Hi,
I have recently configured one of my Debian Etch machines to act as a router for my home network (it also runs apache, postfix etc). Everything works properly except I am not able to connect to or ping other computers on the LAN from the server. Also, related or not, DNAT doesn't work.
My network setup:
ISP (24.86.168.0/21, gateway at 24.86.168.1)
Server (eth1:cable modem dhcp, eth0:192.168.0.1, runs dhcpd for internal network)
Clients (192.168.0.100 - 192.168.0.150)
internal network is 192.168.0.0/24
PROBLEM:
when pinging LAN machines from the server (via ssh) -
eg.
Code:
root@serv:/tmp# ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 192.168.0.100 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms
also when pinging the server itself -
Code:
root@serv:/tmp# ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- localhost ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
output of "route -n" -
Code:
root@serv:/tmp# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
24.86.168.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 24.86.168.1 0.0.0.0 UG 0 0 0 eth1
output of "iptables -L" (filter) -
Code:
root@serv:/tmp# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
ACCEPT 0 -- anywhere anywhere state RELATED
ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1024:65535
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
output of "iptables -t nat -L" -
Code:
root@serv:/tmp# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy DROP)
target prot opt source destination
MASQUERADE 0 -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
output of "iptables -t mangle -L" -
Code:
root@serv:/tmp# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
output of "ifconfig" -
Code:
root@serv:/tmp# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:7D:DF:2F:10
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3674815 errors:0 dropped:0 overruns:0 frame:0
TX packets:3291440 errors:0 dropped:0 overruns:1 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2243739616 (2.0 GiB) TX bytes:1795159906 (1.6 GiB)
Interrupt:10 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:12:C9:4E:10:D2
inet addr:24.86.169.13 Bcast:255.255.255.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15599622 errors:0 dropped:0 overruns:0 frame:0
TX packets:3636595 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2180881493 (2.0 GiB) TX bytes:2228424341 (2.0 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
there is nothing related in dmesg and /var/log/syslog.
I have also tried setting the policy of my filter chains to ACCEPT, problem persists.
connecting from clients to the server works as expected, eg, I can ssh into the server, get pages from apache, check and send emails
anything else I should provide?
Thanks in advance