LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-11-2008, 04:17 AM   #1
efm
Member
 
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101

Rep: Reputation: 15
can ping, can't browse


hello everyone,
first of all, i have searched for all "can ping, can't browse" threads in the internet, but couldn't solve my problem.

ok, i have a ubuntu 7.04 "server" with firestarter in it. it acts as a gateway between the internet and the local lan.
all was ok, but suddenly (perhaps after i did update ubuntu) all lan clients can't connect to the internet. windows machines work just fine, only linux machines. but, they all can ping to the internet.

beside that, i have webserver on that "server". all linux clients can't browse to it.

please help me,
below is the iptables:

Code:
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  ns3.indosat.net.id   anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN 
ACCEPT     udp  --  ns3.indosat.net.id   anywhere            
ACCEPT     tcp  --  ns2.indosat.net.id   anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN 
ACCEPT     udp  --  ns2.indosat.net.id   anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            limit: avg 10/sec burst 5 
DROP       0    --  anywhere             255.255.255.255     
DROP       0    --  anywhere             219.83.79.255       
DROP       0    --  BASE-ADDRESS.MCAST.NET/8  anywhere            
DROP       0    --  anywhere             BASE-ADDRESS.MCAST.NET/8 
DROP       0    --  255.255.255.255      anywhere            
DROP       0    --  anywhere             0.0.0.0             
DROP       0    --  anywhere             anywhere            state INVALID 
LSI        0    -f  anywhere             anywhere            limit: avg 10/min burst 5 
INBOUND    0    --  anywhere             anywhere            
INBOUND    0    --  anywhere             192.168.1.4         
INBOUND    0    --  anywhere             sumiasih.co.id      
INBOUND    0    --  anywhere             192.168.1.255       
LOG_FILTER  0    --  anywhere             anywhere            
LOG        0    --  anywhere             anywhere            LOG level info prefix `Unknown Input' 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            limit: avg 10/sec burst 5 
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
ACCEPT     tcp  --  anywhere             192.168.1.2         tcp dpt:14653 
ACCEPT     udp  --  anywhere             192.168.1.2         udp dpt:14653 
ACCEPT     tcp  --  anywhere             192.168.1.113       tcp dpt:webmin 
ACCEPT     udp  --  anywhere             192.168.1.113       udp dpt:10000 
ACCEPT     tcp  --  anywhere             192.168.1.113       tcp dpt:4500 
ACCEPT     udp  --  anywhere             192.168.1.113       udp dpt:4500 
ACCEPT     tcp  --  anywhere             192.168.1.2         tcp dpt:23652 
ACCEPT     udp  --  anywhere             192.168.1.2         udp dpt:23652 
ACCEPT     tcp  --  anywhere             192.168.1.113       tcp dpt:isakmp 
ACCEPT     udp  --  anywhere             192.168.1.113       udp dpt:isakmp 
ACCEPT     tcp  --  anywhere             192.168.1.2         tcp dpt:14653 
ACCEPT     udp  --  anywhere             192.168.1.2         udp dpt:14653 
ACCEPT     tcp  --  anywhere             129.168.1.2         tcp dpt:14654 
ACCEPT     udp  --  anywhere             129.168.1.2         udp dpt:14654 
OUTBOUND   0    --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             192.168.1.0/24      state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             192.168.1.0/24      state RELATED,ESTABLISHED 
LOG_FILTER  0    --  anywhere             anywhere            
LOG        0    --  anywhere             anywhere            LOG level info prefix `Unknown Forward' 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  sumiasih.indosat.net.id  ns3.indosat.net.id  tcp dpt:domain 
ACCEPT     udp  --  sumiasih.co.id       ns3.indosat.net.id  udp dpt:domain 
ACCEPT     tcp  --  sumiasih.indosat.net.id  ns2.indosat.net.id  tcp dpt:domain 
ACCEPT     udp  --  sumiasih.co.id       ns2.indosat.net.id  udp dpt:domain 
ACCEPT     0    --  anywhere             anywhere            
DROP       0    --  BASE-ADDRESS.MCAST.NET/8  anywhere            
DROP       0    --  anywhere             BASE-ADDRESS.MCAST.NET/8 
DROP       0    --  255.255.255.255      anywhere            
DROP       0    --  anywhere             0.0.0.0             
DROP       0    --  anywhere             anywhere            state INVALID 
OUTBOUND   0    --  anywhere             anywhere            
OUTBOUND   0    --  anywhere             anywhere            
LOG_FILTER  0    --  anywhere             anywhere            
LOG        0    --  anywhere             anywhere            LOG level info prefix `Unknown Output' 

