Networking problem
JD
jd1008 at gmail.com
Sat May 14 20:27:53 UTC 2011
On 05/14/11 12:55, Rick Sewill wrote:
> On Saturday, May 14, 2011 10:46:51 AM JD wrote:
>> On 05/14/11 09:17, Rick Sewill wrote:
>>> On Saturday, May 14, 2011 09:27:55 AM JD wrote:
>>>> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
>>>>> On 05/14/2011 09:36 AM, JD wrote:
>>>>>> On my F14, I am running a firewall that accepts specific connection on
>>>>>> specific ports from some machines on the LAN.
>>>>>>
>>>>>> However, for one machine I made a general rule to accept all
>>>>>> connections:
>>>>>>
>>>>>> -A INPUT -s 192.168.1.60 -j ACCEPT
>>>>>>
>>>>>> After restarting the firewall,
>>>>>>
>>>>>> I still am unable to ping that machine and it is unable to ping me.
>>>>>> That machine is not running a firewall.
>>>>>>
>>>>>> I can ping the router and another machine I have on the LAN.
>>>>>> The machine at 192.168.1.60 can do the same.
>>>>>>
>>>>>> What else do I need to do to be able to talk to machine 192.168.1.60
>>>>>> and it to my fedora machine?
>>>>> Try:
>>>>>
>>>>> -A INPUT -s 192.168.1.60/32 -j ACCEPT
>>>>>
>>>>> there needs to be a netmask in the syntax.
>>>> Tried it.
>>>> Did not change anything :(
>>> Could we see more of the network topology please?
>>>
>>> Can you do on both machines:
>>> /bin/netstat -rn
>> On Fedora Machine:
>> # /bin/netstat -rn
>> Kernel IP routing table
>> Destination Gateway Genmask Flags MSS Window irtt
>> Iface
>> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
>> eth0
>> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
>> wlan0
>> 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0
>> eth0
>> 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0
>> virbr0
>> 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0
>> wlan0
>>
>>
>> On the machine in question (192.168.1.60)
>> # /sbin/netstat -rn
>> Routing tables
>>
>> Internet:
>> Destination Gateway Flags Refs Use Netif Expire
>> default 192.168.1.254 UGSc 8 0 en1
>> 127 127.0.0.1 UCS 0 0 lo0
>> 127.0.0.1 127.0.0.1 UH 0 4 lo0
>> 169.254 link#6 UCS 0 0 en1
>> 192.168.1 link#6 UCS 2 0 en1
>> 192.168.1.1 0:26:18:6:ef:7 UHLW 0 113 en1 566
>> 192.168.1.60 127.0.0.1 UHS 0 0 lo0
>> 192.168.1.254 0:1d:5a:c8:91:c1 UHLW 15 153 en1 565
>>
>> Internet6:
>> Destination Gateway
>> Flags Netif Expire
>>
>> ::1 link#1
>>
>> UHL lo0
>> fe80::%lo0/64 fe80::1%lo0
>> Uc lo0
>> fe80::1%lo0 link#1
>> UHL lo0
>> ff01::/32 ::1
>> U lo0
>> ff02::/32 fe80::1%lo0
>> UC lo0
>>
>>> /sbin/ifconfig
>> On Fedora machine:
>>
>> # /sbin/ifconfig
>> eth0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E
>> inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0
>> inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>> RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:174589 (170.4 KiB) TX bytes:418153 (408.3 KiB)
>> Interrupt:19 Base address:0xd800
>>
>> eth0:0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E
>> inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>> Interrupt:19 Base address:0xd800
>>
>> lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Mask:255.0.0.0
>> inet6 addr: ::1/128 Scope:Host
>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>> RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:373719874 (356.4 MiB) TX bytes:373719874 (356.4 MiB)
>>
>> virbr0 Link encap:Ethernet HWaddr 22:3E:A6:BB:CD:51
>> inet addr:192.168.122.1 Bcast:192.168.122.255
>> Mask:255.255.255.0
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:8391 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:0 (0.0 b) TX bytes:1617830 (1.5 MiB)
