Folks, I'm at a loss here to solve this one. Here is the problems in some order. 1. According to my ISP they do not block anything and certainly no outbound ping. I should be able to ping the planet if I wish. I can't ping nothing despite my best efforts. I know without a doubt I used to be able to do so. I have not changed my firewall script in a really long time so am 99.9% sure that isn't it. 2. I arrived at this problem because I was looking to retire my current server/firewall box because it could be doing better things and get more use for its horsepower than serving and I setup a Debian box to take over the duties. I configured the machine and considered it ready for testing and so took the old Slackware box offline and put the Debian box in its place. I discovered several things. First my name server which Greg Nowak helped me get straightend out being Bind 9 it wasn't like the old bind 8 I was using. In any case I kept getting connection timed out no servers found errors, but the server was loading. This is another issue, but in any case it ties in. I remove the firewall and attempted to ensure I could ping outside my network and thus failure number one. I couldn't ping nor resolve hosts even if I pointed my resolver to my ISP's dns server. 3. I then put the old box back online and got things back to working accept I found I could not ping anything such as my ISP's nameserver, google.com or anything else outside my network. Looked over my firewall the old one that is using ipchains and nothing jumpped out at me. So, I removed it and tried again; no luck. I checked over everything that I could think of and still no luck. I called my ISP to verify I could ping without any problems and they agreed I should no problem at all. Nothing. I'm totally at a loss for a next step. I have no clue what would prevent me from pinging outside my own network if I'm not blocking it. I even unplugged the switch and powered off the machines as a desparate measure and no change. This is really nuts!! I'd happily try any suggestions folks have cause I'm dead in my tracks for what to do now. I suspect if I can resolve the ping problem, I can then tackle the nameserver problem. My current nameserver works fine and so that ping problem might have nothing to do with why I'm getting the connection time out error, but I do have two problems to deal with. One thing I will try is ftp to a known ip, but one question comes to mind. If I have no firewall I looked to seee if there is anything as a default for iptables and of course there is not. Should I either, 1. remove the iptable modules and netfilter modules for the test 2. run iptables -A INPUT -i eth0 -j ACCEPT and iptables -A OUTPUT -j ACCEPT to at least get packets flowing or maybe this doesn't matter or 3. just leave things as they are and try it out. The route command does show that things are routed to my external interface so left that alone. I do have packet forwarding turned on. Any thoughts are appreciated. Scott