Chain INBOUND (4 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     0    --  192.168.1.0          anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:25 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3310 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3310 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:tproxy 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8081 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webmin 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:10000 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4500 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4500 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:isakmp 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:isakmp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:23652 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:23652 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:24533 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:24533 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:postgresql 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:postgresql 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:netbios-ns:netbios-ssn 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:netbios-ns:netbios-ssn 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:microsoft-ds 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:14653 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:14653 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:14654 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:14654 
LSI        0    --  anywhere             anywhere            

Chain LOG_FILTER (5 references)
target     prot opt source               destination         
REJECT     0    --  88.213.54.9          anywhere            reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:23048 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp dpt:23048 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:23641 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp dpt:23641 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:36144 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp dpt:36144 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:1031 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp dpt:1031 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:23715 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp dpt:23715 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:2036 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp dpt:2036 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:62330 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp dpt:62330 reject-with icmp-port-unreachable 

Chain LSI (2 references)
target     prot opt source               destination         
LOG_FILTER  0    --  anywhere             anywhere            
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
REJECT     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
REJECT     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/RST reject-with icmp-port-unreachable 
LOG        icmp --  anywhere             anywhere            icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' 
REJECT     icmp --  anywhere             anywhere            icmp echo-request reject-with icmp-port-unreachable 
LOG        0    --  anywhere             anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' 
REJECT     0    --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain LSO (0 references)
target     prot opt source               destination         
LOG_FILTER  0    --  anywhere             anywhere            
LOG        0    --  anywhere             anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' 
REJECT     0    --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain OUTBOUND (3 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     0    --  anywhere             anywhere
 
Old 01-11-2008, 04:51 AM   #2
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,189

Rep: Reputation: 49
why dont you disable the firewall for a minute and check if it works.
It will take alot of time to go through so many rules.
 
Old 01-14-2008, 10:35 PM   #3
efm
Member
 
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101

Original Poster
Rep: Reputation: 15
hello,

i've tried to turn off the firewall and turn it on again, but still doesn't work.

if i restart the server, all linux clients can connect to internet, but only once! after you type the second url, then it couldn't connect anymore.

i've tried to reinstall the firestarter, but the network is only good just for 15 minutes, then it fails again.

note: windows clients are ok...weird, isn't it?
 
Old 01-15-2008, 03:51 PM   #4
sshd.root
LQ Newbie
 
Registered: Jan 2008
Posts: 17

Rep: Reputation: 0
Ping working of 3 layer of OSI model. I think problem in MTU. Compare your Windows box MTU(use regedit) with Linux box

Last edited by sshd.root; 01-15-2008 at 03:52 PM.
 
Old 01-15-2008, 09:33 PM   #5
efm
Member
 
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101

Original Poster
Rep: Reputation: 15
hello,
thank you for your answer,
but i don't know about MTU, and how can i compare windows' and linux?
and if there's difference, how can i change linux's?

note:
i don't get it how the server can be like that, because before i updated
it, the internet connection sharing ran smoothly

thank you
 
Old 01-16-2008, 08:57 AM   #6
sshd.root
LQ Newbie
 
Registered: Jan 2008
Posts: 17

Rep: Reputation: 0
On windows box:
http://www.pctools.com/guides/registry/detail/280/
on linux box:
#ifconfig or $sudo ifconfig
if there's difference usege:
#ip link set mtu <size> dev <interface>
 
Old 01-16-2008, 09:00 AM   #7
crazyivan
Member
 
Registered: Mar 2007
Distribution: Debian, Ubuntu server
Posts: 40

Rep: Reputation: 15
Can you resolve an address?

Code:
nslookup www.linuxquestions.org
 
Old 01-16-2008, 01:42 PM   #8
framp
Member
 
Registered: Apr 2003
Location: Stuttgart, BW Germany
Distribution: SuSE 10.3-11.0, Knoppix, Ubuntu 8.10, Fedora 10
Posts: 119
Blog Entries: 5

Rep: Reputation: 15
Execute this script. It executes a lot of network configuration tests and includes also a MTU test. If problems are detected you'll get a link to a wiki page which contains instructions how to fix your problem. If you don't get the problem fixed the log output file should be posted here for further problem determination.

Last edited by framp; 01-16-2008 at 01:52 PM.
 
Old 01-16-2008, 01:48 PM   #9
jenny
LQ Newbie
 
Registered: Aug 2003
Posts: 12

Rep: Reputation: 0
Maybe something wrong with your DNS - Try putting the actually IP address of a website in your browser to see if it works.
Example: 72.14.205.99 instead of www.google.com
Jenny
 
Old 01-16-2008, 03:12 PM   #10
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
This seems to be comming up more and more frequently.

I suspect you may have an issue with IPv6.

If you are using Firefox, you can turn IPv6 off by browsing to about:config and filter on network.dns.disableipv6 and set it to true (the default is false)

Hope this helps.
 
Old 01-17-2008, 09:08 PM   #11
efm
Member
 
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101

Original Poster
Rep: Reputation: 15
hello everybody,

crazyivan,
nslookup www.linuxquestions.org returns value, so it's not a problem.

sshd.root,
the mtus between the broken linux machines and one linux machines that is still working, are the same.

framp,
thanks for the script, it's wonderful. But it doesn't solve the problem,
because the results between the broken linux machines and one working linux machine are similar.

jenny,
using ip address instead of name doesn't work, the firefox status bar keep stating Waiting for www.google.com...

Disillusionist,
i've changed the ipv6 to true on firefox, still unable to browse

guys, there is something here,
if i type localhost:631 at one broken machine, it shows the cups server
but if i type 192.168.1.251:631 (it's ip address), it doesn't browse
and it happens on all broken machines! so, what's wrong with this?

thanks
 
Old 01-17-2008, 09:18 PM   #12
efm
Member
 
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101

Original Poster
Rep: Reputation: 15
just for addition,

on ubuntu 7.04, if i type ip address or localhost, it can browse,
but on ubuntu 7.10, i can only browse by typing only the localhost, except if i add an <ip address hostname> entry on /etc/hosts

thanks
 
Old 01-17-2008, 09:37 PM   #13
rupertwh
Member
 
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 292

Rep: Reputation: 46
Hi,

maybe you have several machines set to the same ip address?
 
Old 01-17-2008, 10:04 PM   #14
efm
Member
 
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101

Original Poster
Rep: Reputation: 15
i'm typing this on a windows machine,

i just uninstalled firestarter and replaced it with shorewall,
i set up the route, and all linux clients as well as windows clients were able too browse,

but after like 5 minutes, all linux clients could no longer browse to
the internet, be it ubuntu 7.04, or 7.10, but windows machines are still
ok (like this one i'm using)

it's like buffer full or something (does it have such thing?) because
before 5 minutes, i could browse

note:
pings are ok, i can ping to internet

thank you
 
Old 01-18-2008, 02:38 AM   #15
efm
Member
 
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101

Original Poster
Rep: Reputation: 15
hi guys,
my problem is solved,
apparently, it's not dns issue, or anything to do with computer logic.
there is a switch that perhaps broken, that switch causes the local port on
the server to behave strangely (because it only accepts windows connection, not linux).
thank you for everyone's help! especially rupertwh for giving me the idea.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Ping but can browse CyberEd Linux - Networking 8 10-26-2007 04:05 AM
Able to connect, but cannot ping or browse maverick_awp Linux - Newbie 2 05-20-2007 04:21 PM
Can browse, Can't ping! cyent Linux - Networking 2 05-11-2004 06:41 PM
HELP!! can ping but cant browse fooforon Linux - Networking 5 09-03-2003 08:52 PM
Can ping but cannot browse placeb0 Linux - Networking 2 08-29-2003 06:16 AM


All times are GMT -5. The time now is 07:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration