I am having trouble getting my PS2 to look outside the local network. I have DHCPD running and a rc.firewall thats worked before with IP MASQ. Cany anyone help please?

Eth0 = External Net
Eth1 = Internal Net

dhcpd.conf:
ddns-update-style none;
subnet 192.168.0.0 netmask 255.255.255.0 {
# default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;

option domain-name "homelan.org";
option domain-name-servers 192.168.0.1;

range dynamic-bootp 192.168.0.16 192.168.0.253;
default-lease-time 21600;
max-lease-time 2592000;
}

Iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I had the same dhcpd and IP MASQ setup working before but I reinstalled the same version of Slack. I know the PS2 is getting a lease, I just can't seem to get out of the local net.

I used this for my firewall/IP MASQ.

http://www.ecst.csuchico.edu/~dranch...FIREWALL-2.4.X

This is my route table..

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
68.44.93.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 68.44.93.1 0.0.0.0 UG 0 0 0 eth0

bump!!

Bump

I opened up iptraf to look and see what was going on, I found the problem. I just don't know how to fix it.

The PS2 get's an IP from the Linux box 192.168.0.253, the linternal NIC ip is 192.168.0.1.

When I open up iptraf I see that I get a destination unreachable when trying to communicate to the PS2.

ICMP dest unrch (port) (91 bytes) from 192.168.0.1 to 192.168.0.253 on eth1

is port 91 running a service? what is port 91?

Try a simple ping to 192.168.0.253 (or whatever the IP address of the PS2 is at the time).
What abilities do you have to do diagnostics on the PS2? Can you do a ping?

I don't know where Robert0380 got the idea of port 91, but it's a red herring.

I can ping it.

This is the exact copy of the start-up sequence.
Sun Jun 8 11:40:09 2003; UDP; eth1; 328 bytes; source MAC address 00041f03c1ee; from 0.0.0.0:bootpc to 255.255.255.255:bootps

Sun Jun 8 11:40:09 2003; ICMP; eth1; 48 bytes; source MAC address 00c0f0383e31; from 192.168.0.1 to 192.168.0.253; echo req

Sun Jun 8 11:40:10 2003; UDP; eth1; 328 bytes; source MAC address 00c0f0383e31; from 192.168.0.1:bootps to 255.255.255.255:bootpc

Sun Jun 8 11:40:10 2003; UDP; eth1; 328 bytes; source MAC address 00041f03c1ee; from 0.0.0.0:bootpc to 255.255.255.255:bootps

Sun Jun 8 11:40:10 2003; UDP; eth1; 328 bytes; source MAC address 00041f03c1ee; from 0.0.0.0:bootpc to 255.255.255.255:bootps

Sun Jun 8 11:40:10 2003; UDP; eth1; 328 bytes; source MAC address 00c0f0383e31; from 192.168.0.1:bootps to 255.255.255.255:bootpc

Sun Jun 8 11:40:27 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from 192.168.0.253:liberty-lm to 192.168.0.1:domain

Sun Jun 8 11:40:27 2003; ICMP; eth1; 91 bytes; source MAC address 00c0f0383e31; from 192.168.0.1 to 192.168.0.253; dest unrch (port)

Sun Jun 8 11:40:33 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from 192.168.0.253:liberty-lm to 192.168.0.1:domain

Sun Jun 8 11:40:33 2003; ICMP; eth1; 91 bytes; source MAC address 00c0f0383e31; from 192.168.0.1 to 192.168.0.253; dest unrch (port)

Sun Jun 8 11:40:39 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from 192.168.0.253:liberty-lm to 192.168.0.1:domain

Sun Jun 8 11:40:39 2003; ICMP; eth1; 91 bytes; source MAC address 00c0f0383e31; from 192.168.0.1 to 192.168.0.253; dest unrch (port)

Sun Jun 8 11:40:45 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from 192.168.0.253:liberty-lm to 192.168.0.1:domain

Sun Jun 8 11:40:45 2003; ICMP; eth1; 91 bytes; source MAC address 00c0f0383e31; from 192.168.0.1 to 192.168.0.253; dest unrch (port)

Sun Jun 8 11:40:51 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from 192.168.0.253:liberty-lm to 192.168.0.1:domain

Sun Jun 8 11:40:51 2003; ICMP; eth1; 91 bytes; source MAC address 00c0f0383e31; from 192.168.0.1 to 192.168.0.253; dest unrch (port)

Ok, I tried a new rc.firewall script... I got rid of the DEST UNRECH...

Sun Jun 8 12:21:22 2003; ******** IP traffic monitor started ********
Sun Jun 8 12:21:36 2003; UDP; eth1; 328 bytes; source MAC address 00041f03c1ee; from 0.0.0.0:bootpc to 255.255.255.255:bootps
Sun Jun 8 12:21:37 2003; UDP; eth1; 328 bytes; source MAC address 00c0f0383e31; from 192.168.0.1:bootps to 255.255.255.255:bootpc
Sun Jun 8 12:21:37 2003; UDP; eth1; 328 bytes; source MAC address 00041f03c1ee; from 0.0.0.0:bootpc to 255.255.255.255:bootps
Sun Jun 8 12:21:37 2003; UDP; eth1; 328 bytes; source MAC address 00c0f0383e31; from eth1:bootps to 255.255.255.255:bootpc
Sun Jun 8 12:21:37 2003; ICMP; eth1; 48 bytes; source MAC address 00c0f0383e31; from eth1 to 192.168.0.253; echo req
Sun Jun 8 12:21:37 2003; ICMP; eth1; 48 bytes; source MAC address 00041f03c1ee; from ps2 to eth1; echo rply
Sun Jun 8 12:21:48 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from ps2bjective- to eth1:domain
Sun Jun 8 12:21:53 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from ps2bjective- to eth1:domain
Sun Jun 8 12:21:59 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from ps2bjective- to eth1:domain
Sun Jun 8 12:22:05 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from ps2bjective- to eth1:domain
Sun Jun 8 12:22:11 2003; UDP; eth1; 63 bytes; source MAC address 00041f03c1ee; from ps2bjective- to eth1:domain
Sun Jun 8 12:22:30 2003; ******** IP traffic monitor stopped ********

oops, i said that stuff about port 91 because i saw the following
in the post before it:


ICMP dest unrch (port) (91 bytes) from 192.168.0.1 to 192.168.0.253 on eth1

i was reading too fast...see where it says (port)(91..

sorry about that.

I'm a jackass.... everything is set-up find, I just never started routed when starting up... thank god... I thought I was going insane.