Please Help!
Jeremy Fowler
jfowler at westrope.com
Mon Jul 15 13:47:01 CDT 2002
Ok, sounds to me like a routing problem. First make sure your box is routing
packets *before* messing the firewall. I recommend flushing your rules and
changing the default policy to allow all packets thru for now. Then try pinging
the host from one network to the other. If this doesn't work you know you have a
routing problem. What is the default gateway for the host your pinging from? If
it isn't 192.168.1.1, then you will need to add routing rules to the default
gateway that shows that 192.168.1.1 routes packets to the 192.168.2.0/24
network. Next ping 192.168.1.1 from a host on the same network and see if that
host is reachable. Then check the default gateway for the 192.168.2.0/24 network
and make sure packets destined for the 192.168.1.0/24 network are routed to
192.168.2.1. Then try pinging 192.168.2.1 from a host on that network. Finally
try pinging across to the other network. Use traceroute to find out where the
packets are going. If you still are having problems use the route command to
examine the routing tables on 192.168.1.1/192.168.2.1 to see if everything is in
order. Be pragmatic and take things one step at a time. If there are too many
elements in the equation, take everything out except the minimum required
components until you have a working example. Then add things back in one at a
time while making sure nothing breaks.
> -----Original Message-----
> From: owner-kclug at marauder.illiana.net
> [mailto:owner-kclug at marauder.illiana.net]On Behalf Of jose sanchez
> Sent: Saturday, July 13, 2002 11:58 PM
> To: KC Linux
> Subject: Please Help!
>
>
> Hello:
>
> Please help me on this:
> I just playing with iptables today and experienced
> some problems...
>
> This is the scenario:
> The linux router has
> eth0 is on 192.168.1.0/24 network, ip 192.168.1.1
> eth1 is on 192.168.2.0/24 network, ip 192.168.2.1
> Ip_forward is turned on.
> Is a fresh install running RH 7.2
>
>
> I have a computer with IP 192.168.1.100 trying to ping
> to a computer with IP 192.168.2.8 but can't get it to
> work. The computer on *.*.2.8 is a webserver.
>
> These are the rules I have set up:
>
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> iptabels -F
>
> iptables -A FORWARD -p icmp -j ACCEPT
> iptables -A INPUT -p icmp -j ACCEPT
> iptables -A OUTPUT -p icmp -j ACCEPT
>
> iptables -A FORWARD -i eth0 -o eth1
> -s 192.168.1.0/24 --sport 1024:65535
> -d 192.168.2.8 --dport 80
> -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> iptables -A FORWARD -i eth1 -o eth0
> -s 192.168.2.0/24 -d 192.168.1.0/24
> -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> I can't ping any of the router's cards nor can't ping
> to the other network.
> When I rmmod all the iptables modules I could ping
> 192.168.2.8 from 192.168.1.100, the router routes the
> packets but why I can't ping when the iptables modules
> are loaded? Do I need to recompile the kernel?
>
> Thanks in advance for all your help.
>
>
> =====
> "An ounce of gold cannot buy an ounce of time."
> - Anonymous
>
>
> www.whmicro.com
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Autos - Get free new car price quotes
> http://autos.yahoo.com
>
>
More information about the Kclug
mailing list