Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My troblem is, that I can't ping my router under its i-net ip from my windows box, however under its lan-ip. The router can ping itself under its lan & i-net ip.
I use a PIII with 2 Network cards an Suse 8.1 as router, I can connect to every ip on the internet, except my i-net ip.
I'm using a DHCP server to set up the lan so far, and I have "dnsmasq" running as my dns, because it was too complicated for me to configure bind 9 as an dns.
Do I need to configure my bind 9 ? and if so, how do I do it ? (I want some easy to understand manuals !)
Well, can't tell you directly, all I know is, that I'm using the built-in firewall by Suse, however I can tell you that I following ports opened:
80
53
21
27000:27050 (For Half-Life)
28000:29000 (For Quake)
Well, yes, I got ip-forwarding with masquerading enabled and I allow the traceroute.
There are still a lot of other options I can activate/deactive, most of them I already tried, but haven't found the right configuration so far, do you think it has to do with the firewall, since everybody else can reach the router from the internet ?
When you ping your router from Internet, the ping comes from your Internet interface. When you ping from your machine in local network it comes from another interface. Firewalling scripts use interface names to block/allow certain connection. It may be, that your firewall allows pings etc from external interface, but blocks them if they come from the local one.
To make sure, please post the result of
iptables -L
O geez, that quite something there, but I hope it'll help you, I'm still trying to figure, how to set this interfaces, because it sounds plausible to me.
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- www-proxy.BO1.srv.t-online.de anywhere state NEW,
RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:echo
DROP udp -- anywhere anywhere udp dpt:fsp
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:http
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:1027
DROP udp -- anywhere anywhere udp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:x11
DROP udp -- anywhere anywhere udp dpt:http-alt
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:1024:65535
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,AC
K/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp source-quench L
OG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp redirect LOG le
vel warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp echo-request LO
G level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp timestamp-reque
st LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp address-mask-re
quest LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG udp -- anywhere anywhere LOG level warning tc
p-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG all -- anywhere anywhere state INVALID LOG le
vel warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP all -- anywhere anywhere
It looks like it may be whet I suspect. Unfortunately iptables -l doesn't print the whole commands. Could you find the script? It may be: /etc/rc.d/rc.firewall, /etc/rc.d/init.d/firewall.
Well, for /etc/rc.d I just get a link to /etc/init.d/
However in there, I find 3 different Firewall scripts (!?!).
SuSEfirewall2_init
SuSEfirewall2_setup
SuSEfirewall2_final
If I open those, it points to another script (SuSEfirewall2, obviously) located in /sbin. The three files above just look like some start handlers, because they have some sort of start|restart|stop options in it, but I don't understand the file in /sbin anymore ...
I still tried all those commands, but it doesn't work.
I don't understand a lot of the thread, or the mentioned tutorial. All I understand is that iptables helps you to control all sorts of connections, going in, out and through your computer.
Shouldn't it be some simple iptables command that would do it?
Well, I was hoping, since I have just a "small" problem, and most of my firewall is already working, it could be fixed. Oh well, I guess I gotta go through it, and trying to figure out how it works ...
I can't really tell you why, but it works, and of course, is insecure ...
Since I got two ethernet cards in my router, I used one card for the LAN connection, the other one to make an I-Net connection pppoe. Now, I read somewhere, it would be more secure, to put this second card into another net, so instead of 192.168.0, I used 192.168.2. Because I want to go onto a lan-party today, I changed the ip of the second ethernet card to 192.168.0.3, so I could run 2 game servers on the same machine on different cards for a lower ping. I just tested, if I would still get into the internet with this setup, and yes, it worked, so I tried to ping the router under its i-net ip, and that worked, too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.