How come I can ping between machines, but not get internet?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
How come I can ping between machines, but not get internet?
I have a Debian machine connected by static IP to the internet via PPPOE. I also have a second machine (running Mac OSX) which is networked to it. I can ping between machines both ways, and even log on via SSH in both direction. Internet browsing works fine on the debian box, but nada on the Mac. I have set up my DNS servers for my ISP on the Mac, and I have enabled IP forwarding and masquerading on the Debian machine (I think!). Turning off the firewall script (briefly) has no effect. Any suggestions?
Can you post your firewall script? Namely, make sure that you "echo 1 > /proc/sys/net/ipv4/ip_forward", "/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE" (change the source IPs as needed) and ALLOW somewhere on the FORWARD chain?
The firewall script follows - thanks for any help!
echo -e "\n\nSETTING UP IPTABLES FIREWALL..."
# Enter the designation for the Internal Interface's
# Enter the NETWORK address the Internal Interface is on
# Enter the IP address of the Internal Interface
# Enter the external interface's designation for the
# EXTIF variable:
echo " Enabling IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " External interface: $EXTIF"
echo " External interface IP address is: $EXTIP"
echo " Loading firewall server rules..."
# Clear any existing rules and setting default policy to DROP
iptables -P INPUT DROP
iptables -F INPUT
iptables -P OUTPUT DROP
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -F -t nat
# Flush the user chain.. if it exists
if [ "`iptables -L | grep drop-and-log-it`" ]; then
iptables -F drop-and-log-it
# Delete all User-specified chains
# Reset all IPTABLES counters
# Creating a DROP chain
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-level info
iptables -A drop-and-log-it -j REJECT
echo -e " - Loading INPUT rulesets"
# loopback interfaces are valid.
iptables -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
# local interface, local machines, going anywhere is valid
iptables -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT
# remote interface, claiming to be local machines, IP spoofing, get lost
iptables -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
# remote interface, any source, going to permanent PPP address is valid
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT
# Allow any related traffic coming back to the MASQ server in
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT
# Catch all rule, all other incoming is denied and logged.
iptables -A INPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
echo -e " - Loading OUTPUT rulesets"
# loopback interface is valid.
iptables -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
# local interfaces, any source going to local net is valid
iptables -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT
# local interface, any source going to local net is valid
iptables -A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT
# outgoing to local net on remote interface, stuffed routing, deny
iptables -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j drop-and-log-it
# anything else outgoing on remote interface is valid
iptables -A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPT
# Catch all rule, all other outgoing is denied and logged.
iptables -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
echo -e " - Loading FORWARD rulesets"
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -jACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# Catch all rule, all other forwarding is denied and logged.
iptables -A FORWARD -j drop-and-log-it
# Enable SNAT (MASQUERADE) functionality on $EXTIF
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
echo -e " Firewall server rule loading complete\n\n"
As an FYI, INTIP should just be 192.168.0.1. The /24 specifies a network. It's identical to the line for INTNET. Also, does your external IP never change? There should also be a space before ACCEPT in -jACCEPT. I'm not sure if that matters, but I've seen iptables be real picky about syntax before.
Making those changes doesn't seem to help.
Yes - I definitely have a fixed IP
It seems very strange - I can ping the Yahoo server, but not open the page! I don't think this is a Mac problem though. Just in case it makes a difference, the Mac is set with IP = 192.168.0.100, subnet 255.255.255.0, router 192.168.0.1 and my ISP's DNS numbers.
I'm not sure where any errors would be logged.