Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK, so, basically, not so long ago I had a modem + LAN cable kind of internet setup, and my friends and colleagues had no problem connecting to my Apache, ircd, etc.
But a few months ago my ISP changed it's policy, and now I have a single cable, plugged directly into the 'eth0' port, which connects to WAN (static IP) and, through PPPoE, to the net (dynamic IP). (Sorry, my knowledge in networking is close to nonexistent)
So, now there is a problem. My friends CAN still connect to my FTP and httpd on Windows XP, through both the external, dynamic IP, as well as the static WAN IP, but my Slackware (WAN IP is set up with DHCP, PPPoE - through pppoe-setup, with firewall at '0') is refusing access. No sings of connection is shown in the /var/log/access_log.
Also, VoiceChatter server DOES log the connection attempt, but it refuses connection, sending a 'Auth challenge', and then cutting connection. (The 'challenge' bit was never there before the new net setup)
All connections are done through WAN static IP (though test with netwide dynamic IP yield the same results =\)
I run Slackware 13.1, didn't touch the firewall settings at all, and, as mentioned, pppoe firewall is set to '0' value.
In such situations I usually try tcpdump to see if the packets are arriving at the host or not.
To see packets for Apache you would use something like this:
tcpdump -i $interface -s0 -n port 80
In this case, $interface would be eth0 for your static IP and something like ppp0 for the dynamic IP (sorry I don't know Slackware's policies about this).
If you're not seeing any traffic then you know it's a networking problem. If you are seeing traffic then you know it is a problem on the host (for example a routing table issue).
Hi, you can install webmin http://www.webmin.com/ it's a central web administration. One module is the firewall rules. It's possible you'll need to change dynamics routes to your static new IP.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:f1:c0:55:87 brd ff:ff:ff:ff:ff:ff
inet 172.16.81.141/21 brd 172.16.87.255 scope global eth0
inet6 2002:5434:416:b:20c:f1ff:fec0:5587/64 scope global dynamic
valid_lft 2566022sec preferred_lft 578822sec
inet6 2002:5434:58b:b:20c:f1ff:fec0:5587/64 scope global dynamic
valid_lft 2393436sec preferred_lft 406236sec
inet6 2002:59eb:ec20:b:20c:f1ff:fec0:5587/64 scope global dynamic
valid_lft 2356491sec preferred_lft 369291sec
inet6 fe80::20c:f1ff:fec0:5587/64 scope link
valid_lft forever preferred_lft forever
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 84.52.45.103 peer 212.7.29.236/32 scope global ppp0
ip route show:
Code:
212.7.29.236 dev ppp0 proto kernel scope link src 84.52.45.103
172.16.80.0/21 dev eth0 proto kernel scope link src 172.16.81.141 metric 202
127.0.0.0/8 dev lo scope link
default dev ppp0 scope link
iptables-save:
Code:
# Generated by iptables-save v1.4.7 on Wed Mar 2 16:21:29 2011
*mangle
:PREROUTING ACCEPT [1304177:331424303]
:INPUT ACCEPT [1300795:331086533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1847649:1853836092]
:POSTROUTING ACCEPT [1847660:1853837284]
COMMIT
# Completed on Wed Mar 2 16:21:29 2011
# Generated by iptables-save v1.4.7 on Wed Mar 2 16:21:29 2011
*nat
:PREROUTING ACCEPT [34071:4699912]
:POSTROUTING ACCEPT [28847:1932281]
:OUTPUT ACCEPT [28847:1932281]
COMMIT
# Completed on Wed Mar 2 16:21:29 2011
# Generated by iptables-save v1.4.7 on Wed Mar 2 16:21:29 2011
*filter
:INPUT ACCEPT [1276637:329569453]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1835125:1839970638]
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A INPUT -i ppp+ -p icmp -m icmp --icmp-type 8 -j DROP
COMMIT
# Completed on Wed Mar 2 16:21:29 2011
1)default route looks strange, but this may be because of pppoe, please additionally show me output of windows' command
route print
2)rules
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j DROP
are preventing incoming traffic on ports 1-1023, including 20,21,80 (ftp and http)
in this configuration your friends will be able to connect to your Linux only if they are connected to the same local network with ip addresses from the same subnet.
To allow connect to 84.52.45.103 simply disable firewall.
OUTPUT ACCEPT is from your server to Internet, here yo can add tcp ports 80 (http) and 21 (ftp). Add inside INPUT ACCEPT one rule with ports 80 (http) and 21 (ftp) to allow incoming connections to your server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.