Re: Networking problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/14/11 12:55, Rick Sewill wrote:
> On Saturday, May 14, 2011 10:46:51 AM JD wrote:
>> On 05/14/11 09:17, Rick Sewill wrote:
>>> On Saturday, May 14, 2011 09:27:55 AM JD wrote:
>>>> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
>>>>> On 05/14/2011 09:36 AM, JD wrote:
>>>>>> On my F14, I am running a firewall that accepts specific connection on
>>>>>> specific ports from some machines on the LAN.
>>>>>>
>>>>>> However, for one machine I made a general rule to accept all
>>>>>> connections:
>>>>>>
>>>>>> -A INPUT -s 192.168.1.60 -j ACCEPT
>>>>>>
>>>>>> After restarting the firewall,
>>>>>>
>>>>>> I still am unable to ping that machine and it is unable to ping me.
>>>>>> That machine is not running a firewall.
>>>>>>
>>>>>> I can ping the router and another machine I have on the LAN.
>>>>>> The machine at 192.168.1.60 can do the same.
>>>>>>
>>>>>> What else do I need to do to be able to talk to machine 192.168.1.60
>>>>>> and it to my fedora machine?
>>>>> Try:
>>>>>
>>>>> -A INPUT -s 192.168.1.60/32 -j ACCEPT
>>>>>
>>>>> there needs to be a netmask in the syntax.
>>>> Tried it.
>>>> Did not change anything :(
>>> Could we see more of the network topology please?
>>>
>>> Can you do on both machines:
>>> /bin/netstat -rn
>> On Fedora Machine:
>> # /bin/netstat -rn
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags   MSS Window  irtt
>> Iface
>> 10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0
>> eth0
>> 192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0
>> wlan0
>> 10.1.1.0        0.0.0.0         255.255.255.0   U         0 0          0
>> eth0
>> 192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0
>> virbr0
>> 0.0.0.0         192.168.1.254   0.0.0.0         UG        0 0          0
>> wlan0
>>
>>
>> On the machine in question (192.168.1.60)
>> # /sbin/netstat -rn
>> Routing tables
>>
>> Internet:
>> Destination        Gateway            Flags    Refs      Use  Netif Expire
>> default            192.168.1.254      UGSc        8        0    en1
>> 127                127.0.0.1          UCS         0        0    lo0
>> 127.0.0.1          127.0.0.1          UH          0        4    lo0
>> 169.254            link#6             UCS         0        0    en1
>> 192.168.1          link#6             UCS         2        0    en1
>> 192.168.1.1        0:26:18:6:ef:7     UHLW        0      113    en1    566
>> 192.168.1.60       127.0.0.1          UHS         0        0    lo0
>> 192.168.1.254      0:1d:5a:c8:91:c1   UHLW       15      153    en1    565
>>
>> Internet6:
>> Destination                             Gateway
>> Flags      Netif Expire
>>
>> ::1                                     link#1
>>
>> UHL         lo0
>> fe80::%lo0/64                           fe80::1%lo0
>> Uc          lo0
>> fe80::1%lo0                             link#1
>> UHL         lo0
>> ff01::/32                               ::1
>> U           lo0
>> ff02::/32                               fe80::1%lo0
>> UC          lo0
>>
>>> /sbin/ifconfig
>> On Fedora machine:
>>
>> # /sbin/ifconfig
>> eth0      Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
>>             inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
>>             inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
>>             UP BROADCAST MULTICAST  MTU:1500  Metric:1
>>             RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
>>             TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
>>             collisions:0 txqueuelen:1000
>>             RX bytes:174589 (170.4 KiB)  TX bytes:418153 (408.3 KiB)
>>             Interrupt:19 Base address:0xd800
>>
>> eth0:0    Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
>>             inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
>>             UP BROADCAST MULTICAST  MTU:1500  Metric:1
>>             Interrupt:19 Base address:0xd800
>>
>> lo        Link encap:Local Loopback
>>             inet addr:127.0.0.1  Mask:255.0.0.0
>>             inet6 addr: ::1/128 Scope:Host
>>             UP LOOPBACK RUNNING  MTU:16436  Metric:1
>>             RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
>>             TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
>>             collisions:0 txqueuelen:0
>>             RX bytes:373719874 (356.4 MiB)  TX bytes:373719874 (356.4 MiB)
>>
>> virbr0    Link encap:Ethernet  HWaddr 22:3E:A6:BB:CD:51
>>             inet addr:192.168.122.1  Bcast:192.168.122.255
>> Mask:255.255.255.0
>>             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>             RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>             TX packets:8391 errors:0 dropped:0 overruns:0 carrier:0
>>             collisions:0 txqueuelen:0
>>             RX bytes:0 (0.0 b)  TX bytes:1617830 (1.5 MiB)
>>
>> wlan0     Link encap:Ethernet  HWaddr 00:34:56:00:03:43
>>             inet6 addr: fe80::234:56ff:fe00:343/64 Scope:Link
>>             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>             RX packets:4976669 errors:0 dropped:0 overruns:0 frame:0
>>             TX packets:4947232 errors:0 dropped:0 overruns:0 carrier:0
>>             collisions:0 txqueuelen:1000
>>             RX bytes:1062494718 (1013.2 MiB)  TX bytes:500756007 (477.5 MiB)
>>
>> wlan0:0   Link encap:Ethernet  HWaddr 00:34:56:00:03:43
>>             inet addr:192.168.1.108  Bcast:192.168.1.255  Mask:255.255.255.0
>>             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>
>> On 192.168.1.60:
>> # /sbin/ifconfig
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>  mtu 16384
>>       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
>>       inet 127.0.0.1 netmask 0xff000000
>>       inet6 ::1 prefixlen 128
>> gif0: flags=8010<POINTOPOINT,MULTICAST>  mtu 1280
>> stf0: flags=0<>  mtu 1280
>> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST>  mtu 1500
>>       ether 00:11:24:7e:2d:c8
>>       media: autoselect (none) status: inactive
>>       supported media: none autoselect 10baseT/UTP<half-duplex>
>> 10baseT/UTP<full-duplex>  10baseT/UTP<full-duplex,flow-control>
>> 10baseT/UTP<full-duplex,hw-loopback>  100baseTX<half-duplex>  100baseTX
>> <full-duplex>  100baseTX<full-duplex,flow-control>  100baseTX
>> <full-duplex,hw-loopback>  1000baseT<full-duplex>  1000baseT
>> <full-duplex,flow-control>  1000baseT<full-duplex,hw-loopback>
>> fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST>  mtu 4078
>>       lladdr 00:11:24:ff:fe:7e:2d:c8
>>       media: autoselect<full-duplex>  status: inactive
>>       supported media: autoselect<full-duplex>
>> en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST>  mtu 1500
>>       inet 192.168.1.70 netmask 0xffffff00 broadcast 192.168.1.255
>>       ether 00:11:24:92:bc:e0
>>       media: autoselect status: active
>>       supported media: autoselect
>>
>>> If you don't mind, it might be easiest to copy your filewall
>>> rules so we can see them.  As root,
>>> /sbin/iptables -L -v
>> Sorry. I cannot expose my FW settings to a public list because
>> they might contain weaknesses that someone could exploit.
>>
>>> If you are concerned with security and sharing your public IP address,
>>> may I suggest changing the public IP address ranges to something else,
>>> like xxx.xxx.xxx.0, yyy.yyy.yyy.0, etc, in the output.
>> Actually, I have no public IP addresses in the rules.
>>
>>> Another question...if you have multiple ethernet devices,
>>> which device is 192.168.1.60 connected to?
>> en1 (this is a Powerbook g4 running OS X 10.5.8).
> Both Fedora and the Powerbook can ping the default gateway,
> 192.168.254.1 ?
>
> The Powerbook entries confuse me.
> According to the Powerbook netstat -rn, I would expect an interface,
> 192.168.1.60/some mask
>
> When I look at the Powerbook ifconfig, I see
> en1: ... inet 192.168.1.70 netmask 0xffffff00 ...
> I expected this entry to read inet 192.168.1.60 netmask 0xffffff00
>
> Can I suggest, for a test, change the iptables filters to allow any
> incoming packet from 192.168.1.0/24, and then, try to ping from
> the Powerbook.  Also, you might wish to check the ARP table on
> Fedora to see what IP address/Mac address entries it knows about.
> As root, try /sbin/arp -a
> I am interested to know, after the attempted ping from the Powerbook,
> what IP address/Mac entry is found, if any, in the Fedora.
>
I added the rule
-A INPUT -s 192.168.1.0/24 -j ACCEPT
and retried.
Same thing.
both machines can ping the GW, and they can ping a third machine I have 
on the LAN.
But they cannot ping each other.
I also brought the fedora firewall down, and retried to ping Fedora
from Powerbook. No go!!

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux