/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
hi all, any clue on this? sorry for the repost, but this problem still ocurrs and I do not know what to do <http://www.ayi-asociados.com> Julian de Anquin Consultor Sarmiento 71 - 2o Piso of. 8 x5000EYA - Cordoba - Argentina (54-0351) 4254394 4242545 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.ayi.asociados.com <http://www.ayi-asociados.com> -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Julian Eduardo de Anquin Enviado el: Lunes, 28 de Julio de 2003 10:10 a.m. Para: [EMAIL PROTECTED] Asunto: RE: [Masq] Re: Problem /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hi all, my problem Has just ocurr againg I cannto access internet from the host 180.120.10.83 (i Know i cant use those ips but y cannot change them rigth now) my linux box is 180.120.10.200(gateway) and its external Ip is 200.69.147.51 I cant ping from 180.120.10.83 to 180.120.10.200 and 200.69.147.53 I cannot ping 200.69.128.1(my dns that it's outside my network i.e on the internet) when y try to ping my DNS y get time out, and on /var/log/message y get Jul 28 09:59:18 morpheus kernel: IN=eth1 OUT=eth1 SRC=180.120.10.83 DST=200.69.128.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=6431 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=33792 Jul 28 09:59:19 morpheus kernel: IN=eth1 OUT=eth1 SRC=180.120.10.83 DST=200.69.128.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=6461 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=34048 cat /proc/net/ip_conntrack | wc -l gives me 56 routing table of the affected pC =========================================================================== =========================================================================== Rutas activas: Destino de red Mascara de red Puerta de acceso Interfaz Metrica 0.0.0.0 0.0.0.0 180.120.10.200 180.120.10.83 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 180.120.0.0 255.255.0.0 180.120.10.83 180.120.10.83 1 180.120.10.83 255.255.255.255 127.0.0.1 127.0.0.1 1 180.120.255.255 255.255.255.255 180.120.10.83 180.120.10.83 1 224.0.0.0 224.0.0.0 180.120.10.83 180.120.10.83 1 255.255.255.255 255.255.255.255 180.120.10.83 180.120.10.83 1 Puerta de enlace predeterminada: 180.120.10.200 =========================================================================== routing table of the linux box Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 200.69.147.48 * 255.255.255.248 U 0 0 0 eth1 180.120.0.0 * 255.255.0.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 200.69.136.49.t 0.0.0.0 UG 0 0 0 eth1 another thing that may help. these are my rules, very simple **-*-*-***-*-*-***-*-*-***-*-*-***-*-*-***-*-*-* $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F echo " FWD: Allow all connections OUT and only existing and related ones IN" #para bloquear acceso a determinadas direcciones ip #iptables -A FORWARD -d 216.109.125.64 -j REJECT $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE #PTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE echo -e "\nrc.firewall-2.4 v$FWVER done.\n" **-*-*-***-*-*-***-*-*-***-*-*-***-*-*-***-*-*-* any clue? i dont know what to do thnks a lot Julian de Anquin Consultor Sarmiento 71 - 2o Piso of. 8 x5000EYA - Cordoba - Argentina (54-0351) 4254394 4242545 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.ayi.asociados.com <http://www.ayi-asociados.com> -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Jamin W. Collins Enviado el: Viernes, 25 de Julio de 2003 12:25 p.m. Para: [EMAIL PROTECTED] Asunto: Re: [Masq] Re: Problem /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ On Fri, Jul 25, 2003 at 12:19:36PM -0300, Julian Eduardo de Anquin wrote: > i have check now and a got 115 on ip_contrack and some pc in the > network cannot access the internet any clue on what can be going on? Items to check: - effected PCs routing table - the gateway's logs Can the effected PCs: - ping internal systems by name - ping internal systems by IP - ping the internal IP of the gateway - ping the external IP of the gateway - ping 66.218.71.198 (yahoo.com IP) -- Jamin W. Collins This is the typical unix way of doing things: you string together lots of very specific tools to accomplish larger tasks. -- Vineet Kumar _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
