I am currently running Mandrake 9.1 and a WinXP box on a Linksys 4 port hub which is connected to a linksys router. My problem is this, my linux box can ping my network addys and can ping outside addresses. However when i try to ping my linux box from my windows box i get 'request timed out'. I'm not sure as to why this might be. I use static IP's for my LAN. If anyone has any thoughts on this please post back! And thanks in advance =)

Can you ping outside addresses from windows?
Are you running a firewall in the linux box or in the XP box?
Are you using the same subnet mask for the two machines?

Answer these questions. They might help me and/or you.

Yes i can ping outside addresses as well as the machines on my LAN. All my machines are on 255.255.255.0 subnet with no firewalls on either machine.

I'm out of ideas.

Perhaps the problem is in the router's configuration...
Can't help you there if that's the case. Sorry.

if your sure the no firewall is in there, if the output of

cat /proc/sys/net/ipv4/icmp_echo_ignore_all

is 1

try

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

then try pinging again

Per Looking's suggestion i tried that and got an output of 0. Not sure on what this means, any clarification would be helpful! Thanks in advance

It means that's not the problem


So you've got a computer connected to a hub then connected to the switched ports of your router, seems like overkill using a hub too but that's your choice and shouldn't affect this.

as root whats the output of

iptables --list

This is the output of iptables --list, just a side note that i no longer have eth1 as that was an additional NIC that i took out.

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_in all -- anywhere anywhere
eth1_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
eth1_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
fw2net all -- anywhere anywhere
all2all all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere

Chain all2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere

Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
DROP tcp -- anywhere anywhere state INVALID
REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:microsoft-ds reject-with icmp-port-unreachable
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP all -- anywhere 192.168.1.255

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere

Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
loc2net all -- anywhere anywhere

Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
all2all all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain icmpdef (1 references)
target prot opt source destination

Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere

Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2allROP:'
DROP all -- anywhere anywhere

Chain newnotsyn (4 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain reject (6 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain shorewall (0 references)
target prot opt source destination

That's quite a set of firewall rules for someone that doesn't have a firewall running

You're behind your router right now which is presumably providing firewall protection, and you ain't sharing a connection through this computer or anything so turn off shorewall or use it to clear out all these rules, should help here. Shorewalls a distro is it not? But either way flush the rules and see what happens.

Hmm..well i do know that my linux box will not allow any connections to any of the servers that mandrake provides. Perhaps there was a bit of miscommunication there, but back to shorewall..is there a frontend for it? or a config file somewhere that i can edit? Thanks!

Ahh, i figured it out.. Thanks for all your help

I'm a wee bit confused now myself, these are the rules on the mandrake machine, the only linux machine?

if it is as root to get rid of them for the moment do

iptables --flush

hopefully you can ping now

what was up?