/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi all, my problem Has just ocurr againg
I cannto access internet from the host 180.120.10.83 (i Know i cant use
those ips but y cannot change them rigth now)
my linux box is 180.120.10.200(gateway) and its external Ip is 200.69.147.51
I cant ping from 180.120.10.83 to 180.120.10.200 and 200.69.147.53
I cannot ping 200.69.128.1(my dns that it's outside my network i.e on the
internet)
when y try to ping my DNS y get time out, and on /var/log/message y get
Jul 28 09:59:18 morpheus kernel: IN=eth1 OUT=eth1 SRC=180.120.10.83
DST=200.69.128.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=6431 PROTO=ICMP TYPE=8
CODE=0 ID=512 SEQ=33792
Jul 28 09:59:19 morpheus kernel: IN=eth1 OUT=eth1 SRC=180.120.10.83
DST=200.69.128.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=6461 PROTO=ICMP TYPE=8
CODE=0 ID=512 SEQ=34048
cat /proc/net/ip_conntrack | wc -l gives me 56
routing table of the affected pC
===========================================================================
===========================================================================
Rutas activas:
Destino de red Mascara de red Puerta de acceso Interfaz Metrica
0.0.0.0 0.0.0.0 180.120.10.200 180.120.10.83 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
180.120.0.0 255.255.0.0 180.120.10.83 180.120.10.83 1
180.120.10.83 255.255.255.255 127.0.0.1 127.0.0.1 1
180.120.255.255 255.255.255.255 180.120.10.83 180.120.10.83 1
224.0.0.0 224.0.0.0 180.120.10.83 180.120.10.83 1
255.255.255.255 255.255.255.255 180.120.10.83 180.120.10.83 1
Puerta de enlace predeterminada: 180.120.10.200
===========================================================================
routing table of the linux box
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
200.69.147.48 * 255.255.255.248 U 0 0 0 eth1
180.120.0.0 * 255.255.0.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 200.69.136.49.t 0.0.0.0 UG 0 0 0 eth1
another thing that may help.
these are my rules, very simple
**-*-*-***-*-*-***-*-*-***-*-*-***-*-*-***-*-*-*
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones
IN"
#para bloquear acceso a determinadas direcciones ip
#iptables -A FORWARD -d 216.109.125.64 -j REJECT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#PTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-2.4 v$FWVER done.\n"
**-*-*-***-*-*-***-*-*-***-*-*-***-*-*-***-*-*-*
any clue? i dont know what to do
thnks a lot
Julian de Anquin
Consultor
Sarmiento 71 - 2o Piso of. 8
x5000EYA - Cordoba - Argentina
(54-0351) 4254394 4242545
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
www.ayi.asociados.com <http://www.ayi-asociados.com>
-----Mensaje original-----
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
nombre de Jamin W. Collins
Enviado el: Viernes, 25 de Julio de 2003 12:25 p.m.
Para: [EMAIL PROTECTED]
Asunto: Re: [Masq] Re: Problem
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
On Fri, Jul 25, 2003 at 12:19:36PM -0300, Julian Eduardo de Anquin wrote:
> i have check now and a got 115 on ip_contrack and some pc in the
> network cannot access the internet any clue on what can be going on?
Items to check:
- effected PCs routing table
- the gateway's logs
Can the effected PCs:
- ping internal systems by name
- ping internal systems by IP
- ping the internal IP of the gateway
- ping the external IP of the gateway
- ping 66.218.71.198 (yahoo.com IP)
--
Jamin W. Collins
This is the typical unix way of doing things: you string together lots
of very specific tools to accomplish larger tasks. -- Vineet Kumar
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
