On Wednesday, Oct 8th 2003 at 16:31 -0400, quoth vvor: =>alas, i am still being dropped. the only thing i have changed is ipchains to =>iptables. => =>does anybody else on roadrunner have an iptables script that doesn't result in =>being dropped every few hours? => =>vora :(
I'm not sure exactly what your problem is but I'm guessing that your problem is that your firewall is somehow not allowing DHCP packets through. My take is that you shouldn't write iptables commands. You're better off running a firewall generator. My personal favorite right now is FIAIF over at www.fiaif.net (Fiaif Is An Intelligent Firewall). It's both a palindrome and recursive so you know it works. => =>> -----Original Message----- =>> From: [EMAIL PROTECTED] =>> [mailto:[EMAIL PROTECTED] Behalf Of scan =>> Sent: Tuesday, October 07, 2003 4:35 PM =>> To: [EMAIL PROTECTED] =>> Subject: RE: eth0 vanishing =>> =>> =>> IPTABLES=/usr/sbin/iptables =>> INET_IFACE=eth0 =>> ip=xxx.xxx.xxx.xxx =>> =>> =>> # if accept - but set limit to avoid flood ping =>> # $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> # --icmp-type echo-request \ =>> # -m limit --limit 1/s \ =>> # -j ACCEPT =>> =>> # if drop =>> $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> --icmp-type echo-request \ =>> -j DROP =>> =>> $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> --icmp-type echo-reply \ =>> -j ACCEPT =>> =>> $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> --icmp-type destination-unreachable \ =>> -j ACCEPT =>> =>> $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> --icmp-type source-quench \ =>> -j ACCEPT =>> =>> $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> --icmp-type time-exceeded \ =>> -j ACCEPT =>> =>> $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> --icmp-type parameter-problem \ =>> -j ACCEPT =>> =>> $IPTABLES -A FORWARD -i $INET_IFACE -d $ip -p icmp \ =>> -j DROP =>> =>> should help. =>> =>> regards ~andreas =>> > -----Original Message----- =>> > From: [EMAIL PROTECTED] =>> > [mailto:[EMAIL PROTECTED] Behalf Of vvor =>> > Sent: Tuesday, October 07, 2003 9:58 PM =>> > To: Linux =>> > Subject: eth0 vanishing =>> > =>> > =>> > as i mentioned, i switched to iptables. =>> > =>> > now, every few hours, my roadrunner connection is dropping. this was not =>> > happening with ipchains! here is the part of my log just before =>> > it happens. i =>> > tried ifup, but that doesn't help. it fails to acquire the ip =>> > address. does =>> > anyone know what is happening? is my nic dying? is it iptables? i =>> > wish i had a =>> > clue. (rat is the name of my serer) =>> > =>> > Oct 7 11:12:53 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.93.59.9 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=108 ID=32984 PROTO=ICMP TYPE=8 CODE=0 ID=512 =>> > SEQ=13147 =>> > Oct 7 11:13:10 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.92.55.84 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=116 ID=32344 PROTO=ICMP TYPE=8 CODE=0 ID=512 =>> > SEQ=63402 =>> > Oct 7 11:13:11 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.91.237.92 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=109 ID=51960 PROTO=ICMP TYPE=8 CODE=0 ID=512 =>> > SEQ=10926 =>> > Oct 7 11:13:16 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.87.204.62 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=112 ID=14451 PROTO=ICMP TYPE=8 CODE=0 ID=256 =>> > SEQ=18987 =>> > Oct 7 11:13:32 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.93.98.142 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=112 ID=14425 PROTO=ICMP TYPE=8 CODE=0 ID=512 =>> > SEQ=53582 =>> > Oct 7 11:13:57 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.93.95.214 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=111 ID=23468 PROTO=ICMP TYPE=8 CODE=0 ID=512 =>> > SEQ=8539 =>> > Oct 7 11:14:02 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.90.217.1 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=122 ID=55258 PROTO=ICMP TYPE=8 CODE=0 ID=512 =>> > SEQ=26314 =>> > Oct 7 11:14:37 rat kernel: [ICMP drop] IN=eth0 OUT= =>> > MAC=00:20:18:8a:4e:1b:00:06:2a:cb:24:54:08:00 SRC=24.92.53.195 =>> > DST=24.90.93.125 =>> > LEN=92 TOS=0x00 PREC=0x00 TTL=115 ID=28474 PROTO=ICMP TYPE=8 CODE=0 ID=512 =>> > SEQ=484 =>> > Oct 7 11:14:56 rat kernel: [UDP reject] IN= OUT=eth0 SRC=24.90.93.125 =>> > DST=24.29.99.107 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF =>> > PROTO=UDP SPT=68 =>> > DPT=67 LEN=556 =>> > Oct 7 11:14:56 rat kernel: [UDP drop] IN= OUT=eth0 SRC=192.168.0.1 =>> > DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF =>> > PROTO=UDP SPT=68 =>> > DPT=67 LEN=308 =>> > Oct 7 11:16:01 rat ntpd[1241]: sendto(192.5.41.40): Invalid argument =>> > Oct 7 11:17:24 rat ntpd[1241]: sendto(129.237.32.1): Invalid argument =>> > Oct 7 11:19:08 rat ntpd[1241]: sendto(128.206.12.150): Invalid argument =>> > Oct 7 11:20:04 rat ntpd[1241]: sendto(128.249.2.19): Invalid argument =>> > Oct 7 11:20:15 rat ntpd[1241]: sendto(192.52.71.4): Invalid argument =>> > Oct 7 11:26:10 rat ntpd[1241]: sendto(128.252.19.1): Invalid argument =>> > Oct 7 11:27:34 rat ntpd[1241]: sendto(192.5.41.41): Invalid argument =>> > Oct 7 11:28:13 rat ntpd[1241]: sendto(192.52.71.21): Invalid argument =>> > Oct 7 12:03:53 rat named[1319]: no longer listening on 24.90.93.125#53 =>> > =>> > vora =>> > =>> > =>> > =>> > _______________________________________________ =>> > Seawolf-list mailing list =>> > [EMAIL PROTECTED] =>> > https://www.redhat.com/mailman/listinfo/seawolf-list =>> > =>> =>> =>> _______________________________________________ =>> Seawolf-list mailing list =>> [EMAIL PROTECTED] =>> https://www.redhat.com/mailman/listinfo/seawolf-list => => =>_______________________________________________ =>Seawolf-list mailing list =>[EMAIL PROTECTED] =>https://www.redhat.com/mailman/listinfo/seawolf-list => -- -Time flies like the wind. Fruit flies like a banana. Stranger things have - -happened but none stranger than this. Does your driver's license say Organ -Donor?Black holes are where God divided by zero. Listen to me! We are all- -individuals! What if this weren't a hypothetical question? steveo at syslang.net _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/seawolf-list
