!
> >> >!
> >> >!
> >> >!
> >> >interface Ethernet0/0
> >> > ip address 212.88.97.** 255.255.255.**
> >> > no ip mroute-cache
> >> > half-duplex
> >> >!
> >> >interface Serial0/0
> >> > ip address 212.88.96.** 255.255.255.**
> >> > no ip mroute-cache
> >> >!
> >> >interface Ethernet0/1
> >> > no ip address
> >> > no ip mroute-cache
> >> > shutdown
> >> > half-duplex
> >> >!
> >> >ip default-gateway 212.88.96.**
> >> >ip classless
> >> >ip route 0.0.0.0 0.0.0.0 212.88.96.**
> >> >ip route 0.0.0.0 0.0.0.0 212.88.96.**
> >> >ip http server
> >> >ip pim bidir-enable
> >> >!
> >> >!
> >> >line con 0
> >> >line aux 0
> >> >line vty 0 4
> >> > exec-timeout 30 0
> >> > password ********
> >> > login
> >> >!
> >> >end
> >> >
> >> >UMU#
> >> >
> >> >> - sh int e0 (or sh int fa0)
> >> >
> >> >UMU#sh interfaces ethernet 0/0
> >> >Ethernet0/0 is up, line protocol is up
> >> > Hardware is AmdP2, address is 0009.b7fe.6620 (bia 0009.b7fe.6620)
> >>
> >> Internet address is 212.88.97.**/**
> >>
> >> > MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
> >> > reliability 255/255, txload 1/255, rxload 1/255
> >> > Encapsulation ARPA, loopback not set
> >> > Keepalive set (10 sec)
> >> > ARP type: ARPA, ARP Timeout 04:00:00
> >> > Last input 00:00:23, output 00:00:00, output hang never
> >> > Last clearing of "show interface" counters never
> >> > Queueing strategy: fifo
> >> > Output queue 0/40, 0 drops; input queue 0/75, 0 drops
> >> > 5 minute input rate 3000 bits/sec, 2 packets/sec
> >> > 5 minute output rate 8000 bits/sec, 3 packets/sec
> >> > 11235 packets input, 1445083 bytes, 0 no buffer
> >> > Received 6 broadcasts, 0 runts, 0 giants, 0 throttles
> >> > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
> >> > 0 input packets with dribble condition detected
> >> > 10791 packets output, 7595172 bytes, 0 underruns
> >> > 11 output errors, 0 collisions, 1 interface resets
> >> > 0 babbles, 0 late collision, 2 deferred
> >> > 11 lost carrier, 0 no carrier
> >> > 0 output buffer failures, 0 output buffers swapped out
> >> >
> >> >> - debug interface e0 (or debug int fa0)
> >> >
> >> >UMU#debug interface ethernet 0/0
> >> >Condition 1 set
> >> >UMU#debug interface ethernet 0/0
> >> >% Condition already set
> >> >
> >> >> Firewall
> >> >> - ifconfig
> >> >
> >> >eth0 Link encap:Ethernet HWaddr 00:0B:CD:D0:C2:48
> >> > inet addr:192.168.22.5 Bcast:192.168.255.255
> >> >Mask:255.255.0.0
> >> > inet6 addr: fe80::20b:cdff:fed0:c248/64 Scope:Link
> >> > UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500
> >> >Metric:1
> >> > RX packets:1306 errors:0 dropped:0 overruns:0 frame:0 TX
> >>
> >> packets:204 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >>
> >> > RX bytes:415917 (406.1 Kb) TX bytes:32097 (31.3 Kb)
> >>
> >> Interrupt:19
> >>
> >> >eth1 Link encap:Ethernet HWaddr 00:04:79:67:E5:4B
> >> > inet addr:212.88.97.222 Bcast:212.88.97.223
> >> >Mask:255.255.255.240
> >> > inet6 addr: fe80::204:79ff:fe67:e54b/64 Scope:Link
> >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >> > RX packets:556 errors:0 dropped:0 overruns:0 frame:0 TX
> >>
> >> packets:1077 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >>
> >> > RX bytes:46195 (45.1 Kb) TX bytes:81764 (79.8 Kb)
> >> > Interrupt:27 Base address:0x3000
> >> >
> >> >lo Link encap:Local Loopback
> >> > inet addr:127.0.0.1 Mask:255.0.0.0
> >> > inet6 addr: ::1/128 Scope:Host
> >> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> >> > RX packets:132 errors:0 dropped:0 overruns:0 frame:0 TX
> >>
> >> packets:132 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:0
> >>
> >> > RX bytes:12332 (12.0 Kb) TX bytes:12332 (12.0 Kb)
> >> >
> >> >> - iptables -nv --list
> >> >
> >> >umupo:~ # iptables -nv --list
> >> >Chain INPUT (policy DROP 0 packets, 0 bytes)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> > 10 652 ACCEPT all -- lo * 0.0.0.0/0
> >> >0.0.0.0/0
> >> > 0 0 DROP all -- eth1 * 0.0.0.0/0
> >> >255.255.255.255
> >> > 0 0 DROP all -- eth1 * 0.0.0.0/0
> >> >212.88.97.223
> >> > 0 0 input_ext all -- eth1 * 0.0.0.0/0
> >> >0.0.0.0/0
> >> > 499 292K input_int all -- eth0 * 0.0.0.0/0
> >> >0.0.0.0/0
> >> > 0 0 LOG all -- eth0 * 0.0.0.0/0
> >> >212.88.97.222 LOG flags 6 level 4 prefix `SFW2-IN-
> >
> > ACC_DENIED_INT
> >
> >> >'
> >> > 0 0 DROP all -- eth0 * 0.0.0.0/0
> >> >212.88.97.222
> >> > 0 0 LOG all -- * * 0.0.0.0/0
> >> >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
> >> > 0 0 DROP all -- * * 0.0.0.0/0
> >> >0.0.0.0/0
> >> >
> >> >Chain FORWARD (policy DROP 0 packets, 0 bytes)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> > 0 0 TCPMSS tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> >> >
> >> >Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> > 10 652 ACCEPT all -- * lo 0.0.0.0/0
> >> >0.0.0.0/0
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix
> >> >`SFW2-OUT-TRACERT-ATTEMPT '
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 11
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 3 code 3
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 3 code 4
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 3 code 9
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 3 code 10
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 3 code 13
> >> > 0 0 DROP icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 3
> >> > 224 30943 ACCEPT all -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state NEW,RELATED,ESTABLISHED
> >> > 0 0 LOG all -- * * 0.0.0.0/0
> >> >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-OUTPUT-ERROR '
> >> >
> >> >Chain forward_dmz (0 references)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> >
> >> >Chain forward_ext (0 references)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> >
> >> >Chain forward_int (0 references)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> >
> >> >Chain input_dmz (0 references)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 8
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-ICMP-CRIT '
> >> > 0 0 DROP icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0
> >> > 0 0 reject_func tcp -- * *
> >
> > 0.0.0.0/0
> >
> >> >0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INdmz-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INdmz-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INdmz-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02
> >
> > LOG
> >
> >> >flags 6 level 4 prefix `SFW2-INdmz-ACC-HiTCP '
> >> > 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED
> >> > 0 0 ACCEPT udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:22 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:111 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:111 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:631 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:631 state NEW
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix
> >>
> >> `SFW2-INdmz-DROP-DEFLT '
> >>
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-DEFLT '
> >> > 0 0 LOG udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INdmz-DROP-
> >
> > DEFLT
> >
> >> >'
> >> > 0 0 LOG all -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix
> >> >`SFW2-INdmz-DROP-DEFLT-INV '
> >> > 0 0 DROP all -- * * 0.0.0.0/0
> >> >0.0.0.0/0
> >> >
> >> >Chain input_ext (1 references)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-ACC-SOURCEQUENCH '
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 8
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-ICMP-CRIT '
> >> > 0 0 DROP icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0
> >> > 0 0 reject_func tcp -- * *
> >
> > 0.0.0.0/0
> >
> >> >0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INext-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INext-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INext-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02
> >
> > LOG
> >
> >> >flags 6 level 4 prefix `SFW2-INext-ACC-HiTCP '
> >> > 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED
> >> > 0 0 ACCEPT udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:22 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:111 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:111 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:631 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:631 state NEW
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix
> >>
> >> `SFW2-INext-DROP-DEFLT '
> >>
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-DEFLT '
> >> > 0 0 LOG udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INext-DROP-
> >
> > DEFLT
> >
> >> >'
> >> > 0 0 LOG all -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix
> >> >`SFW2-INext-DROP-DEFLT-INV '
> >> > 0 0 DROP all -- * * 0.0.0.0/0
> >> >0.0.0.0/0
> >> >
> >> >Chain input_int (1 references)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 8
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
> >> > 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-ICMP-CRIT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 2 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-ICMP-CRIT '
> >> > 0 0 DROP icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0
> >> > 3 144 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:23 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INint-ACC-TCP '
> >>
> >> > 3 144 ACCEPT tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:23
> >> > 0 0 reject_func tcp -- * *
> >
> > 0.0.0.0/0
> >
> >> >0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
> >> > 5 240 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INint-DROP '
> >>
> >> > 5 240 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INint-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02 LOG flags 6 level 4
> >>
> >> prefix `SFW2-INint-DROP '
> >>
> >> > 0 0 DROP tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp dpt:631 flags:0x16/0x02
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x16/0x02
> >
> > LOG
> >
> >> >flags 6 level 4 prefix `SFW2-INint-ACC-HiTCP '
> >> > 197 184K ACCEPT tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED
> >> > 12 1268 ACCEPT udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state RELATED,ESTABLISHED
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:22 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:111 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:111 state NEW
> >> > 9 1494 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:631 state NEW
> >> > 0 0 DROP udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 udp dpt:631 state NEW
> >> > 0 0 LOG tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 tcp flags:0x16/0x02 LOG flags 6 level 4 prefix
> >>
> >> `SFW2-INint-DROP-DEFLT '
> >>
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 4 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 5 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 8 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 13 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-DEFLT '
> >> > 0 0 LOG icmp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 icmp type 17 LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-DEFLT '
> >> > 273 104K LOG udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-INint-DROP-
> >
> > DEFLT
> >
> >> >'
> >> > 0 0 LOG all -- * * 0.0.0.0/0
> >> >0.0.0.0/0 state INVALID LOG flags 6 level 4 prefix
> >> >`SFW2-INint-DROP-DEFLT-INV '
> >> > 273 104K DROP all -- * * 0.0.0.0/0
> >> >0.0.0.0/0
> >> >
> >> >Chain reject_func (3 references)
> >> > pkts bytes target prot opt in out source
> >> >destination
> >> > 0 0 REJECT tcp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 reject-with tcp-reset
> >> > 0 0 REJECT udp -- * * 0.0.0.0/0
> >> >0.0.0.0/0 reject-with icmp-port-unreachable
> >> > 0 0 REJECT all -- * * 0.0.0.0/0
> >> >0.0.0.0/0 reject-with icmp-proto-unreachable
> >> >umupo:~ #
> >> >
> >> >> This should tell us a better story.
> >> >
> >> >Hope this story will have a good ending.
> >> >
> >> >Someone in another post had requested asked to do something using
> >>
> >> mii-tool. Before I could even do it, mii-tool refused to run on the
> >> machine as shown below
> >>
> >> >umupo:~ # mii-tool -w eth2
> >> >SIOCGMIIPHY on 'eth2' failed: Invalid argument
> >> >
> >> >When I insisted:
> >> >
> >> >umupo:~ # mii-tool -F 10BaseT-HD eth1
> >> >SIOCGMIIPHY on 'eth1' failed: Operation not supported
> >> >
> >> >ethtool didn't behave any better. Was giving me also errors.
> >> >
> >> >Someone in another post also mentioned something to do with vlans on
> >>
> >> the catalyst 2950. Well I haven't done any configuration on that
> >> switch as yet. Just got it out of its box and plucked it into the
> >> network. And besides, if that were the case, I would have already
> >
> > had
> >
> >> >this problem with my current proxy and also the windoze earlier
> >>
> >> mentioned wouldn't have behaved at all!!
> >>
> >> >I really appreciate all your help, and I have a very strong feeling
> >>
> >> that I am not the last one to have this problem with 9.1. We need a
> >> solution early...
> >>
> >> >> Bernard Wanyama
> >> >> Support Engineer
> >> >> Linux Solutions Uganda
> >> >> Cell: +256 71 193 979
> >> >>
> >> >> > Hello Guys,
> >> >> > I am dying to say (read type) some very, very, very nasty
> >
> > things
> >
> >> >about
> >> >
> >> >> > SuSE 9.1 but let me hold them back and just put across the
> >
> > source
> >
> >> >of my
> >> >
> >> >> > frustration.
> >> >> > Last Friday (I am typing this mail at the end of Wednesday) I
> >
> > made
> >
> >> >a
> >> >
> >> >> > clean install of SuSE 9.1 on a new machine with specs: HP
> >
> > Compaq,
> >
> >> >Intel
> >> >
> >> >> > Xeon Processor 2.4 GHZ, 1 GB RAM, 2 x 40GB HDD. Since among its
> >> >
> >> >other
> >> >
> >> >> > intended functions, it also going to be our proxy, I added a 2nd
> >> >
> >> >n/w
> >> >
> >> >> > card on top of its onboard gigabit ethernet card and then
> >
> > embarked
> >
> >> >on
> >> >
> >> >> > the installation.
> >> >> > It detected my network cards O.K and using YAST, I I.P
> >
> > addressed
> >
> >> >them
> >> >
> >> >> > and after which I did the proverbial ping test. I had configured
> >> >
> >> >the
> >> >
> >> >> > onboard to face our internal network and the other card to face
> >> >
> >> >the
> >> >
> >> >> > internet. The onboard returned the ping from all the internal
> >> >
> >> >machines
> >> >
> >> >> > O.K, but the second card gave me a network unreachable error. Re-
> >> >
> >> >check
> >> >
> >> >> > the values, re-enter them all O.K but still network unreachable
> >> >
> >> >errors.
> >> >
> >> >> > As a test, at this point, I decided to configure the onboard
> >> >
> >> >instead to
> >> >
> >> >> > face the internet and the second card to face the internal
> >> >
> >> >network.
> >> >The
> >> >
> >> >> > ping responded form all the machines on the internal network but
> >> >
> >> >got
> >> >
> >> >> > network unreachable errors from the onboard card. That
> >
> > confirmed
> >
> >> >both
> >> >
> >> >> > cards to be O.K.
> >> >> > When I switched the onboard to face the internal n/w again,
> >
> > BOTH
> >
> >> >cards
> >> >
> >> >> > returned network unreachable errors!!!!!! I got two other
> >
> > WORKING
> >
> >> >cards
> >> >
> >> >> > placed them into the machine, spent my saturday, my sunday,
> >> >
> >> >monday,
> >> >
> >> >> > tuesday, googled my (oops no nasty words!!) off and the circus
> >>
> >> continued, ping from inside, network unreachable errors from
> >>
> >> >outside.
> >> >
> >> >> > In between, I configured BIND which returns a succesfull dig
> >> >
> >> >@localhost
> >> >
> >> >> > but no remote servers found error when I try to dig anything
> >
> > else.
> >
> >> >I
> >> >
> >> >> > think its because of the other problem. I installed and
> >
> > configured
> >
> >> >> > squid which is also dying with a DNS name lookup tests failed
> >> >
> >> >error. I
> >> >
> >> >> > still think it is the other problem. I have configured and
> >> >
> >> >reconfigured
> >> >
> >> >> > SuSEfirewall2 a million times but still no luck. I have
> >
> > disabled
> >
> >> >ipv6,
> >> >
> >> >> > set static routes, checked all files in /etc/sysconfig/network
> >> >
> >> >against
> >> >
> >> >> > recommended ones and so many other things but still no luck. Can
> >>
> >> someone out there save my sanity?? Honest!! This thing is
> >>
> >> >driving
> >> >
> >> >> > me mad!!!!
> >>
> >>***********************************************************************
> >
> > *
> >
> >> >> > Lule George William (Mr)
> >> >> > Network and Systems Administrator
> >> >> > Uganda Martyrs University, Nkozi
> >> >> > P.O. Box 5498 Kampala
> >> >> > Uganda
> >> >> >
> >> >> >
> >> >> > ---------------------------------------------
> >> >> > This service is hosted on the Infocom network
> >> >> > http://www.infocom.co.ug
> >> >>
> >> >> ---------------------------------------------
> >> >> This service is hosted on the Infocom network
> >> >> http://www.infocom.co.ug
> >>
> >>***********************************************************************
> >
> > *
> >
> >> >Lule George William (Mr)
> >> >Network and Systems Administrator
> >> >Uganda Martyrs University, Nkozi
> >> >P.O. Box 5498 Kampala
> >> >Uganda
> >> >
> >> >
> >> >---------------------------------------------
> >> >This service is hosted on the Infocom network
> >> >http://www.infocom.co.ug
> >>
> >> __________________________________________________________________
> >> Switch to Netscape Internet Service.
> >> As low as $9.95 a month -- Sign up today at
> >
> > http://isp.netscape.com/register
> >
> >> Netscape. Just the Net You Need.
> >>
> >> New! Netscape Toolbar for Internet Explorer
> >> Search from anywhere on the Web and block those annoying pop-ups.
> >> Download now at http://channels.netscape.com/ns/search/install.jsp
> >>
> >>
> >> ---------------------------------------------
> >> This service is hosted on the Infocom network
> >> http://www.infocom.co.ug
> >
> > ************************************************************************
> > Lule George William (Mr)
> > Network and Systems Administrator
> > Uganda Martyrs University, Nkozi
> > P.O. Box 5498 Kampala
> > Uganda
> >
> >
> > ---------------------------------------------
> > This service is hosted on the Infocom network
> > http://www.infocom.co.ug
>
> ---------------------------------------------
> This service is hosted on the Infocom network
> http://www.infocom.co.ug
---------------------------------------------
This service is hosted on the Infocom network
http://www.infocom.co.ug
