Comments inline, consider not top-posting, it makes reading so much easier... > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Alaios > Sent: Tuesday, September 27, 2005 4:24 PM > To: John A. Sullivan III > Cc: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Plz i need help.... or i ll be fired :( > > Its not on a different network.. eth1 is directly connected > with this network But it is on a different network. > > "John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote: > What is the default gateway for the laptop? How does it get to > 143.233.222.253 since that is on a different network? - John > > On Tue, 2005-09-27 at 09:52 -0700, Alaios wrote: Notice that our target host is 143.233.222.253. [eth0 snipped] > > eth1 Link encap:Ethernet HWaddr > > 00:02:2D:3B:1D:96 > > inet addr:143.233.222.77 > > Bcast:255.255.255.255 Mask:255.255.255.192 [non-essential stuff snipped] Your internet address is 143.233.222.77 and your network mask is 255.255.255.192. That 192 means you only have 64 IPs in your network. If you don't believe me then google CIDR masks for yourself like I did a couple years back. Now supposing that your network address is 143.233.222.76 (and it is probably 143.233.222.64), you run out of IPs at 143.233.222.139, which is your network's default broadcast address. This is quite far away from 143.233.222.253 so your packet never gets to the intended host. [lo snipped] > > Kernel IP routing table > > Destination Gateway Genmask Flags > > Metric Ref Use Iface > > 143.233.222.64 0.0.0.0 255.255.255.192 U 0 0 0 eth1 > 10.0.0.0 0.0.0.0 > > 255.0.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo [A ton of stuff snipped] Notice your first routing entry there, which has the same netmask ending in 192. When a packet comes to your router, the router looks through all the entries for a matching subnet. It sees 143.233.222.253 is the destination IP, and looks at 143.233.222.64/255.255.255.192. Since (as I suspected earlier), your subnet starts with .64, your IP range ends at .127, not .255. Your router says, "Well we can't use that route", so it checks the next one, which also does not match, and finally the last entry, which also does not match. Having no default gateway, it discards the packet and moves on. iptables is not the issue - it is a routing problem. Either put the host between .65 and .126 (.64 is your network address and .127 is supposed to be broadcast), or change your routing table/network setup so you've got a 255.255.255.0 network instead of a 255.255.255.192. Derick Anderson
