Cannot communicate outside my network
 

I have a strange problem. Hopefully someone can help!!!

I am running Slackware 2.4.19. I am using IP Masquerading, and IP Masquerading works great from any machine in my network. Can SSH to my Linux box from inside OR outside my network with no problem (although for some reason it connects rather slow - It takes about 20-30 seconds after putting in my password to get to a prompt - but thats a whole other story). The only thing that is WEIRD is that I cannot connect to the internet DIRECTLY from my Linux machine (the IP masquerading machine). I can ping all of my internal network, but I cannot ping any IP addresses outside my network. I also cannot seem to FTP outside my network from there, OR even go to any websites using LYNX. The crazy thing is that all of my computers connected to this run perfect inside and outside the network, and also I can SSH to my Linux box....

All in all HEEEEEEEEELLLLLLLLLLPPPPPPPPPPPPPPPPP!!!!!!!!!!!!!!

Thanks in advance!

Please send your route result and your firewalling (masquerading) script.

HERE IT IS!
 

Here it is, but BE ADVISED, I tried flushing all IPTABLES, and having no rules, and it still did not seem to work. My internal IP address is 192.168.0.1 (Linux Machine)

#!/bin/sh
/sbin/depmod -aq
intdev="eth0"
intnet="192.168.0.0/23"
intip="192.168.0.1"
extdev="eth1"
extip=`ifconfig eth1 | grep 'inet addr' | cut -d":" -f2 | cut -d" " -f1`

modprobe ip_tables
modprobe iptable_nat
modprobe ipt_LOG
modprobe ip_conntrack

iptables -v -F
iptables -v -t nat -F
iptables -v -X
iptables -v -t nat -X
iptables -v -Z
iptables -v -t nat -Z

# Enable IP forwarding.
#
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s $intnet -o $extdev -j MASQUERADE

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A FORWARD -i $intdev -s $intnet -o $extdev -d \! $intnet -j ACCEPT
iptables -A FORWARD -o $intdev -d $intnet -i $extdev -s \! $intnet -j ACCEPT
iptables -A INPUT -s $intnet -i $intdev -j ACCEPT

iptables -N tcp_in
iptables -N tcp_out
iptables -N udp_in
iptables -N udp_out
iptables -N icmp_packets

iptables -A INPUT -s $intnet -i $extdev -j DROP
iptables -A INPUT -s 10.0.0.0/8 -i $extdev -j DROP
iptables -A INPUT -s 172.16.0.0/12 -i $extdev -j DROP
iptables -A INPUT -p tcp -i $extdev -j tcp_in
iptables -A tcp_in -p tcp -m multiport --destination-port 22,5800,5801,5900,5901 --syn -j ACCEPT
iptables -A tcp_in -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A tcp_in -j LOG --log-level DEBUG --log-prefix tcp_in
iptables -A tcp_in -j REJECT
iptables -A INPUT -j LOG --log-level DEBUG --log-prefix INPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP

Could you post your route result, too?

Result
 

What do you mean by result?

When I run that script it runs error free. When I try to use my Linux machine to communicate outside my network, it just times out.

Just type
route
as root and copy the result you get.

Ok - sorry about that - I am a newbie :)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
24.92.168.0 * 255.255.248.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 24.92.168.1 0.0.0.0 UG 0 0 0 eth1

Those 24.92 addresses, I am not sure what they are supposed to represent, but they do not look like anything familiar...

One more thing: result of ifconfig, the same as with route, just
ifconfig

Ifconfig
 

OK - Here is my ifconfig. WITH one exception. I didn't want to give my IP address out to the world, so I am replacing it with a bogus IP address. If you need to refer to it, just refer to it by the number I put in. You should still get the idea :)

eth0 Link encap:Ethernet HWaddr 00:02:55:B2:A1:E5
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:203011 errors:0 dropped:0 overruns:33 frame:2
TX packets:183472 errors:0 dropped:0 overruns:2 carrier:0
collisions:36 txqueuelen:100
RX bytes:35292426 (33.6 Mb) TX bytes:39250845 (37.4 Mb)
Interrupt:10 Base address:0x2000

eth1 Link encap:Ethernet HWaddr 00:80:AD:00:31:57
inet addr:99.99.99.99 Bcast:255.255.255.255 Mask:255.255.248.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:398562 errors:0 dropped:0 overruns:0 frame:0
TX packets:185883 errors:0 dropped:0 overruns:0 carrier:0
collisions:352 txqueuelen:100
RX bytes:54555028 (52.0 Mb) TX bytes:34027265 (32.4 Mb)
Interrupt:11 Base address:0x6100

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1888 (1.8 Kb) TX bytes:1888 (1.8 Kb)

the 24.92 is your outbound interface, that is your real IP on the internet

somewhere down the road, it isn't forwarding the requests correctly. on your client behind the firewall, what does the routing table look like? your default gateway should be the interal IP address of the firewall

so on the client machines do a
netstat -nr

you said clients inside on the local net CAN ping the firewall?

The real IP in both places is not my real IP, it is wrong. I can ping my internal machines from my firewall, and I can ping my firewall from the internal machines.

Hmm, not sure, but try to delete the rule
24.92.168.0 * 255.255.248.0 U 0 0 0 eth1
I suppose you don't need it (the 'default' one does a very similar thing).

How would I do that, and how did that rule get there?

route del 24.92.168.0
I don't know how it got there, it depend on the method used to configure your machine. And i'm still not sure if it can help you. But try it.

Didn't work...

root@Linux1:/# route del 24.92.168.0
SIOCDELRT: No such process
root@Linux1:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
24.92.168.0 * 255.255.248.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 24.92.168.1 0.0.0.0 UG 0 0 0 eth1