LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-25-2002, 01:48 PM   #1
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Rep: Reputation: 15
Cannot communicate outside my network


I have a strange problem. Hopefully someone can help!!!

I am running Slackware 2.4.19. I am using IP Masquerading, and IP Masquerading works great from any machine in my network. Can SSH to my Linux box from inside OR outside my network with no problem (although for some reason it connects rather slow - It takes about 20-30 seconds after putting in my password to get to a prompt - but thats a whole other story). The only thing that is WEIRD is that I cannot connect to the internet DIRECTLY from my Linux machine (the IP masquerading machine). I can ping all of my internal network, but I cannot ping any IP addresses outside my network. I also cannot seem to FTP outside my network from there, OR even go to any websites using LYNX. The crazy thing is that all of my computers connected to this run perfect inside and outside the network, and also I can SSH to my Linux box....

All in all HEEEEEEEEELLLLLLLLLLPPPPPPPPPPPPPPPPP!!!!!!!!!!!!!!

Thanks in advance!
 
Old 09-25-2002, 01:53 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Please send your route result and your firewalling (masquerading) script.
 
Old 09-25-2002, 02:10 PM   #3
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
HERE IT IS!

Here it is, but BE ADVISED, I tried flushing all IPTABLES, and having no rules, and it still did not seem to work. My internal IP address is 192.168.0.1 (Linux Machine)

#!/bin/sh
/sbin/depmod -aq
intdev="eth0"
intnet="192.168.0.0/23"
intip="192.168.0.1"
extdev="eth1"
extip=`ifconfig eth1 | grep 'inet addr' | cut -d":" -f2 | cut -d" " -f1`

modprobe ip_tables
modprobe iptable_nat
modprobe ipt_LOG
modprobe ip_conntrack

iptables -v -F
iptables -v -t nat -F
iptables -v -X
iptables -v -t nat -X
iptables -v -Z
iptables -v -t nat -Z

# Enable IP forwarding.
#
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s $intnet -o $extdev -j MASQUERADE

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A FORWARD -i $intdev -s $intnet -o $extdev -d \! $intnet -j ACCEPT
iptables -A FORWARD -o $intdev -d $intnet -i $extdev -s \! $intnet -j ACCEPT
iptables -A INPUT -s $intnet -i $intdev -j ACCEPT

iptables -N tcp_in
iptables -N tcp_out
iptables -N udp_in
iptables -N udp_out
iptables -N icmp_packets

iptables -A INPUT -s $intnet -i $extdev -j DROP
iptables -A INPUT -s 10.0.0.0/8 -i $extdev -j DROP
iptables -A INPUT -s 172.16.0.0/12 -i $extdev -j DROP
iptables -A INPUT -p tcp -i $extdev -j tcp_in
iptables -A tcp_in -p tcp -m multiport --destination-port 22,5800,5801,5900,5901 --syn -j ACCEPT
iptables -A tcp_in -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A tcp_in -j LOG --log-level DEBUG --log-prefix tcp_in
iptables -A tcp_in -j REJECT
iptables -A INPUT -j LOG --log-level DEBUG --log-prefix INPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP
 
Old 09-25-2002, 03:46 PM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Could you post your route result, too?
 
Old 09-25-2002, 03:49 PM   #5
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Result

What do you mean by result?

When I run that script it runs error free. When I try to use my Linux machine to communicate outside my network, it just times out.
 
Old 09-25-2002, 04:06 PM   #6
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Just type
route
as root and copy the result you get.
 
Old 09-25-2002, 04:14 PM   #7
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Ok - sorry about that - I am a newbie

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
24.92.168.0 * 255.255.248.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 24.92.168.1 0.0.0.0 UG 0 0 0 eth1

Those 24.92 addresses, I am not sure what they are supposed to represent, but they do not look like anything familiar...
 
Old 09-25-2002, 04:24 PM   #8
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
One more thing: result of ifconfig, the same as with route, just
ifconfig
 
Old 09-25-2002, 04:27 PM   #9
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Ifconfig

OK - Here is my ifconfig. WITH one exception. I didn't want to give my IP address out to the world, so I am replacing it with a bogus IP address. If you need to refer to it, just refer to it by the number I put in. You should still get the idea

eth0 Link encap:Ethernet HWaddr 00:02:55:B2:A1:E5
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:203011 errors:0 dropped:0 overruns:33 frame:2
TX packets:183472 errors:0 dropped:0 overruns:2 carrier:0
collisions:36 txqueuelen:100
RX bytes:35292426 (33.6 Mb) TX bytes:39250845 (37.4 Mb)
Interrupt:10 Base address:0x2000

eth1 Link encap:Ethernet HWaddr 00:80:AD:00:31:57
inet addr:99.99.99.99 Bcast:255.255.255.255 Mask:255.255.248.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:398562 errors:0 dropped:0 overruns:0 frame:0
TX packets:185883 errors:0 dropped:0 overruns:0 carrier:0
collisions:352 txqueuelen:100
RX bytes:54555028 (52.0 Mb) TX bytes:34027265 (32.4 Mb)
Interrupt:11 Base address:0x6100

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1888 (1.8 Kb) TX bytes:1888 (1.8 Kb)
 
Old 09-25-2002, 04:30 PM   #10
RijilV
Member
 
Registered: Sep 2002
Location: somewhere
Distribution: gentoo
Posts: 123

Rep: Reputation: 15
Quote:
Originally posted by Milkman00


Those 24.92 addresses, I am not sure what they are supposed to represent, but they do not look like anything familiar...
the 24.92 is your outbound interface, that is your real IP on the internet

somewhere down the road, it isn't forwarding the requests correctly. on your client behind the firewall, what does the routing table look like? your default gateway should be the interal IP address of the firewall

so on the client machines do a
netstat -nr

you said clients inside on the local net CAN ping the firewall?
 
Old 09-25-2002, 04:34 PM   #11
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
The real IP in both places is not my real IP, it is wrong. I can ping my internal machines from my firewall, and I can ping my firewall from the internal machines.
 
Old 09-25-2002, 04:35 PM   #12
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Hmm, not sure, but try to delete the rule
24.92.168.0 * 255.255.248.0 U 0 0 0 eth1
I suppose you don't need it (the 'default' one does a very similar thing).
 
Old 09-25-2002, 04:36 PM   #13
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
How would I do that, and how did that rule get there?
 
Old 09-25-2002, 04:43 PM   #14
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
route del 24.92.168.0
I don't know how it got there, it depend on the method used to configure your machine. And i'm still not sure if it can help you. But try it.

Last edited by Mara; 09-25-2002 at 04:44 PM.
 
Old 09-25-2002, 04:44 PM   #15
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Didn't work...

root@Linux1:/# route del 24.92.168.0
SIOCDELRT: No such process
root@Linux1:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
24.92.168.0 * 255.255.248.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 24.92.168.1 0.0.0.0 UG 0 0 0 eth1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Get an IP, but still can't communicate with network... bthornton Linux - Networking 21 03-21-2005 08:16 AM
Problem getting network card to communicate MasterTech Linux - Networking 4 03-28-2004 08:40 AM
Can't get two Linux machines to communicate pjz Linux - Networking 4 01-29-2004 04:35 PM
New box on the network cannot communicate with anything MasterC Linux - Networking 12 01-22-2003 08:47 PM
communicate via serial... how-to? adam_boz Linux - Newbie 4 10-22-2002 11:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration