tweekzilla |
12-10-2007 02:26 PM |
Connection to internal network from server - no ping no ssh
Hi everyone
I have a really irritating error which I'm sure is a simple iptables setting. I have a server with two interface cards - one for the outside world (eth0) and one for an internal network (eth1).
The internal network computers all see the network fine (via masquerading) and can ping the server address 192.168.1.1. What I need to do is to ping 192.168.1.1 from the server. However, I get the following:
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
Flushing the iptables to allow everthing and I am able to ping myself on 192.168.1.1 so I'm assuming it's an iptables error: Please find below my iptables:
Code:
Chain INPUT (policy DROP 9460 packets, 1865K bytes)
pkts bytes target prot opt in out source destination
4 336 ACCEPT all -- lo any localhost anywhere
12 1008 ACCEPT all -- lo any quiet.phys.columbia.edu anywhere
47590 63M ACCEPT all -- any any anywhere quiet.phys.columbia.edu state RELATED,ESTABLISHED
11 552 tcp_packets tcp -- eth0 any anywhere anywhere
9624 1921K udp_packets udp -- eth0 any anywhere anywhere
5 344 icmp_packets icmp -- any any anywhere anywhere
237 50653 ACCEPT all -- eth1 any anywhere anywhere
35 980 DROP all -- eth0 any anywhere BASE-ADDRESS.MCAST.NET/8
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth1 any anywhere 192.168.1.0/24
56 6070 ACCEPT all -- eth1 any 192.168.1.0/24 anywhere
51 39376 ACCEPT all -- eth0 any anywhere 192.168.1.0/24
Chain OUTPUT (policy DROP 73 packets, 6036 bytes)
pkts bytes target prot opt in out source destination
26229 1968K bad_tcp_packets tcp -- any any anywhere anywhere
4 336 ACCEPT all -- any any localhost anywhere
26874 2023K ACCEPT all -- any any quiet.phys.columbia.edu anywhere
306 34024 ACCEPT all -- any eth1 anywhere anywhere
Chain allowed (2 references)
pkts bytes target prot opt in out source destination
2 120 ACCEPT tcp -- any any anywhere anywhere tcp flags:SYN,RST,ACK/SYN
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP tcp -- any any anywhere anywhere
Chain bad_tcp_packets (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere state NEW tcp flags:SYN,ACK/SYN,ACK reject-with tcp-reset
0 0 DROP tcp -- any any anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
Chain icmp_packets (1 references)
pkts bytes target prot opt in out source destination
3 232 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
Chain tcp_packets (1 references)
pkts bytes target prot opt in out source destination
2 120 allowed tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 allowed tcp -- any any 128.59.168.0/22 anywhere tcp dpt:ipp
With my nat table like:
Code:
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain udp_packets (1 references)
pkts bytes target prot opt in out source destination
173 55936 DROP udp -- eth0 any anywhere 255.255.255.255 udp dpts:bootps:bootpc
|