Very Computer

hello i'm a newbie in the beautiful world of linux!

here it goes :

Same PC Red-Hat 8.0 FireWall/Server

eth0 DHCP =
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
HWADDR=00:05:5d:f3:f5:2b
USERCTL=no
PEERDNS=no
TYPE=Ethernet

eth1 192.168.0.1 =
DEVICE=eth1
BOOTPROTO=none
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
HWADDR=00:05:5d:f3:f6:77
USERCTL=no
PEERDNS=no
TYPE=Ethernet

iptables :
here what i have put on a shell to configure my iptables :

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -t mangle -F POSTROUTING
iptables -t mangle -F PREROUTING
iptables -t mangle -F OUTPUT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

when i tested it :

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

So it's seems ok for the Firewall iptables

My second PC is a Windows 2000
ip 192.168.0.3
gw 192.168.0.1
my dns are ok too

My third PC is Linux Mandrake
ip 192.168.0.2
gw 192.168.0.1
my dns are ok too

The problem is :

MY PC Firewall/server (eth0 - eth1) surf on the INternet without
problem

My second and third PC of my local network (windows 2000 + Linux) are
not surfing on the net!!! Why?

My cable are ok, all my PCs are pinging each other
i can ping

192.168.0.1
192.168.0.2
192.168.0.3

to all my PC (+ the broadcast)

So to resume : 1 PC is going to Internet and all my network PCs do not
go to Internet! on them i cannot ping IP and i cannot ping URL
(exemple i cannot ping xxx.xxx.xxx.xxx or www.linux.org) but on my PC
dhcp i can ping xxx.xxx.xxx.xxx. and ping www.linux.org!

Help me my world will be a better place! :-)

ps : i ahve a cable modem

Well, the first thing I'd try would be to look at the routing table on
your firewall.  Make sure you have a route to the internal network as
well as to the external network and the default route.  If that looks
good, I'd try using tcpdump to see what is going over the wires.  Try
"tcpdump -i eth1" to ensure that outgoing stuff is reaching the
firewall, and "tcpdump -i eth0" to see if it is leaving the firewall
and if anything is coming back.  Also, try "iptables -L POSTROUTING -t
nat --verbose" to see if anything is actually using the MASQUERADE
rule.

You might also want to specify the interfaces in the MASQUERADE
firewall rule - something like "iptables -I POSTROUTING -t nat -s
192.168.0.0/24 -o eth0 -j MASQUERADE".

Rennie deGraaf
System Administrator
Verano <www.verano.com>

hi, first thing...thanks for your answer.

here what i have when i do tcpdump -i eth1  =

tcpdump: listening on eth1
19:39:45.398153 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 132
19:39:45.398237 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.vide                                            otron.ca
udp port 1900 unreachable [tos 0xc0]
19:39:45.398375 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 133
19:39:45.398399 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.vide                                            otron.ca
udp port 1900 unreachable [tos 0xc0]
19:39:55.043669 192.168.0.3.1513 > web1.audiogalaxy.com.ftp: S
2571913099:257191                                            3099(0)
win 16384 <mss 1460,nop,nop,sackOK> (DF)
19:39:58.015653 192.168.0.3.1513 > web1.audiogalaxy.com.ftp: S
2571913099:257191                                            3099(0)
win 16384 <mss 1460,nop,nop,sackOK> (DF)
19:40:04.024939 192.168.0.3.1513 > web1.audiogalaxy.com.ftp: S
2571913099:257191                                            3099(0)
win 16384 <mss 1460,nop,nop,sackOK> (DF)
19:40:10.406798 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 132
19:40:10.406886 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.vide                                            otron.ca
udp port 1900 unreachable [tos 0xc0]
19:40:10.407025 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 133
19:40:10.407051 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.vide                                            otron.ca
udp port 1900 unreachable [tos 0xc0]
19:40:15.405004 arp who-has 192.168.0.3 tell nadvigserver.videotron.ca
19:40:15.405404 arp reply 192.168.0.3 is-at 0:e0:29:4e:d8:b6
19:40:35.415476 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 132
19:40:35.415562 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.videotron.ca udp port 1900 unreachable [tos 0xc0]
19:40:35.415703 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 133
19:40:35.415728 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.videotron.ca udp port 1900 unreachable [tos 0xc0]
19:41:00.424185 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 132
19:41:00.424272 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.videotron.ca udp port 1900 unreachable [tos 0xc0]
19:41:00.424410 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 133
19:41:00.424434 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.videotron.ca udp port 1900 unreachable [tos 0xc0]
19:41:05.422584 arp who-has 192.168.0.3 tell nadvigserver.videotron.ca
19:41:05.422982 arp reply 192.168.0.3 is-at 0:e0:29:4e:d8:b6
19:41:25.432855 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 132
19:41:25.432940 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.videotron.ca udp port 1900 unreachable [tos 0xc0]
19:41:25.433074 192.168.0.3.1040 > nadvigserver.videotron.ca.1900:
udp 133
19:41:25.433098 nadvigserver.videotron.ca > 192.168.0.3: icmp:
nadvigserver.videotron.ca udp port 1900 unreachable [tos 0xc0]

27 packets received by filter
0 packets dropped by kernel

i don't really understant what all means...but why i always got
192.168.0.3? this IP adress is my Client PC Windows from my network.
Right now my other Client PC is not open.

when i do tcpdump -i eth0   =

tcpdump: listening on eth0
19:43:36.135699 arp who-has
modemcable093.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:36.137226 66.130.253.42.1030 > dns3.videotron.net.domain:
44282+ PTR? 93.133.201.24.in-addr.arpa. (44) (DF)
19:43:36.154141 dns3.videotron.net.domain > 66.130.253.42.1030:
44282* 1/2/2 (185) (DF)
19:43:36.154750 66.130.253.42.1030 > dns3.videotron.net.domain:
44283+ PTR? 1.133.201.24.in-addr.arpa. (43) (DF)
19:43:36.170210 dns3.videotron.net.domain > 66.130.253.42.1030:  44283
1/2/2 (184) (DF)
19:43:36.171554 66.130.253.42.1030 > dns3.videotron.net.domain:
44284+ PTR? 42.253.130.66.in-addr.arpa. (44) (DF)
19:43:36.184220 dns3.videotron.net.domain > 66.130.253.42.1030:  44284
NXDomain 0/1/0 (116) (DF)
19:43:36.184700 66.130.253.42.1030 > dns3.videotron.net.domain:
44285+ PTR? 250.222.151.205.in-addr.arpa. (46) (DF)
19:43:36.213271 dns3.videotron.net.domain > 66.130.253.42.1030:  44285
1/2/2 (148) (DF)
19:43:36.666294 arp who-has
modemcable097.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:36.666815 66.130.253.42.1030 > dns3.videotron.net.domain:
44286+ PTR? 97.133.201.24.in-addr.arpa. (44) (DF)
19:43:36.687105 dns3.videotron.net.domain > 66.130.253.42.1030:
44286* 1/2/2 (185) (DF)
19:43:36.720982 arp who-has
modemcable193.63-200-24.mtl.mc.videotron.ca tell
modemcable001.63-200-24.mtl.mc.videotron.ca
19:43:36.750767 66.130.253.42.1030 > dns3.videotron.net.domain:
44287+ PTR? 193.63.200.24.in-addr.arpa. (44) (DF)
19:43:36.764830 dns3.videotron.net.domain > 66.130.253.42.1030:
44287* 1/2/2 (184) (DF)
19:43:36.765274 66.130.253.42.1030 > dns3.videotron.net.domain:
44288+ PTR? 1.63.200.24.in-addr.arpa. (42) (DF)
19:43:36.780411 dns3.videotron.net.domain > 66.130.253.42.1030:  44288
1/2/2 PTR[|domain] (DF)
19:43:37.000519 arp who-has
modemcable099.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.001062 66.130.253.42.1030 > dns3.videotron.net.domain:
44289+ PTR? 99.133.201.24.in-addr.arpa. (44) (DF)
19:43:37.049724 dns3.videotron.net.domain > 66.130.253.42.1030:
44289* 1/2/2 (185) (DF)
19:43:37.122801 arp who-has
modemcable105.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.123289 66.130.253.42.1030 > dns3.videotron.net.domain:
44290+ PTR? 105.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.137994 dns3.videotron.net.domain > 66.130.253.42.1030:  44290
1/2/2 (186) (DF)
19:43:37.177405 arp who-has
modemcable196.63-200-24.mtl.mc.videotron.ca tell
modemcable001.63-200-24.mtl.mc.videotron.ca
19:43:37.196478 66.130.253.42.1030 > dns3.videotron.net.domain:
44291+ PTR? 196.63.200.24.in-addr.arpa. (44) (DF)
19:43:37.219345 arp who-has
modemcable100.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.239410 dns3.videotron.net.domain > 66.130.253.42.1030:
44291* 1/2/2 (184) (DF)
19:43:37.239972 66.130.253.42.1030 > dns3.videotron.net.domain:
44292+ PTR? 100.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.255834 dns3.videotron.net.domain > 66.130.253.42.1030:
44292* 1/2/2 (186) (DF)
19:43:37.312269 10.38.128.1.bootps > 255.255.255.255.bootpc:
xid:0x4107d3cc flags:0x8000 Y:10.38.185.140 S:10.23.128.58
G:10.38.128.1 ether 0:40:7b:3f:4a:32 [|bootp]
19:43:37.320123 66.130.253.42.1030 > dns3.videotron.net.domain:
44293+ PTR? 1.128.38.10.in-addr.arpa. (42) (DF)
19:43:37.335176 dns3.videotron.net.domain > 66.130.253.42.1030:  44293
NXDomain 0/1/0 (119) (DF)
19:43:37.335715 66.130.253.42.1030 > dns3.videotron.net.domain:
44294+ PTR? 140.185.38.10.in-addr.arpa. (44) (DF)
19:43:37.342350 arp who-has
modemcable101.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.349857 dns3.videotron.net.domain > 66.130.253.42.1030:  44294
NXDomain 0/1/0 (121) (DF)
19:43:37.350318 66.130.253.42.1030 > dns3.videotron.net.domain:
44295+ PTR? 58.128.23.10.in-addr.arpa. (43) (DF)
19:43:37.366067 dns3.videotron.net.domain > 66.130.253.42.1030:  44295
NXDomain 0/1/0 (120) (DF)
19:43:37.366678 66.130.253.42.1030 > dns3.videotron.net.domain:
44296+ PTR? 101.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.367630 arp who-has
modemcable185.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.384321 dns3.videotron.net.domain > 66.130.253.42.1030:
44296* 1/2/2 (186) (DF)
19:43:37.385048 66.130.253.42.1030 > dns3.videotron.net.domain:
44297+ PTR? 185.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.400934 dns3.videotron.net.domain > 66.130.253.42.1030:  44297
1/2/2 (186) (DF)
19:43:37.492164 arp who-has
modemcable102.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.492656 66.130.253.42.1030 > dns3.videotron.net.domain:
44298+ PTR? 102.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.517278 dns3.videotron.net.domain > 66.130.253.42.1030:  44298
1/2/2 (186) (DF)
19:43:37.671874 arp who-has
modemcable187.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.672364 66.130.253.42.1030 > dns3.videotron.net.domain:
44299+ PTR? 187.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.698691 dns3.videotron.net.domain > 66.130.253.42.1030:
44299* 1/2/2 (186) (DF)
19:43:37.817479 arp who-has
modemcable104.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.817973 66.130.253.42.1030 > dns3.videotron.net.domain:
44300+ PTR? 104.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.824743 arp who-has
modemcable188.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.836419 dns3.videotron.net.domain > 66.130.253.42.1030:
44300* 1/2/2 (186) (DF)
19:43:37.836960 66.130.253.42.1030 > dns3.videotron.net.domain:
44301+ PTR? 188.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.855454 dns3.videotron.net.domain > 66.130.253.42.1030:
44301* 1/2/2 (186) (DF)
19:43:37.979283 arp who-has
modemcable189.133-201-24.mtl.mc.videotron.ca tell
modemcable001.133-201-24.mtl.mc.videotron.ca
19:43:37.979777 66.130.253.42.1030 > dns3.videotron.net.domain:
44302+ PTR? 189.133.201.24.in-addr.arpa. (45) (DF)
19:43:37.995814 dns3.videotron.net.domain > 66.130.253.42.1030:
44302* 1/2/2 (186) (DF)

57 packets received by filter
0 packets dropped by kernel

Please what do you think about it ? is that ok or not?

Thank you very much!!!!

ps : i just try this to see what i got : iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source    
...

read more »

Well, it looks like your firewall is rejecting outgoing connections.
Those REJECT lines that you saw from iptables -L are supposed to
reject incoming connections, but perhaps iptables has the interfaces
backwards.  Unfortunately, iptables -L doesn't give enough information
to be useful.  Try "iptables -L --verbose" for more information.  If
it gives eth1 as the source interface for those rules, then that's the
problem.  Also, iptables -L --verbose gives packet counters (the first
2 columns).  Take a look at them to see how much stuff is hitting each
rule.  iptables -Z zeroes the counters; do that, try to connect to
something, and then look at the counters and see what went where.

Rennie deGraaf
System Administrator
Verano <www.verano.com>

...

read more »