LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-19-2005, 04:51 AM   #1
pepolez
LQ Newbie
 
Registered: Jun 2005
Location: Australia
Distribution: Ubuntu
Posts: 16

Rep: Reputation: 0
Question unable to connect to self


ok, recently ive had a problem appear where one of my boxes was not able to connect to itself via loopback, or any of its ethernet devices. on any attempt, the connection simply times out. any ideas why?

server uses debian sarge and is configured to have an ethernet bridge between two it its three ethernet interfaces (the bridge works fine)

Last edited by pepolez; 12-19-2005 at 04:52 AM.
 
Old 12-20-2005, 03:50 PM   #2
Mishra100
Member
 
Registered: Jan 2005
Posts: 44

Rep: Reputation: 15
if you type in

ping 127.0.0.1

and get no response, then you either have a dead NIC or tcp/ip needs to be reinstalled. You could have a misconfiguration but that shouldn't happen unless you have people that are logging in as root that you don't really trust.
 
Old 12-20-2005, 04:51 PM   #3
pepolez
LQ Newbie
 
Registered: Jun 2005
Location: Australia
Distribution: Ubuntu
Posts: 16

Original Poster
Rep: Reputation: 0
Exclamation

cant ping itself via any interface, not even loopback. what gets me is that this started occuring after putting in the ethernet bridge
 
Old 12-23-2005, 07:06 AM   #4
Mishra100
Member
 
Registered: Jan 2005
Posts: 44

Rep: Reputation: 15
Your NIC is more than likely broke.
 
Old 12-23-2005, 10:50 AM   #5
ilaiy
LQ Newbie
 
Registered: Oct 2004
Posts: 23

Rep: Reputation: 15
Do you have a firewall or something of that running. You could check route to see if you have anything in your routing table ..

./thanks
ilaiy
 
Old 12-23-2005, 10:57 AM   #6
mebaro
LQ Newbie
 
Registered: Jul 2005
Location: Miami
Distribution: RHES3, Fedora4
Posts: 16

Rep: Reputation: 0
I think ifconfig -a will gove you a clue. Make sure your lo interface is up.
 
Old 12-23-2005, 12:31 PM   #7
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
Quote:
Originally Posted by mebaro
I think ifconfig -a will give you a clue. Make sure your lo interface is up.
If you still need help, definitly post the output of:
lsmod
lspci
ifconfig -a
iptables -L

...run as the root user of course.
 
Old 12-23-2005, 06:02 PM   #8
pepolez
LQ Newbie
 
Registered: Jun 2005
Location: Australia
Distribution: Ubuntu
Posts: 16

Original Poster
Rep: Reputation: 0
lsmod:
Quote:
Module Size Used by Not tainted
bridge 16664 1 (autoclean)
ip6_tables 11232 0 (unused)
af_packet 11624 1 (autoclean)
parport_pc 19400 1 (autoclean)
lp 5952 0
parport 21800 1 [parport_pc lp]
ipt_MASQUERADE 1240 1 (autoclean)
ipt_REJECT 3160 4 (autoclean)
ipt_LOG 3000 6 (autoclean)
ipt_state 536 11 (autoclean)
ipt_pkttype 440 4 (autoclean)
ipt_owner 1144 0 (autoclean)
ipt_recent 6852 0 (autoclean)
ipt_multiport 632 3 (autoclean)
ipt_conntrack 952 0 (autoclean)
iptable_mangle 2008 0 (autoclean)
ip_nat_irc 2000 0 (unused)
ip_nat_tftp 1744 0 (unused)
ip_nat_ftp 2512 0 (unused)
iptable_nat 14254 4 [ipt_MASQUERADE ip_nat_irc ip_nat_tftp ip_nat_ftp]
ip_conntrack_irc 2896 1
ip_conntrack_tftp 1680 1
ip_conntrack_ftp 3600 1
ip_conntrack 16004 6 [ipt_MASQUERADE ipt_state ipt_conntrack ip_nat_irc ip_nat_tftp ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_tftp ip_conntrack_ftp]
iptable_filter 1612 1
ip_tables 10720 14 [ipt_MASQUERADE ipt_REJECT ipt_LOG ipt_state ipt_pkttype ipt_owner ipt_recent ipt_multiport ipt_conntrack iptable_mangle iptable_nat iptable_filter]
ne2k-pci 4992 1
8390 5424 0 [ne2k-pci]
8139too 13640 2
mii 1984 0 [8139too]
crc32 2848 0 [8390 8139too]
es1371 24044 0 (unused)
ac97_codec 11412 0 [es1371]
soundcore 3268 4 [es1371]
gameport 1388 0 [es1371]
usb-uhci 19696 0 (unused)
usbcore 52588 1 [usb-uhci]
agpgart 35416 0 (unused)
rtc 6120 0 (autoclean)
ide-cd 27936 0
cdrom 25088 0 [ide-cd]
reiserfs 155504 2 (autoclean)
isofs 22932 0 (autoclean)
ide-disk 12384 4 (autoclean)
ext3 53220 0 (autoclean)
jbd 34824 0 (autoclean) [ext3]
ide-detect 9008 0 (autoclean)
via82cxxx 9448 1 (autoclean)
ide-core 84216 4 (autoclean) [ide-cd ide-disk ide-detect via82cxxx]
unix 13260 96 (autoclean)
vesafb 8968 63 (autoclean)
fbcon-cfb8 3208 0 (autoclean) [vesafb]
fbcon-cfb24 4040 0 (autoclean) [vesafb]
fbcon-cfb32 3656 0 (autoclean) [vesafb]
fbcon-cfb16 3784 0 (autoclean) [vesafb]
lspci:
Quote:
0000:00:00.0 Host bridge: VIA Technologies, Inc. VT82C693A/694x [Apollo PRO133x] (rev 44)
0000:00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598/694x [Apollo MVP3/Pro133x AGP]
0000:00:07.0 ISA bridge: VIA Technologies, Inc. VT82C596 ISA [Mobile South] (rev 23)
0000:00:07.1 IDE interface: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 10)
0000:00:07.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 11)
0000:00:07.3 Host bridge: VIA Technologies, Inc. VT82C596 Power Management (rev 30)
0000:00:08.0 Multimedia audio controller: Ensoniq ES1371 [AudioPCI-97] (rev 09)
0000:00:10.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
0000:00:13.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
0000:00:14.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8029(AS)
0000:01:00.0 VGA compatible controller: ATI Technologies Inc 3D Rage IIC AGP (rev 3a)
ifconfig -a
Quote:
br0 Link encap:Ethernet HWaddr 00:00:21:2D:5E:AD
inet addr:192.168.2.1 Bcast:192.168.2.7 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:146389 errors:0 dropped:0 overruns:0 frame:0
TX packets:137896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:49250362 (46.9 MiB) TX bytes:42236991 (40.2 MiB)

eth0 Link encap:Ethernet HWaddr 00:E0:4C:33:3B:93
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:193955 errors:0 dropped:0 overruns:0 frame:0
TX packets:162607 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:35798946 (34.1 MiB) TX bytes:133505114 (127.3 MiB)
Interrupt:12 Base address:0x9000

eth1 Link encap:Ethernet HWaddr 00:E0:4C:3A:07:CD
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:209590 errors:0 dropped:0 overruns:0 frame:0
TX packets:237625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:23644836 (22.5 MiB) TX bytes:38104240 (36.3 MiB)
Interrupt:9 Base address:0xb000

eth2 Link encap:Ethernet HWaddr 00:00:21:2D:5E:AD
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:218180 errors:0 dropped:1234 overruns:0 frame:1237
TX packets:185946 errors:0 dropped:0 overruns:0 carrier:0
collisions:188 txqueuelen:100
RX bytes:63510665 (60.5 MiB) TX bytes:51155355 (48.7 MiB)
Interrupt:10 Base address:0xe400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
LOOPBACK MTU:16436 Metric:1
RX packets:70115 errors:0 dropped:0 overruns:0 frame:0
TX packets:70115 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11694084 (11.1 MiB) TX bytes:11694084 (11.1 MiB)
here eth1 is bridged to eth2 and given the interface name br0.
eth1 and eth2 are also using a /29 subnet (6 ips)

iptables -L
Quote:
Chain AllowICMPs (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded

Chain Drop (3 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
DropSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere

Chain DropDNSrep (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp spt:domain

Chain DropSMB (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:loc-srv
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:loc-srv
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds

Chain DropUPnP (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:1900

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_in all -- anywhere anywhere
br0_in all -- anywhere anywhere
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `Shorewall:INPUTROP:'
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
br0_fwd all -- anywhere anywhere
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `Shorewall:FORWARDROP:'
DROP all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
fw2all all -- anywhere anywhere
fw2all all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain Reject (0 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
RejectSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere

Chain RejectAuth (2 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth

Chain RejectSMB (1 references)
target prot opt source destination
reject udp -- anywhere anywhere udp dpt:loc-srv
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:loc-srv
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds

Chain all2all (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `Shorewall:all2allROP:'
DROP all -- anywhere anywhere

Chain br0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
link2net all -- anywhere anywhere

Chain br0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
link2fw all -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
all2all all -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere

Chain fw2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain link2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- restricted anywhere multiport dports ftp,ssh,www,6666,ircd,10000,27960
ACCEPT tcp -- beta anywhere multiport dports mysql,ircd,7030
all2all all -- anywhere anywhere

Chain link2link (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain link2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere marvin.lan.conreteairship.com tcp dpt:domain
ACCEPT udp -- anywhere marvin.lan.conreteairship.com udp dpt:domain
ACCEPT tcp -- anywhere mirror.internode.on.net tcp dpt:www
ACCEPT tcp -- anywhere klecker.debian.org tcp dpt:www
ACCEPT tcp -- anywhere tartini.debian.org tcp dpt:www
ACCEPT tcp -- anywhere debian-mirror.cs.umn.edu tcp dpt:www
all2all all -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports www,ircd
all2all all -- anywhere anywhere

Chain reject (7 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 192.168.1.255 anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG all -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- 192.168.1.255 anywhere
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere

Last edited by pepolez; 12-23-2005 at 06:03 PM.
 
Old 12-29-2005, 01:38 PM   #9
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
That all looks good enough to work. You can't sit on that machine and ping any of it's interfaces? If the bridge is functioning and traffic can pass across it, it's probably safe to say the NICs aren't bad.

My guess is the firewall. I haven't played with shorewall enough, but make sure there is a rule that allows all traffic to/from the lo interface on subnet 127.0.0.0/8. Depending on how locked down it is, you may also need rules for each interface, something like allow traffic in on eth0 from 192.168.1/24 and allow in on br0 from 192.168.2.0/29.

FYI you may also see if it works on the next subnet up ie 192.168.2.8/29 (192.168.2.9-192.168.2.14) and I'm not trying to doubt your reasoning but now I'm curious what the reasoning is to use a bridge that can only have 5 hosts? (6 minus the bridge)
 
Old 12-30-2005, 01:19 AM   #10
pepolez
LQ Newbie
 
Registered: Jun 2005
Location: Australia
Distribution: Ubuntu
Posts: 16

Original Poster
Rep: Reputation: 0
Exclamation

Quote:
Originally Posted by Darin
My guess is the firewall. I haven't played with shorewall enough, but make sure there is a rule that allows all traffic to/from the lo interface on subnet 127.0.0.0/8. Depending on how locked down it is, you may also need rules for each interface, something like allow traffic in on eth0 from 192.168.1/24 and allow in on br0 from 192.168.2.0/29.
shorewall is specifically designed to leave the lo interface alone (although i cannot ping it). the per interface rules did not work.

Quote:
Originally Posted by Darin
I'm curious what the reasoning is to use a bridge that can only have 5 hosts? (6 minus the bridge)
this was a cost saving measure. at the time, a couple of 100mbit NICs were cheaper to buy then switches.

Quote:
Originally Posted by iptables -L
Chain AllowICMPs (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded

Chain Drop (3 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
DropSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere

Chain DropDNSrep (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp spt:domain

Chain DropSMB (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:loc-srv
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:loc-srv
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds

Chain DropUPnP (2 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:1900

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
eth0_in all -- anywhere anywhere
br0_in all -- anywhere anywhere
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `Shorewall:INPUTROP:'
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
br0_fwd all -- anywhere anywhere
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `Shorewall:FORWARDROP:'
DROP all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
fw2net all -- anywhere anywhere
fw2link all -- anywhere anywhere
fw2fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain Reject (0 references)
target prot opt source destination
RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
RejectSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere

Chain RejectAuth (2 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth

Chain RejectSMB (1 references)
target prot opt source destination
reject udp -- anywhere anywhere udp dpt:loc-srv
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:loc-srv
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds

Chain all2all (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `Shorewall:all2allROP:'
DROP all -- anywhere anywhere

Chain br0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
link2net all -- anywhere anywhere

Chain br0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
link2fw all -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2link all -- anywhere anywhere

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere

Chain fw2all (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain fw2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 127.0.0.0/8 127.0.0.0/8
fw2all all -- anywhere anywhere

Chain fw2link (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
DROP icmp -- anywhere 192.168.2.7
fw2all all -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
DROP icmp -- anywhere 192.168.2.7
fw2all all -- anywhere anywhere

Chain link2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
DROP icmp -- anywhere 192.168.2.7
ACCEPT tcp -- restricted anywhere multiport dports ftp,ssh,www,6666,ircd,10000,27960
ACCEPT tcp -- beta anywhere multiport dports mysql,ircd,7030
all2all all -- anywhere anywhere

Chain link2link (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- alpha alpha
ACCEPT all -- anywhere anywhere

Chain link2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
DROP icmp -- anywhere 192.168.2.7
ACCEPT tcp -- anywhere marvin.lan.conreteairship.com tcp dpt:domain
ACCEPT udp -- anywhere marvin.lan.conreteairship.com udp dpt:domain
ACCEPT tcp -- anywhere mirror.internode.on.net tcp dpt:www
ACCEPT tcp -- anywhere klecker.debian.org tcp dpt:www
ACCEPT tcp -- anywhere tartini.debian.org tcp dpt:www
ACCEPT tcp -- anywhere debian-mirror.cs.umn.edu tcp dpt:www
all2all all -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
DROP icmp -- anywhere 192.168.2.7
ACCEPT tcp -- anywhere anywhere multiport dports www,ircd
all2all all -- anywhere anywhere

Chain net2link (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
DROP icmp -- anywhere 192.168.2.7
all2all all -- anywhere anywhere

Chain reject (7 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 192.168.1.255 anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG all -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- 192.168.1.255 anywhere
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
no luck as yet..still hopeful

Last edited by pepolez; 12-30-2005 at 01:20 AM.
 
Old 01-16-2006, 06:42 AM   #11
pepolez
LQ Newbie
 
Registered: Jun 2005
Location: Australia
Distribution: Ubuntu
Posts: 16

Original Poster
Rep: Reputation: 0
Exclamation

still no luck. getting rather annoying when trying to run some stuff now :/
 
Old 01-16-2006, 11:54 AM   #12
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
Quote:
Originally Posted by Darin
You can't sit on that machine and ping any of it's interfaces?
...
FYI you may also see if it works on the next subnet up ie 192.168.2.8/29 (192.168.2.9-192.168.2.14)
so... can you ping any of the interfaces (127.0.0.1, 192.168.1.10, 192.168.2.1) and have you tried changing the IP addresses on the br0 network to that range (br0 IP 192.168.2.9, bcast 192.168.2.15)?
 
Old 01-20-2006, 12:44 AM   #13
pepolez
LQ Newbie
 
Registered: Jun 2005
Location: Australia
Distribution: Ubuntu
Posts: 16

Original Poster
Rep: Reputation: 0
Ok, you can slap a big fat 'NOOB' sticker on me, it turned out to be something incredibly simple - some package disabled my loopback interface during its install and didn't bring it back up. I didn't notice because lo still showed up in ifconfig.

Routing is now working as desired.

Seems my time to check it out has involved too many sleepless nights affecting mental capacity.

This is by far the most stupid, mindless, embarassing thing I've ever done, and I just hope you can forgive me for wasting your time. I'm actually crying now :/

Last edited by pepolez; 01-20-2006 at 12:57 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to connect to internet ashwin_cse Fedora 9 07-30-2007 09:39 AM
unable to connect to X deadmoon Linux - Software 2 08-22-2005 05:58 PM
Unable to connect eggoz Linux - Networking 2 11-22-2004 06:32 PM
unable to connect WannaLearnLinux Mandriva 4 08-27-2003 10:58 PM
Unable to Connect leiterch Linux - Networking 4 09-10-2002 02:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration