LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices


Reply
  Search this Thread
Old 01-14-2005, 09:58 AM   #1
Biased turkey
Member
 
Registered: Jan 2002
Location: Canada
Distribution: redhat7.2
Posts: 169

Rep: Reputation: 30
LAN client can surf but not ping ?


I have a firewall-router-printer server and 1 LAN client both with Mandrake 10.1.
As SU,I can ping the client from my router
I can see the printer fron my client but cannot print
As SU, I cannot ping the firewall from the client ( destination unreachable error type ), BUT I can surf the Internet on the client, so I'm 100% confident that my NIC on the client works.
The only cause I see is a permission problem on the firewall-router
On the frouter-firewall I set the security level to normal and don't allow access to any service from the outside.
On the client, the security level is set to low and the firewall is desabled.
I find Mandrake firewall setting confusing. I run the same hardware config witf Fedora core2 usinfg Firestarter and naver had any problem. The problem is that Mandrake complain about a missing file when installing and running Firestarter RPM on my router-firewall.
Tia for any suggestion.
 
Old 01-14-2005, 10:27 AM   #2
bunnadik
Member
 
Registered: Jan 2005
Location: Ívik, Sweden
Distribution: MDK 10.1
Posts: 450

Rep: Reputation: 30
I think the problem is that you don't allow ANY traffic to the router. The MDK firewall isn't really made for routers so it doesn't
separate incoming traffic on eth0 from incoming traffic on eth1.

Assuming your internal NIC is eth1 and you're not afraid of any traffic from your LAN to the router you can try entering :
iptables -I INPUT -i eth1 -j ACCEPT
This will allow all incoming traffic on eth1. If it works run ' iptables-save > /etc/sysconfig/iptables' and it'll work after next reboot as well.

As for Firestarter it's in the contrib directory (for MDK 10.x anyways) so for MDK 10.1 you should be able to do:
Code:
urpmi.addmedia Contrib ftp://ftp.sunet.se/pub/Linux/distributions/mandrakelinux/official/10.1/i586/media/contrib with media_info/hdlist.cz
urpmi firestarter
(or do the same using 'mcc' optionally substituting ftp.sunet.se with a closer mirror.)

For MDK 10.0 use :
Code:
urpmi.addmedia Contrib  ftp://ftp.sunet.se/pub/Linux/distributions/mandrakelinux/official/10.0/contrib/i586 with synthesis.hdlist.cz
(not really sure about the with synthesis.hdlist.cz though)

- Peder

Last edited by bunnadik; 01-14-2005 at 10:35 AM.
 
Old 01-16-2005, 09:48 PM   #3
Biased turkey
Member
 
Registered: Jan 2002
Location: Canada
Distribution: redhat7.2
Posts: 169

Original Poster
Rep: Reputation: 30
Thanks for the suggestion Bunnadik, but I'm trying to avoid rolling my own iptables rules.
Mandrake 10.1 doesn't have the /etc/sysconfig/iptables file because it uses Shorewall ( an iptables wrapper ) that has its config files in /etc/shorewall.
So today I printed the Shorewall doc and its config files ( 40 + pages ) and I'm having a look at it.
I desagree when you say that "The MDK firewall isn't really made for routers" because Shorewall has a specific doc article and examples config files about configuring a LAN with a 2 interfaces firewall-router that matches exactly my situation.
But at least we both agree that my problem is firewall permissions related.
 
Old 01-17-2005, 05:43 AM   #4
bunnadik
Member
 
Registered: Jan 2005
Location: Ívik, Sweden
Distribution: MDK 10.1
Posts: 450

Rep: Reputation: 30
Yupp, you're right about shorewall. I thought you meant the firewall you can config through the installation process or through MCC.
I haven't installed shorewall in a long time; tried it once and didn't like it.

But I still suggest you try the 'iptables -I INPUT -i eth1 -j ACCEPT' command. It's only persistent until the next reboot
(unless you remove it sooner by issuing 'iptables -D INPUT -i eth1 -j ACCEPT' ) and if it works at least you that's the problem.

- Peder
 
Old 01-17-2005, 09:36 AM   #5
Biased turkey
Member
 
Registered: Jan 2002
Location: Canada
Distribution: redhat7.2
Posts: 169

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by bunnadik

But I still suggest you try the 'iptables -I INPUT -i eth1 -j ACCEPT' command. It's only persistent until the next reboot
(unless you remove it sooner by issuing 'iptables -D INPUT -i eth1 -j ACCEPT' ) and if it works at least you that's the problem.

- Peder
You are 100% right, I could just try that command, at least to check it that solves the problem.

About Firestarter, I installed it via urpmi. The problem is that when I run firestarter, there is one windows that opens with the following message:
"missing configuration file" ??

Thanks again for your suggestions.
 
Old 01-18-2005, 01:39 PM   #6
Biased turkey
Member
 
Registered: Jan 2002
Location: Canada
Distribution: redhat7.2
Posts: 169

Original Poster
Rep: Reputation: 30
update:
I added the suggested command:
iptables -I INPUT -i eth1 -j ACCEPT
I was then able to ping the firewall from my client.
Thanks again for the help Bunnadik.
So obviously, it looks like a problem caused by Shorewall. Damn why does Mandrake has to use Shorewall in the first place ?? It's not much less complicate than to roll his own iptables.
 
Old 01-19-2005, 01:51 PM   #7
wisdom
Member
 
Registered: Feb 2004
Distribution: Fedora 9
Posts: 226

Rep: Reputation: 31
iptables -I INPUT -i eth1 -j ACCEPT


dose this command accept all incoming traffic?? and hence render the rest of firewall rules useless??
 
Old 01-19-2005, 03:01 PM   #8
ernie
Senior Member
 
Registered: Nov 2001
Location: Toledo, Ohio - USA
Distribution: Mageia 1
Posts: 1,079
Blog Entries: 4

Rep: Reputation: 70
wisdom,

Quote:
iptables -I INPUT -i eth1 -j ACCEPT
This command refers specifically to eth1. In this case the eth1 device is the NIC card which connects the firewall/router to the LAN. The eth0 device would be the NIC card which handles the connection to the WAN.

HTH,
 
Old 01-19-2005, 09:48 PM   #9
Biased turkey
Member
 
Registered: Jan 2002
Location: Canada
Distribution: redhat7.2
Posts: 169

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by wisdom
iptables -I INPUT -i eth1 -j ACCEPT


dose this command accept all incoming traffic?? and hence render the rest of firewall rules useless??
No, because eth1 is the NIC connected to my LAN.
eth0 is connected to the internet.
Anyway, I solved my problem: By default Mandrake does not allow pinging on the LAN.
So I had to add the following lines to my /etc/shorewall/rules:

# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT fw loc icmp

Thanks for the help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange Ping Issue - Can't ping localhost but can ping others on LAN code_slinger Linux - Networking 15 03-30-2015 03:39 PM
Bizzare: can surf, can't ping local Net. P_Shep Linux - Networking 6 11-11-2004 01:12 PM
Suse 9.1 (crippled version) unable to ping but able to surf l1fe Linux - Newbie 4 06-30-2004 02:01 PM
How to surf the lan? Valgar Linux - Networking 27 03-12-2004 05:08 PM
How to surf the lan? Valgar Linux - General 2 03-03-2004 07:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva

All times are GMT -5. The time now is 01:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration