eth0 seems to stop when I connect to the Internet

kyutums · 06-19-2003, 03:26 AM

My pc, running RH 9, serves as a gateway for another computer (running
XP pro). I tried experimenting with kmyfirewall before. I think the
error started then. Now, whenever I connect to the Internet via dial-up,
the network can't see me anymore nor can I see them.

I saw these errors which lead me to the suspicion that it's the LAN card
that's having problems:

Jun 19 11:54:57 kyutums kernel: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:02:44:16:9b:25:08:00 SRC=192.168.0.3
DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=12530 PROTO=UDP
SPT=137 DPT=137 LEN=58
Jun 19 11:54:58 kyutums kernel: IN=eth0 OUT=
MAC=00:0c:6e:03:86:3a:00:02:44:16:9b:25:08:00 SRC=192.168.0.3
DST=192.168.0.2 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=12531 PROTO=UDP
SPT=137 DPT=137 LEN=58
Jun 19 11:55:00 kyutums kernel: IN=eth0 OUT=
MAC=00:0c:6e:03:86:3a:00:02:44:16:9b:25:08:00 SRC=192.168.0.3
DST=192.168.0.2 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=12532 PROTO=UDP
SPT=137 DPT=137 LEN=58

I got a bunch of these. The all started after I connect to the net via
modem:

Jun 19 11:45:55 kyutums pppd[4208]: pppd 2.4.1 started by root, uid 0
Jun 19 11:45:56 kyutums wvdial[4226]: WvDial: Internet dialer version 1.53
<snip>
Jun 19 11:46:41 kyutums pppd[4208]: Serial connection established.
Jun 19 11:46:41 kyutums pppd[4208]: Using interface ppp0
Jun 19 11:46:41 kyutums pppd[4208]: Connect: ppp0 <--> /dev/modem
Jun 19 11:46:41 kyutums /etc/hotplug/net.agent: assuming ppp0 is already up
Jun 19 11:46:43 kyutums modprobe: modprobe: Can't locate module
ppp-compress-21
Jun 19 11:46:43 kyutums kernel: PPP Deflate Compression module registered
Jun 19 11:46:43 kyutums modprobe: modprobe: Can't locate module
ppp-compress-21
Jun 19 11:46:43 kyutums pppd[4208]: local IP address 202.175.225.140
Jun 19 11:46:43 kyutums pppd[4208]: remote IP address 207.124.90.129
Jun 19 11:46:43 kyutums pppd[4208]: primary DNS address 203.167.102.1
Jun 19 11:46:43 kyutums pppd[4208]: secondary DNS address 203.167.102.2
Jun 19 11:46:44 kyutums su(pam_unix)[4278]: session opened for user root
by (uid=0)
Jun 19 11:46:44 kyutums su(pam_unix)[4278]: session closed for user root
Jun 19 11:47:04 kyutums kernel: IN=eth0 OUT=
MAC=00:0c:6e:03:86:3a:00:0c:6e:27:77:78:08:00 SRC=192.168.0.1
DST=192.168.0.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=10782 DF PROTO=TCP
SPT=3150 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0
Jun 19 11:47:07 kyutums kernel: IN=eth0 OUT=
MAC=00:0c:6e:03:86:3a:00:0c:6e:27:77:78:08:00 SRC=192.168.0.1
DST=192.168.0.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=10784 DF PROTO=TCP
SPT=3150 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0

Does this mean that it's a kernel problem?

- Andoy

jharris · 06-19-2003, 03:31 AM

Sounds to me like you are firewalling up eth0 in an odd fashion. Post the output of

Code:

iptables -L -v

And list the details of your network (IP addresses etc). Its gotta be somethign silly.

cheers

Jamie...

kyutums · 06-19-2003, 03:40 AM

I have no idea how these came about.

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 UNCLEAN all -- ppp0 any anywhere anywhere unclean
0 0 ACCEPT tcp -- any any dns1.eastern-tele.com anywhere tcp flags:!SYN,RST,ACK/SYN
60 10086 ACCEPT udp -- any any dns1.eastern-tele.com anywhere
0 0 ACCEPT tcp -- any any dns2.eastern-tele.com anywhere tcp flags:!SYN,RST,ACK/SYN
0 0 ACCEPT udp -- any any dns2.eastern-tele.com anywhere
172 9538 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp echo-request limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp echo-reply limit: avg 1/sec burst 5
0 0 ACCEPT udp -- any any anywhere 202.175.228.18 udp dpt:traceroute
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp host-unreachable
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp timestamp-request
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp address-mask-request
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp address-mask-reply
0 0 LD icmp -- any any anywhere 202.175.228.18 icmp redirect
0 0 ACCEPT icmp -- any any anywhere 202.175.228.18 icmp source-quench limit: avg 2/sec burst 5
0 0 LD all -- ppp0 any 0.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 1.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 2.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 5.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 7.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 10.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 23.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 27.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 31.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 36.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 37.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 39.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 41.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 42.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 49.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 50.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 58.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 59.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 70.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 71.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 72.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 73.0.0.0/8 202.175.228.18
0 0 LD all -- ppp0 any 74.0.0.0/8 202.175.228.18

BTW, I placed these at the end of /etc/rc.local to share my internet connection to a XP Pro box:

modprobe iptable_nat
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACC$iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p tcp --dport 137 -j ACCEPT
iptables -A INPUT -p tcp --dport 138 -j ACCEPT
iptables -A INPUT -p tcp --dport 139 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

jharris · 06-19-2003, 04:52 AM

Well that looks like a pretty crazy set of rules. What distro are you using? Unless you are feeling a little paranoid you shouldn't need to worry about too much firewalling on dialup as your lack of bandwidth/changing IP makes you a less appealing target.

cheers

Jamie...

kyutums · 06-19-2003, 05:38 AM

RedHat 9. I don't know much about firewalls so I just copied the rules on the web.

Actually, I don't really need a firewall. I just need NAT.