Networking problem
JD
jd1008 at gmail.com
Sat May 14 15:46:51 UTC 2011
On 05/14/11 09:17, Rick Sewill wrote:
> On Saturday, May 14, 2011 09:27:55 AM JD wrote:
>> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
>>> On 05/14/2011 09:36 AM, JD wrote:
>>>> On my F14, I am running a firewall that accepts specific connection on
>>>> specific ports from some machines on the LAN.
>>>>
>>>> However, for one machine I made a general rule to accept all
>>>> connections:
>>>>
>>>> -A INPUT -s 192.168.1.60 -j ACCEPT
>>>>
>>>> After restarting the firewall,
>>>>
>>>> I still am unable to ping that machine and it is unable to ping me.
>>>> That machine is not running a firewall.
>>>>
>>>> I can ping the router and another machine I have on the LAN.
>>>> The machine at 192.168.1.60 can do the same.
>>>>
>>>> What else do I need to do to be able to talk to machine 192.168.1.60
>>>> and it to my fedora machine?
>>> Try:
>>>
>>> -A INPUT -s 192.168.1.60/32 -j ACCEPT
>>>
>>> there needs to be a netmask in the syntax.
>> Tried it.
>> Did not change anything :(
> Could we see more of the network topology please?
>
> Can you do on both machines:
> /bin/netstat -rn
On Fedora Machine:
# /bin/netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
wlan0
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0
virbr0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0
wlan0
On the machine in question (192.168.1.60)
# /sbin/netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGSc 8 0 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 4 lo0
169.254 link#6 UCS 0 0 en1
192.168.1 link#6 UCS 2 0 en1
192.168.1.1 0:26:18:6:ef:7 UHLW 0 113 en1 566
192.168.1.60 127.0.0.1 UHS 0 0 lo0
192.168.1.254 0:1d:5a:c8:91:c1 UHLW 15 153 en1 565
Internet6:
Destination Gateway
Flags Netif Expire
::1 link#1
UHL lo0
fe80::%lo0/64 fe80::1%lo0
Uc lo0
fe80::1%lo0 link#1
UHL lo0
ff01::/32 ::1
U lo0
ff02::/32 fe80::1%lo0
UC lo0
>
> /sbin/ifconfig
On Fedora machine:
# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E
inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:174589 (170.4 KiB) TX bytes:418153 (408.3 KiB)
Interrupt:19 Base address:0xd800
eth0:0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
Interrupt:19 Base address:0xd800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:373719874 (356.4 MiB) TX bytes:373719874 (356.4 MiB)
virbr0 Link encap:Ethernet HWaddr 22:3E:A6:BB:CD:51
inet addr:192.168.122.1 Bcast:192.168.122.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:1617830 (1.5 MiB)
wlan0 Link encap:Ethernet HWaddr 00:34:56:00:03:43
inet6 addr: fe80::234:56ff:fe00:343/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4976669 errors:0 dropped:0 overruns:0 frame:0
TX packets:4947232 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1062494718 (1013.2 MiB) TX bytes:500756007 (477.5 MiB)
wlan0:0 Link encap:Ethernet HWaddr 00:34:56:00:03:43
inet addr:192.168.1.108 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
On 192.168.1.60:
# /sbin/ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:11:24:7e:2d:c8
media: autoselect (none) status: inactive
supported media: none autoselect 10baseT/UTP <half-duplex>
10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,flow-control>
10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX
<full-duplex> 100baseTX <full-duplex,flow-control> 100baseTX
<full-duplex,hw-loopback> 1000baseT <full-duplex> 1000baseT
<full-duplex,flow-control> 1000baseT <full-duplex,hw-loopback>
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:11:24:ff:fe:7e:2d:c8
media: autoselect <full-duplex> status: inactive
supported media: autoselect <full-duplex>
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.70 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:11:24:92:bc:e0
media: autoselect status: active
supported media: autoselect
> If you don't mind, it might be easiest to copy your filewall
> rules so we can see them. As root,
> /sbin/iptables -L -v
Sorry. I cannot expose my FW settings to a public list because
they might contain weaknesses that someone could exploit.
> If you are concerned with security and sharing your public IP address,
> may I suggest changing the public IP address ranges to something else,
> like xxx.xxx.xxx.0, yyy.yyy.yyy.0, etc, in the output.
Actually, I have no public IP addresses in the rules.
> Another question...if you have multiple ethernet devices,
> which device is 192.168.1.60 connected to?
en1 (this is a Powerbook g4 running OS X 10.5.8).
>
More information about the users
mailing list