can see other machines, but other machines can't see me with TPC/IP

egomez · 04-24-2006, 06:19 PM

Hi, I just installed Red Hat Enterprise Linux 4 AS 2.2 kernel on two machines, after that I set them with fixed IPs using netconf, after that, they can ping and browse to any machine and the internet, but other machines cannot see them including themselves, that is a ping to themselves fails.

Please advice, thanks, Edgar

jschiwal · 04-24-2006, 07:28 PM

You could enter the names of your hosts in the /etc/hosts file.

egomez · 04-24-2006, 08:18 PM

Thanks for your recommendation of modifying the hosts file, but that didn't worked, same error

jschiwal · 04-25-2006, 12:22 AM

Can you ping these machines by the IP addresses?

Perhaps you should post the specifics. Such as the network address, the netmasks and the ip numbers of these two two hosts.

You might want to refer to the Linux Network Administrators Guide:
http://www.tldp.org/LDP/nag2/nag2.pdf

egomez · 04-25-2006, 08:38 AM

Thanks for your help, no if I Ping to these machines by their IP addresses (or hostnames)it won't work. The machines are inside the corporate firewal, their IPs are 10.157.212.162 and 163, subnet mask is 255.255.252.0, gateway is 10.157.212.1 and DNS10.157.212.20. I guess they are abel to use this values correctly because they can see everithing on the newtork.
Could it be something about they not broadcasting their IPs to the network (if there is such a thing)?

Greetings, Edgar

jschiwal · 04-25-2006, 03:32 PM

Things it is not:

nameserver issue
Duplicate IP address chosen
bad ethernet cable
kernel module driver for nic card

Since they can reach the internet, and access other hosts on the LAN, my guess is that the firewall setup on these two hosts are block incoming pings.

If it was just pinging by hostnames, it could be a nameserver issue. Also, since these hosts can access other hosts and the internet, the NIC cards are probably configured correctly.

If the firewall is blocking pings, it may be logging this somewhere. Check /var/log/messages although another log may be used. Some hosts will also send the netfilter messages to vt12 or vt11 ( [CTRL-ALT-F12] ).

egomez · 04-27-2006, 09:58 AM

thanks for keep helping me, all I could find in /var/log/messages relate was this
Apr 27 07:38:42 mxcons2 dhclient: DHCPREQUEST on eth0 to 192.135.82.12 port 67
Apr 27 07:38:42 mxcons2 dhclient: DHCPACK from 192.135.82.12
Apr 27 07:38:42 mxcons2 dhclient: bound to 10.157.215.225 -- renewal in 9805 seconds.

there is nothing in vt12 or vt11
One more piece of information if I ping, by it's name (the ip address is 10.157.212.162), to the other linux box I installed I get a transaltion like this
# ping mxcons1
PING mxcons1.mx.oracle.com (10.157.212.162) 56(84) bytes of data.
From dhcp-lad-dns-mexico-10-157-215-225.mx.oracle.com (10.157.215.225) icmp_seq=1 Destination Host Unreachable
From dhcp-lad-dns-mexico-10-157-215-225.mx.oracle.com (10.157.215.225) icmp_seq=2 Destination Host Unreachable
From dhcp-lad-dns-mexico-10-157-215-225.mx.oracle.com (10.157.215.225) icmp_seq=3 Destination Host Unreachable

--- mxcons1.mx.oracle.com ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5000ms
, pipe 4

But if I ping to a Sun machine allready installed and working, I don't see the same transaltion
[root@mxcons2 log]# ping mxsun7
PING mxsun7.mx.oracle.com (10.157.212.125) 56(84) bytes of data.
64 bytes from mxsun7.mx.oracle.com (10.157.212.125): icmp_seq=0 ttl=255 time=4.11 ms
64 bytes from mxsun7.mx.oracle.com (10.157.212.125): icmp_seq=1 ttl=255 time=0.223 ms
64 bytes from mxsun7.mx.oracle.com (10.157.212.125): icmp_seq=2 ttl=255 time=0.220 ms
64 bytes from mxsun7.mx.oracle.com (10.157.212.125): icmp_seq=3 ttl=255 time=0.225 ms

--- mxsun7.mx.oracle.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.220/1.196/4.119/1.687 ms, pipe 2
[root@mxcons2 log]#

I assumed that just by assigning fixed IP's to these PCs it would stop using DHCP (at least I guess that's the way it works on windows) , even though as you mentioned this could be a security thing.

I accessed the system setings -> Security level, and it says the Firewal is disabled, and the SELinux (whatever that is) is Enabled

Any Ideas?

egomez · 04-27-2006, 11:59 AM

It's working now, what I did was on the System setings -> Security level configuration, on the TAB SElinux, I unchecked the Enabled(Modification Requires reboot) and the Enforcing Current:Enforcing check boxes, and rebooted.
Now I'm going to have to read and test wich ones to enable latter.
Thanks for your help and directions, greetings, Edgar

jschiwal · 04-28-2006, 01:08 AM

Here is a link to an article on SELinux that may be helpful. The author covers an example where nmap doesn't function properly because the program isn't allowed to read a configuration file. The page also contains a link to Chapter 4 of O'Reily's "SELinux" book.
http://www.oreilly.com/catalog/selinux/index.html
http://www.linuxdevcenter.com/pub/a/...x_1/index.html