>I'm having a similar problem. If I turn off network and Samba, I can browse
>and retrieve data but with networking up I CAN connect & ping my ISP but
>nothing gets back through the firewall. There has got to be a quick fix for
>this but with my limited Linux experience. I just can't seem to find the
>answers. Can someonr help me out?
Michael Schwendt wrote:
Hmmm, can you please flood us with details on your network setup?
Both when it is working and when it is not working. For the start:
# ifconfig -a
# netstat -r
# ipchains-save
[root@ernie /root]# ifconfig -a
lo Link encap:Local Loopback
LOOPBACK MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
You have new mail in /var/spool/mail/root
[root@ernie /root]#
[root@ernie /root]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
[root@ernie /root]#
[root@ernie /root]# ipchains-save
`/proc/net/ip_fwchains' does not exist.
(Does this kernel support IP Firewall Chains?)
[root@ernie /root]#
[root@ernie /root]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 * 255.255.255.0 U 40 0 0 eth0
127.0.0.0 * 255.0.0.0 U 40 0 0 lo
default ernie.schroder 0.0.0.0 UG 40 0 0 eth0
[root@ernie /root]#
After allowing ipchains, network,pmfirewall,smb and swat in control
pannel/Services I get:
[root@ernie /root]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 52:54:00:E2:48:45
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xe400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
[root@ernie /root]#
[root@ernie /root]# ipchains-save
:input ACCEPT
:forward DENY
:output ACCEPT
:icmp -
Saving `input'.
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT
-A input -s 224.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 224.0.0.0/255.0.0.0 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 67:68 -i ppp0 -p 17 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 137:139 -i ppp0 -p 6 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 137:139 -i ppp0 -p 17 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 520:520 -i ppp0 -p 17 -j REJECT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 2049:2049 -i ppp0 -p 6 -j DENY
-l-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 2049:2049 -i ppp0 -p 17 -j
DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 5999:6003 -i ppp0 -p 6 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 5999:6003 -i ppp0 -p 17 -j DENY
-A input -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
Saving `forward'.
-A forward -s 192.168.0.0/255.255.255.0 -d 192.168.0.0/255.255.255.0 -j ACCEPT
-A forward -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
Saving `output'.
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT
-A output -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 23:23 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 110:110 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 25:25 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 20:20 -p 6 -t 01 08
-A output -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 1 -j ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
Saving `icmp'.
-A icmp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
[root@ernie /root]#
And then with kppp running & network services still up:
[root@ernie /root]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 52:54:00:E2:48:45
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2694 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1762 errors:0 dropped:0 overruns:0 frame:0
TX packets:1762 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:208.58.249.142 P-t-P:10.65.76.16 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1524 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
[root@ernie /root]#
[root@ernie /root]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.65.76.16 * 255.255.255.255 UH 40 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 40 0 0 eth0
127.0.0.0 * 255.0.0.0 U 40 0 0 lo
default ernie.schroder 0.0.0.0 UG 40 0 0 eth0
[root@ernie /root]#
[root@ernie /root]# ipchains-save
:input ACCEPT
:forward DENY
:output ACCEPT
:icmp -
Saving `input'.
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 -p 6 -j ACCEPT
! -y
-A input -s 10.0.0.0/255.0.0.0 -d 208.58.249.142/255.255.255.255 -i ppp0 -j
DENY-A input -s 127.0.0.0/255.0.0.0 -d 208.58.249.142/255.255.255.255 -i ppp0
-j DENY
-A input -s 172.16.0.0/255.240.0.0 -d 208.58.249.142/255.255.255.255 -i ppp0
-j DENY
-A input -s 192.168.0.0/255.255.0.0 -d 208.58.249.142/255.255.255.255 -i ppp0
-j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 31337:31337 -p
6 -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 31337:31337 -p
17 -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 12345:12346 -p
6 -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 12345:12346 -p
17 -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 1524:1524 -p 6
-j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 27665:27665 -p
6 -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 27444:27444 -p
17 -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 31335:31335 -p
17 -j DENY -l
-A input -s 224.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 224.0.0.0/255.0.0.0 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 67:68 -i ppp0 -p 17 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 113:113 -p 6 -j
REJECT
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 113:113 -p 17
-j REJECT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 137:139 -i ppp0 -p 6 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 137:139 -i ppp0 -p 17 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 520:520 -i ppp0 -p 17 -j REJECT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 2049:2049 -i ppp0 -p 6 -j DENY
-l-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 2049:2049 -i ppp0 -p 17 -j
DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 5999:6003 -i ppp0 -p 6 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 5999:6003 -i ppp0 -p 17 -j DENY
-A input -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 -p 1 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 1023:65535 -p 6
-j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 208.58.249.142/255.255.255.255 1023:65535 -p
17 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
Saving `forward'.
-A forward -s 192.168.0.0/255.255.255.0 -d 192.168.0.0/255.255.255.0 -j ACCEPT
-A forward -s 208.58.249.142/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT
-A forward -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
Saving `output'.
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT
-A output -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 23:23 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 110:110 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 25:25 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 20:20 -p 6 -t 01 08
-A output -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 1 -j ACCEPT
-A output -s 208.58.249.142/255.255.255.255 -d 0.0.0.0/0.0.0.0 -p 1 -j ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
Saving `icmp'.
-A icmp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
[root@ernie /root]#
[root@ernie /root]# tail -f /var/log/messages
Jul 18 22:03:44 ernie kernel: IPX Portions Copyright (c) 2000, 2001
Conectiva, Inc.
Jul 18 22:03:44 ernie kernel: NET4: AppleTalk 0.18a for Linux NET4.0
Jul 18 22:03:44 ernie kernel: PPP BSD Compression module registered
Jul 18 22:03:44 ernie kernel: PPP Deflate Compression module registered
Jul 18 22:03:45 ernie pppd[2153]: not replacing existing default route to
eth0 [192.168.0.1]
Jul 18 22:03:45 ernie pppd[2153]: local IP address 208.58.249.142
Jul 18 22:03:45 ernie pppd[2153]: remote IP address 10.65.76.16
Jul 18 22:03:45 ernie pppd[2153]: primary DNS address 207.172.3.10
Jul 18 22:03:45 ernie pppd[2153]: secondary DNS address 207.172.3.11
Jul 18 22:03:46 ernie kernel: Sorry: masquerading timeouts set
5DAYS/2MINS/60SECS
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