>>
>> wlan0 Link encap:Ethernet HWaddr 00:34:56:00:03:43
>> inet6 addr: fe80::234:56ff:fe00:343/64 Scope:Link
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:4976669 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:4947232 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:1062494718 (1013.2 MiB) TX bytes:500756007 (477.5 MiB)
>>
>> wlan0:0 Link encap:Ethernet HWaddr 00:34:56:00:03:43
>> inet addr:192.168.1.108 Bcast:192.168.1.255 Mask:255.255.255.0
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> On 192.168.1.60:
>> # /sbin/ifconfig
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
>> inet 127.0.0.1 netmask 0xff000000
>> inet6 ::1 prefixlen 128
>> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
>> stf0: flags=0<> mtu 1280
>> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> ether 00:11:24:7e:2d:c8
>> media: autoselect (none) status: inactive
>> supported media: none autoselect 10baseT/UTP<half-duplex>
>> 10baseT/UTP<full-duplex> 10baseT/UTP<full-duplex,flow-control>
>> 10baseT/UTP<full-duplex,hw-loopback> 100baseTX<half-duplex> 100baseTX
>> <full-duplex> 100baseTX<full-duplex,flow-control> 100baseTX
>> <full-duplex,hw-loopback> 1000baseT<full-duplex> 1000baseT
>> <full-duplex,flow-control> 1000baseT<full-duplex,hw-loopback>
>> fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
>> lladdr 00:11:24:ff:fe:7e:2d:c8
>> media: autoselect<full-duplex> status: inactive
>> supported media: autoselect<full-duplex>
>> en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> inet 192.168.1.70 netmask 0xffffff00 broadcast 192.168.1.255
>> ether 00:11:24:92:bc:e0
>> media: autoselect status: active
>> supported media: autoselect
>>
>>> If you don't mind, it might be easiest to copy your filewall
>>> rules so we can see them. As root,
>>> /sbin/iptables -L -v
>> Sorry. I cannot expose my FW settings to a public list because
>> they might contain weaknesses that someone could exploit.
>>
>>> If you are concerned with security and sharing your public IP address,
>>> may I suggest changing the public IP address ranges to something else,
>>> like xxx.xxx.xxx.0, yyy.yyy.yyy.0, etc, in the output.
>> Actually, I have no public IP addresses in the rules.
>>
>>> Another question...if you have multiple ethernet devices,
>>> which device is 192.168.1.60 connected to?
>> en1 (this is a Powerbook g4 running OS X 10.5.8).
> Both Fedora and the Powerbook can ping the default gateway,
> 192.168.254.1 ?
>
> The Powerbook entries confuse me.
> According to the Powerbook netstat -rn, I would expect an interface,
> 192.168.1.60/some mask
>
> When I look at the Powerbook ifconfig, I see
> en1: ... inet 192.168.1.70 netmask 0xffffff00 ...
> I expected this entry to read inet 192.168.1.60 netmask 0xffffff00
>
> Can I suggest, for a test, change the iptables filters to allow any
> incoming packet from 192.168.1.0/24, and then, try to ping from
> the Powerbook. Also, you might wish to check the ARP table on
> Fedora to see what IP address/Mac address entries it knows about.
> As root, try /sbin/arp -a
> I am interested to know, after the attempted ping from the Powerbook,
> what IP address/Mac entry is found, if any, in the Fedora.
>
I added the rule
-A INPUT -s 192.168.1.0/24 -j ACCEPT
and retried.
Same thing.
both machines can ping the GW, and they can ping a third machine I have
on the LAN.
But they cannot ping each other.
I also brought the fedora firewall down, and retried to ping Fedora
from Powerbook. No go!!
More information about the users
mailing list