Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
|
01-11-2008, 04:17 AM
|
#1
|
|
Member
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101
Rep: 
|
can ping, can't browse
hello everyone,
first of all, i have searched for all "can ping, can't browse" threads in the internet, but couldn't solve my problem.
ok, i have a ubuntu 7.04 "server" with firestarter in it. it acts as a gateway between the internet and the local lan.
all was ok, but suddenly (perhaps after i did update ubuntu) all lan clients can't connect to the internet. windows machines work just fine, only linux machines. but, they all can ping to the internet.
beside that, i have webserver on that "server". all linux clients can't browse to it.
please help me,
below is the iptables:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ns3.indosat.net.id anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns3.indosat.net.id anywhere
ACCEPT tcp -- ns2.indosat.net.id anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns2.indosat.net.id anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP 0 -- anywhere 255.255.255.255
DROP 0 -- anywhere 219.83.79.255
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
LSI 0 -f anywhere anywhere limit: avg 10/min burst 5
INBOUND 0 -- anywhere anywhere
INBOUND 0 -- anywhere 192.168.1.4
INBOUND 0 -- anywhere sumiasih.co.id
INBOUND 0 -- anywhere 192.168.1.255
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:14653
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:14653
ACCEPT tcp -- anywhere 192.168.1.113 tcp dpt:webmin
ACCEPT udp -- anywhere 192.168.1.113 udp dpt:10000
ACCEPT tcp -- anywhere 192.168.1.113 tcp dpt:4500
ACCEPT udp -- anywhere 192.168.1.113 udp dpt:4500
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:23652
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:23652
ACCEPT tcp -- anywhere 192.168.1.113 tcp dpt:isakmp
ACCEPT udp -- anywhere 192.168.1.113 udp dpt:isakmp
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:14653
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:14653
ACCEPT tcp -- anywhere 129.168.1.2 tcp dpt:14654
ACCEPT udp -- anywhere 129.168.1.2 udp dpt:14654
OUTBOUND 0 -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.1.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.1.0/24 state RELATED,ESTABLISHED
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- sumiasih.indosat.net.id ns3.indosat.net.id tcp dpt:domain
ACCEPT udp -- sumiasih.co.id ns3.indosat.net.id udp dpt:domain
ACCEPT tcp -- sumiasih.indosat.net.id ns2.indosat.net.id tcp dpt:domain
ACCEPT udp -- sumiasih.co.id ns2.indosat.net.id udp dpt:domain
ACCEPT 0 -- anywhere anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
OUTBOUND 0 -- anywhere anywhere
OUTBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- 192.168.1.0 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT tcp -- anywhere anywhere tcp dpt:3310
ACCEPT udp -- anywhere anywhere udp dpt:3310
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy
ACCEPT udp -- anywhere anywhere udp dpt:8081
ACCEPT tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:10000
ACCEPT tcp -- anywhere anywhere tcp dpt:4500
ACCEPT udp -- anywhere anywhere udp dpt:4500
ACCEPT tcp -- anywhere anywhere tcp dpt:isakmp
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT tcp -- anywhere anywhere tcp dpt:23652
ACCEPT udp -- anywhere anywhere udp dpt:23652
ACCEPT tcp -- anywhere anywhere tcp dpt:24533
ACCEPT udp -- anywhere anywhere udp dpt:24533
ACCEPT tcp -- anywhere anywhere tcp dpt:postgresql
ACCEPT udp -- anywhere anywhere udp dpt:postgresql
ACCEPT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp dpt:14653
ACCEPT udp -- anywhere anywhere udp dpt:14653
ACCEPT tcp -- anywhere anywhere tcp dpt:14654
ACCEPT udp -- anywhere anywhere udp dpt:14654
LSI 0 -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
REJECT 0 -- 88.213.54.9 anywhere reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:23048 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:23048 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:23641 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:23641 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:36144 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:36144 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:1031 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:1031 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:23715 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:23715 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:2036 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:2036 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:62330 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:62330 reject-with icmp-port-unreachable
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST reject-with icmp-port-unreachable
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
|
|
|
|
|
01-11-2008, 04:51 AM
|
#2
|
|
Senior Member
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,189
Rep:
|
why dont you disable the firewall for a minute and check if it works.
It will take alot of time to go through so many rules.
|
|
|
|
|
01-14-2008, 10:35 PM
|
#3
|
|
Member
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101
Original Poster
Rep:
|
hello,
i've tried to turn off the firewall and turn it on again, but still doesn't work.
if i restart the server, all linux clients can connect to internet, but only once! after you type the second url, then it couldn't connect anymore.
i've tried to reinstall the firestarter, but the network is only good just for 15 minutes, then it fails again.
note: windows clients are ok...weird, isn't it?
|
|
|
|
|
01-15-2008, 03:51 PM
|
#4
|
|
LQ Newbie
Registered: Jan 2008
Posts: 17
Rep: 
|
Ping working of 3 layer of OSI model. I think problem in MTU. Compare your Windows box MTU(use regedit) with Linux box
Last edited by sshd.root; 01-15-2008 at 03:52 PM.
|
|
|
|
|
01-15-2008, 09:33 PM
|
#5
|
|
Member
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101
Original Poster
Rep:
|
hello,
thank you for your answer,
but i don't know about MTU, and how can i compare windows' and linux?
and if there's difference, how can i change linux's?
note:
i don't get it how the server can be like that, because before i updated
it, the internet connection sharing ran smoothly
thank you
|
|
|
|
|
01-16-2008, 09:00 AM
|
#7
|
|
Member
Registered: Mar 2007
Distribution: Debian, Ubuntu server
Posts: 40
Rep:
|
Can you resolve an address?
Code:
nslookup www.linuxquestions.org
|
|
|
|
|
01-16-2008, 01:42 PM
|
#8
|
|
Member
Registered: Apr 2003
Location: Stuttgart, BW Germany
Distribution: SuSE 10.3-11.0, Knoppix, Ubuntu 8.10, Fedora 10
Posts: 119
Rep:
|
Execute this script. It executes a lot of network configuration tests and includes also a MTU test. If problems are detected you'll get a link to a wiki page which contains instructions how to fix your problem. If you don't get the problem fixed the log output file should be posted here for further problem determination.
Last edited by framp; 01-16-2008 at 01:52 PM.
|
|
|
|
|
01-16-2008, 01:48 PM
|
#9
|
|
LQ Newbie
Registered: Aug 2003
Posts: 12
Rep:
|
Maybe something wrong with your DNS - Try putting the actually IP address of a website in your browser to see if it works.
Example: 72.14.205.99 instead of www.google.com
Jenny |
|
|
|
|
01-16-2008, 03:12 PM
|
#10
|
|
Senior Member
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,007
Rep:
|
This seems to be comming up more and more frequently.
I suspect you may have an issue with IPv6.
If you are using Firefox, you can turn IPv6 off by browsing to about:config and filter on network.dns.disableipv6 and set it to true (the default is false)
Hope this helps.
|
|
|
|
|
01-17-2008, 09:08 PM
|
#11
|
|
Member
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101
Original Poster
Rep:
|
hello everybody,
crazyivan,
nslookup www.linuxquestions.org returns value, so it's not a problem.
sshd.root,
the mtus between the broken linux machines and one linux machines that is still working, are the same.
framp,
thanks for the script, it's wonderful. But it doesn't solve the problem,
because the results between the broken linux machines and one working linux machine are similar.
jenny,
using ip address instead of name doesn't work, the firefox status bar keep stating Waiting for www.google.com...
Disillusionist,
i've changed the ipv6 to true on firefox, still unable to browse
guys, there is something here,
if i type localhost:631 at one broken machine, it shows the cups server
but if i type 192.168.1.251:631 (it's ip address), it doesn't browse
and it happens on all broken machines! so, what's wrong with this?
thanks |
|
|
|
|
01-17-2008, 09:18 PM
|
#12
|
|
Member
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101
Original Poster
Rep:
|
just for addition,
on ubuntu 7.04, if i type ip address or localhost, it can browse,
but on ubuntu 7.10, i can only browse by typing only the localhost, except if i add an <ip address hostname> entry on /etc/hosts
thanks
|
|
|
|
|
01-17-2008, 09:37 PM
|
#13
|
|
Member
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 292
Rep:
|
Hi,
maybe you have several machines set to the same ip address?
|
|
|
|
|
01-17-2008, 10:04 PM
|
#14
|
|
Member
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101
Original Poster
Rep:
|
i'm typing this on a windows machine,
i just uninstalled firestarter and replaced it with shorewall,
i set up the route, and all linux clients as well as windows clients were able too browse,
but after like 5 minutes, all linux clients could no longer browse to
the internet, be it ubuntu 7.04, or 7.10, but windows machines are still
ok (like this one i'm using)
it's like buffer full or something (does it have such thing?) because
before 5 minutes, i could browse
note:
pings are ok, i can ping to internet
thank you
|
|
|
|
|
01-18-2008, 02:38 AM
|
#15
|
|
Member
Registered: Apr 2005
Location: indonesia
Distribution: suse 10
Posts: 101
Original Poster
Rep:
|
hi guys,
my problem is solved,
apparently, it's not dns issue, or anything to do with computer logic.
there is a switch that perhaps broken, that switch causes the local port on
the server to behave strangely (because it only accepts windows connection, not linux).
thank you for everyone's help! especially rupertwh for giving me the idea.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 04:52 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
