Cannot communicate outside my network
I have a strange problem. Hopefully someone can help!!!
I am running Slackware 2.4.19. I am using IP Masquerading, and IP Masquerading works great from any machine in my network. Can SSH to my Linux box from inside OR outside my network with no problem (although for some reason it connects rather slow - It takes about 20-30 seconds after putting in my password to get to a prompt - but thats a whole other story). The only thing that is WEIRD is that I cannot connect to the internet DIRECTLY from my Linux machine (the IP masquerading machine). I can ping all of my internal network, but I cannot ping any IP addresses outside my network. I also cannot seem to FTP outside my network from there, OR even go to any websites using LYNX. The crazy thing is that all of my computers connected to this run perfect inside and outside the network, and also I can SSH to my Linux box.... All in all HEEEEEEEEELLLLLLLLLLPPPPPPPPPPPPPPPPP!!!!!!!!!!!!!! Thanks in advance! |
Please send your route result and your firewalling (masquerading) script.
|
HERE IT IS!
Here it is, but BE ADVISED, I tried flushing all IPTABLES, and having no rules, and it still did not seem to work. My internal IP address is 192.168.0.1 (Linux Machine)
#!/bin/sh /sbin/depmod -aq intdev="eth0" intnet="192.168.0.0/23" intip="192.168.0.1" extdev="eth1" extip=`ifconfig eth1 | grep 'inet addr' | cut -d":" -f2 | cut -d" " -f1` modprobe ip_tables modprobe iptable_nat modprobe ipt_LOG modprobe ip_conntrack iptables -v -F iptables -v -t nat -F iptables -v -X iptables -v -t nat -X iptables -v -Z iptables -v -t nat -Z # Enable IP forwarding. # echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s $intnet -o $extdev -j MASQUERADE iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -A FORWARD -i $intdev -s $intnet -o $extdev -d \! $intnet -j ACCEPT iptables -A FORWARD -o $intdev -d $intnet -i $extdev -s \! $intnet -j ACCEPT iptables -A INPUT -s $intnet -i $intdev -j ACCEPT iptables -N tcp_in iptables -N tcp_out iptables -N udp_in iptables -N udp_out iptables -N icmp_packets iptables -A INPUT -s $intnet -i $extdev -j DROP iptables -A INPUT -s 10.0.0.0/8 -i $extdev -j DROP iptables -A INPUT -s 172.16.0.0/12 -i $extdev -j DROP iptables -A INPUT -p tcp -i $extdev -j tcp_in iptables -A tcp_in -p tcp -m multiport --destination-port 22,5800,5801,5900,5901 --syn -j ACCEPT iptables -A tcp_in -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A tcp_in -j LOG --log-level DEBUG --log-prefix tcp_in iptables -A tcp_in -j REJECT iptables -A INPUT -j LOG --log-level DEBUG --log-prefix INPUT iptables -P INPUT DROP iptables -P FORWARD DROP |
Could you post your route result, too?
|
Result
What do you mean by result?
When I run that script it runs error free. When I try to use my Linux machine to communicate outside my network, it just times out. |
Just type
route as root and copy the result you get. |
Ok - sorry about that - I am a newbie :)
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface localnet * 255.255.255.0 U 0 0 0 eth0 24.92.168.0 * 255.255.248.0 U 0 0 0 eth1 loopback * 255.0.0.0 U 0 0 0 lo default 24.92.168.1 0.0.0.0 UG 0 0 0 eth1 Those 24.92 addresses, I am not sure what they are supposed to represent, but they do not look like anything familiar... |
One more thing: result of ifconfig, the same as with route, just
ifconfig |
Ifconfig
OK - Here is my ifconfig. WITH one exception. I didn't want to give my IP address out to the world, so I am replacing it with a bogus IP address. If you need to refer to it, just refer to it by the number I put in. You should still get the idea :)
eth0 Link encap:Ethernet HWaddr 00:02:55:B2:A1:E5 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:203011 errors:0 dropped:0 overruns:33 frame:2 TX packets:183472 errors:0 dropped:0 overruns:2 carrier:0 collisions:36 txqueuelen:100 RX bytes:35292426 (33.6 Mb) TX bytes:39250845 (37.4 Mb) Interrupt:10 Base address:0x2000 eth1 Link encap:Ethernet HWaddr 00:80:AD:00:31:57 inet addr:99.99.99.99 Bcast:255.255.255.255 Mask:255.255.248.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:398562 errors:0 dropped:0 overruns:0 frame:0 TX packets:185883 errors:0 dropped:0 overruns:0 carrier:0 collisions:352 txqueuelen:100 RX bytes:54555028 (52.0 Mb) TX bytes:34027265 (32.4 Mb) Interrupt:11 Base address:0x6100 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:23 errors:0 dropped:0 overruns:0 frame:0 TX packets:23 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1888 (1.8 Kb) TX bytes:1888 (1.8 Kb) |
Quote:
somewhere down the road, it isn't forwarding the requests correctly. on your client behind the firewall, what does the routing table look like? your default gateway should be the interal IP address of the firewall so on the client machines do a netstat -nr you said clients inside on the local net CAN ping the firewall? |
The real IP in both places is not my real IP, it is wrong. I can ping my internal machines from my firewall, and I can ping my firewall from the internal machines.
|
Hmm, not sure, but try to delete the rule
24.92.168.0 * 255.255.248.0 U 0 0 0 eth1 I suppose you don't need it (the 'default' one does a very similar thing). |
How would I do that, and how did that rule get there?
|
route del 24.92.168.0
I don't know how it got there, it depend on the method used to configure your machine. And i'm still not sure if it can help you. But try it. |
Didn't work...
root@Linux1:/# route del 24.92.168.0 SIOCDELRT: No such process root@Linux1:/# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface localnet * 255.255.255.0 U 0 0 0 eth0 24.92.168.0 * 255.255.248.0 U 0 0 0 eth1 loopback * 255.0.0.0 U 0 0 0 lo default 24.92.168.1 0.0.0.0 UG 0 0 0 eth1 |
All times are GMT -5. The time now is 05:19 AM. |