I came across a really weird problem. I have 2 computers, one running linux and the other win xp. I'm trying to get the linux act as router/firewall/nat so that I could acces Internet from the xp. I have two network cards in the linux box and dhcpd running so that the xp gets the right information every time it boots. The xp gets the information with dhcp and loads up nicely, but then the weird thing starts. I cannot ping the linux machine, it works the other way around, the linux machine can ping the xp. And when I watch the network activity with Ethereal it just says that the xp is broadcasting ARP (Who has 192.168.100.1 Tell 192.168.100.2).

Does anyone have an idea how to get the network working? I think the cable is ok because the dhcp and ping works. I have never come across this kind of a problem before, so I don't know if this is the right forum. But anyway any help is appreciated.

Does it work with a fixed IP?

Does XP pickup the right gateway? Does the routing table look OK?

Is the RedHat machine on a fixed IP? I take it they are not using the same IP?

No I doesn't work with fixed ip either. Hmm what's a routing table? And how do I check it in XP? All the other settings are correct in xp (dsn, gateway).

The Redhat machine has two network cards eth0 is the connection to the Internet and the eth1 is the internal network. eth0 gets its ip with dhcp from the ISP and eth1 has a fixed ip (192.168.100.1) dhcpd assings 192.168.100.2 to the xp, so they are not the same.

On the linux box you can view your routing table by typing:
"route"

and on XP by typing:
"route print"

On XP it should show that the default route uses 192.168.100.1 and for 192 addresses it should use it's self.

One other question - are the netmasks the same?

One reason that redhat can see XP is that it will have the XP machine's IP in it's arp table "arp -a" on both machines. This is a translation of known MAC addresses into IP addresses.

Have you got any firewall rules on the RH box? "iptables -L"

You may also want to check the values given by
more /proc/sys/net/ipv4/icmp_echo_ignore_all
more /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

The values should be 0 not 1
type:
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

to allow pinging of the RH box

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 eth1
XXX.X0.90.0 * 255.255.254.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default UNKNOWN.XX.XX.XX 0.0.0.0 UG 0 0 0 eth0

I cannot paste the xp's routing table for obvious reasons. Netmask for 192.168.100.0 is 255.255.255.0 on both machines. ARP tables show only MAC addresses for cards that are connected ie. the linux box show two and the xp shows one.

iptables -L shows this:

Chain INPUT (policy DROP)
target prot opt source destination
tcpflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
tcpflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
tcpflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
tcpflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
tcpflags tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
tcpflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
firewalled icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.100.1
ACCEPT all -- anywhere 192.168.100.1
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
silent udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
firewalled all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain firewalled (2 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix `Firewalled:'
DROP all -- anywhere anywhere

Chain internal (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix `Internal:'
DROP all -- anywhere anywhere

Chain silent (1 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain tcpflags (6 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix `TCPflags:'
DROP all -- anywhere anywhere

This is actually a script that I got from these forums, I haven't fine tuned this at all. So it may look a little bit horrible.

I' not sure why you can't paste the XP routing table unless you don't have it on a seperate connection and your machines don't have floppies, but never mind.

I'm not too hot on iptables but I think that "firewalled icmp -- anywhere anywhere" may be stopping pings.

For testing purposes it may be aswell to disable your firewall and try the ping again.

Well I did something last night and now the linux box doesn't find the xp anymore (hooray for me!). Now I'm really lost, I think the cable is fine because the dhcp works. The nic's can broadcast to the net but cannot connect directly to eachother. What the hell is going on?