Networking problem
Rick Sewill
rsewill at gmail.com
Sat May 14 19:55:31 UTC 2011
On Saturday, May 14, 2011 10:46:51 AM JD wrote:
> On 05/14/11 09:17, Rick Sewill wrote:
> > On Saturday, May 14, 2011 09:27:55 AM JD wrote:
> >> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
> >>> On 05/14/2011 09:36 AM, JD wrote:
> >>>> On my F14, I am running a firewall that accepts specific connection on
> >>>> specific ports from some machines on the LAN.
> >>>>
> >>>> However, for one machine I made a general rule to accept all
> >>>> connections:
> >>>>
> >>>> -A INPUT -s 192.168.1.60 -j ACCEPT
> >>>>
> >>>> After restarting the firewall,
> >>>>
> >>>> I still am unable to ping that machine and it is unable to ping me.
> >>>> That machine is not running a firewall.
> >>>>
> >>>> I can ping the router and another machine I have on the LAN.
> >>>> The machine at 192.168.1.60 can do the same.
> >>>>
> >>>> What else do I need to do to be able to talk to machine 192.168.1.60
> >>>> and it to my fedora machine?
> >>>
> >>> Try:
> >>>
> >>> -A INPUT -s 192.168.1.60/32 -j ACCEPT
> >>>
> >>> there needs to be a netmask in the syntax.
> >>
> >> Tried it.
> >> Did not change anything :(
> >
> > Could we see more of the network topology please?
> >
> > Can you do on both machines:
> > /bin/netstat -rn
>
> On Fedora Machine:
> # /bin/netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> wlan0
> 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0
> virbr0
> 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0
> wlan0
>
>
> On the machine in question (192.168.1.60)
> # /sbin/netstat -rn
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif Expire
> default 192.168.1.254 UGSc 8 0 en1
> 127 127.0.0.1 UCS 0 0 lo0
> 127.0.0.1 127.0.0.1 UH 0 4 lo0
> 169.254 link#6 UCS 0 0 en1
> 192.168.1 link#6 UCS 2 0 en1
> 192.168.1.1 0:26:18:6:ef:7 UHLW 0 113 en1 566
> 192.168.1.60 127.0.0.1 UHS 0 0 lo0
> 192.168.1.254 0:1d:5a:c8:91:c1 UHLW 15 153 en1 565
>
> Internet6:
> Destination Gateway
> Flags Netif Expire
>
> ::1 link#1
>
> UHL lo0
> fe80::%lo0/64 fe80::1%lo0
> Uc lo0
> fe80::1%lo0 link#1
> UHL lo0
> ff01::/32 ::1
> U lo0
> ff02::/32 fe80::1%lo0
> UC lo0
>
> > /sbin/ifconfig
>
> On Fedora machine:
>
> # /sbin/ifconfig
> eth0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E
> inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0
> inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
> TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:174589 (170.4 KiB) TX bytes:418153 (408.3 KiB)
> Interrupt:19 Base address:0xd800
>
> eth0:0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E
> inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> Interrupt:19 Base address:0xd800
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
> TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:373719874 (356.4 MiB) TX bytes:373719874 (356.4 MiB)
>
> virbr0 Link encap:Ethernet HWaddr 22:3E:A6:BB:CD:51
> inet addr:192.168.122.1 Bcast:192.168.122.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:8391 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:1617830 (1.5 MiB)
>
> wlan0 Link encap:Ethernet HWaddr 00:34:56:00:03:43
> inet6 addr: fe80::234:56ff:fe00:343/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:4976669 errors:0 dropped:0 overruns:0 frame:0
> TX packets:4947232 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1062494718 (1013.2 MiB) TX bytes:500756007 (477.5 MiB)
>
> wlan0:0 Link encap:Ethernet HWaddr 00:34:56:00:03:43
> inet addr:192.168.1.108 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> On 192.168.1.60:
> # /sbin/ifconfig
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128
> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
> stf0: flags=0<> mtu 1280
> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> ether 00:11:24:7e:2d:c8
> media: autoselect (none) status: inactive
> supported media: none autoselect 10baseT/UTP <half-duplex>
> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,flow-control>
> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX
> <full-duplex> 100baseTX <full-duplex,flow-control> 100baseTX
> <full-duplex,hw-loopback> 1000baseT <full-duplex> 1000baseT
> <full-duplex,flow-control> 1000baseT <full-duplex,hw-loopback>
> fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
> lladdr 00:11:24:ff:fe:7e:2d:c8
> media: autoselect <full-duplex> status: inactive
> supported media: autoselect <full-duplex>
> en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 192.168.1.70 netmask 0xffffff00 broadcast 192.168.1.255
> ether 00:11:24:92:bc:e0
> media: autoselect status: active
> supported media: autoselect
>
> > If you don't mind, it might be easiest to copy your filewall
> > rules so we can see them. As root,
> > /sbin/iptables -L -v
>
> Sorry. I cannot expose my FW settings to a public list because
> they might contain weaknesses that someone could exploit.
>
> > If you are concerned with security and sharing your public IP address,
> > may I suggest changing the public IP address ranges to something else,
> > like xxx.xxx.xxx.0, yyy.yyy.yyy.0, etc, in the output.
>
> Actually, I have no public IP addresses in the rules.
>
> > Another question...if you have multiple ethernet devices,
> > which device is 192.168.1.60 connected to?
>
> en1 (this is a Powerbook g4 running OS X 10.5.8).
Both Fedora and the Powerbook can ping the default gateway,
192.168.254.1 ?
The Powerbook entries confuse me.
According to the Powerbook netstat -rn, I would expect an interface,
192.168.1.60/some mask
When I look at the Powerbook ifconfig, I see
en1: ... inet 192.168.1.70 netmask 0xffffff00 ...
I expected this entry to read inet 192.168.1.60 netmask 0xffffff00
Can I suggest, for a test, change the iptables filters to allow any
incoming packet from 192.168.1.0/24, and then, try to ping from
the Powerbook. Also, you might wish to check the ARP table on
Fedora to see what IP address/Mac address entries it knows about.
As root, try /sbin/arp -a
I am interested to know, after the attempted ping from the Powerbook,
what IP address/Mac entry is found, if any, in the Fedora.
More information about the users
mailing list