hi, I have a debian system with shorewall acting as a router between my adsl line and my local network. One of the things on that local network is my playstation, and I''m having trouble playing an online game with it - the game tries to access the internet, and then fails at the stage where it tries to find the game servers. The debian machine is 192.168.0.3, and the playstation is 192.168.0.10, with broadcast address 255.255.255.0, gateway 192.168.0.3 The adsl gets the dns servers automatically from my ISP, However, the settings for the game require that the playstation is configured with one particular DNS server for primary, and nothing for secondary, rather than use the ISP''s nameservers. Shorewall has a masq rule from ppp0 to eth1, and then DNAT''s the appropriate playstation ports in the rules file. I''ve tried it with DNAT net loc:192.168.0.10 all as well. All my other games work just fine (for them the playstations nameserver settings match my ISP''s nameservers). It''s only this game that needs the particular nameserver that fails. Technical support tells me the nameserver is up and running just fine, but they couldn''t help me much with firewalls and NAT etc. Does shorewall do something with IP resolving where it''s perhaps ignoring the playstations choice of nameserver, and using the nameservers it received when it started the adsl connection? I tried adding the nameserver into my resolv.conf, but it was overwritten when I restarted the network connection. I''m not sure how to stop that. I''ve looked through the log files to see if any relevant packets are dropped or rejected, but can''t see anything. Can anyone help? Would any other information be useful to you? tia, Nik
what is the IP of the nameserver? Nicholas Cain wrote:> hi, > > I have a debian system with shorewall acting as a router between my adsl > line and my local network. One of the things on that local network is my > playstation, and I''m having trouble playing an online game with it - the > game tries to access the internet, and then fails at the stage where it > tries to find the game servers. > > The debian machine is 192.168.0.3, and the playstation is 192.168.0.10, > with broadcast address 255.255.255.0, gateway 192.168.0.3 > The adsl gets the dns servers automatically from my ISP, However, the > settings for the game require that the playstation is configured with > one particular DNS server for primary, and nothing for secondary, rather > than use the ISP''s nameservers. > > Shorewall has a masq rule from ppp0 to eth1, and then DNAT''s the > appropriate playstation ports in the rules file. I''ve tried it with > DNAT net loc:192.168.0.10 all > as well. > > All my other games work just fine (for them the playstations nameserver > settings match my ISP''s nameservers). It''s only this game that needs the > particular nameserver that fails. Technical support tells me the > nameserver is up and running just fine, but they couldn''t help me much > with firewalls and NAT etc. > > Does shorewall do something with IP resolving where it''s perhaps > ignoring the playstations choice of nameserver, and using the > nameservers it received when it started the adsl connection? I tried > adding the nameserver into my resolv.conf, but it was overwritten when I > restarted the network connection. I''m not sure how to stop that. > > I''ve looked through the log files to see if any relevant packets are > dropped or rejected, but can''t see anything. > > Can anyone help? Would any other information be useful to you? > > tia, > Nik > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
it''s 217.18.16.224 Ryan wrote:> what is the IP of the nameserver? > > Nicholas Cain wrote: > >> hi, >> >> I have a debian system with shorewall acting as a router between my >> adsl line and my local network. One of the things on that local >> network is my playstation, and I''m having trouble playing an online >> game with it - the game tries to access the internet, and then fails >> at the stage where it tries to find the game servers. >> >> The debian machine is 192.168.0.3, and the playstation is >> 192.168.0.10, with broadcast address 255.255.255.0, gateway 192.168.0.3 >> The adsl gets the dns servers automatically from my ISP, However, the >> settings for the game require that the playstation is configured with >> one particular DNS server for primary, and nothing for secondary, >> rather than use the ISP''s nameservers. >> >> Shorewall has a masq rule from ppp0 to eth1, and then DNAT''s the >> appropriate playstation ports in the rules file. I''ve tried it with >> DNAT net loc:192.168.0.10 all >> as well. >> >> All my other games work just fine (for them the playstations >> nameserver settings match my ISP''s nameservers). It''s only this game >> that needs the particular nameserver that fails. Technical support >> tells me the nameserver is up and running just fine, but they couldn''t >> help me much with firewalls and NAT etc. >> >> Does shorewall do something with IP resolving where it''s perhaps >> ignoring the playstations choice of nameserver, and using the >> nameservers it received when it started the adsl connection? I tried >> adding the nameserver into my resolv.conf, but it was overwritten when >> I restarted the network connection. I''m not sure how to stop that. >> >> I''ve looked through the log files to see if any relevant packets are >> dropped or rejected, but can''t see anything. >> >> Can anyone help? Would any other information be useful to you? >> >> tia, >> Nik >> _______________________________________________ >> Shorewall-users mailing list >> Post: Shorewall-users@lists.shorewall.net >> Subscribe/Unsubscribe: >> https://lists.shorewall.net/mailman/listinfo/shorewall-users >> Support: http://www.shorewall.net/support.htm >> FAQ: http://www.shorewall.net/FAQ.htm >> >> > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
--- 217.18.16.224 ping statistics --- 6 packets transmitted, 0 received, 100% packet loss, time 4999ms It appears to be down. Nicholas Cain wrote:> it''s 217.18.16.224 > > Ryan wrote: > >> what is the IP of the nameserver? >> >> Nicholas Cain wrote: >> >>> hi, >>> >>> I have a debian system with shorewall acting as a router between my >>> adsl line and my local network. One of the things on that local >>> network is my playstation, and I''m having trouble playing an online >>> game with it - the game tries to access the internet, and then fails >>> at the stage where it tries to find the game servers. >>> >>> The debian machine is 192.168.0.3, and the playstation is >>> 192.168.0.10, with broadcast address 255.255.255.0, gateway 192.168.0.3 >>> The adsl gets the dns servers automatically from my ISP, However, the >>> settings for the game require that the playstation is configured with >>> one particular DNS server for primary, and nothing for secondary, >>> rather than use the ISP''s nameservers. >>> >>> Shorewall has a masq rule from ppp0 to eth1, and then DNAT''s the >>> appropriate playstation ports in the rules file. I''ve tried it with >>> DNAT net loc:192.168.0.10 all >>> as well. >>> >>> All my other games work just fine (for them the playstations >>> nameserver settings match my ISP''s nameservers). It''s only this game >>> that needs the particular nameserver that fails. Technical support >>> tells me the nameserver is up and running just fine, but they >>> couldn''t help me much with firewalls and NAT etc. >>> >>> Does shorewall do something with IP resolving where it''s perhaps >>> ignoring the playstations choice of nameserver, and using the >>> nameservers it received when it started the adsl connection? I tried >>> adding the nameserver into my resolv.conf, but it was overwritten >>> when I restarted the network connection. I''m not sure how to stop that. >>> >>> I''ve looked through the log files to see if any relevant packets are >>> dropped or rejected, but can''t see anything. >>> >>> Can anyone help? Would any other information be useful to you? >>> >>> tia, >>> Nik >>> _______________________________________________ >>> Shorewall-users mailing list >>> Post: Shorewall-users@lists.shorewall.net >>> Subscribe/Unsubscribe: >>> https://lists.shorewall.net/mailman/listinfo/shorewall-users >>> Support: http://www.shorewall.net/support.htm >>> FAQ: http://www.shorewall.net/FAQ.htm >>> >>> >> >> _______________________________________________ >> Shorewall-users mailing list >> Post: Shorewall-users@lists.shorewall.net >> Subscribe/Unsubscribe: >> https://lists.shorewall.net/mailman/listinfo/shorewall-users >> Support: http://www.shorewall.net/support.htm >> FAQ: http://www.shorewall.net/FAQ.htm >> > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
Ryan wrote:> --- 217.18.16.224 ping statistics --- > 6 packets transmitted, 0 received, 100% packet loss, time 4999ms > > It appears to be down. >No, ICMP is apparently blocked. It is answering just fine for DNS queries. Christian
Nicholas Cain wrote:> > Does shorewall do something with IP resolving where it''s perhaps > ignoring the playstations choice of nameserver, and using the > nameservers it received when it started the adsl connection?No.> Can anyone help? Would any other information be useful to you?I would use Ethereal to see what is happening at the IP level when you try to connect the PS2. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Christian Lox wrote:> Ryan wrote: > >> --- 217.18.16.224 ping statistics --- >> 6 packets transmitted, 0 received, 100% packet loss, time 4999ms >> >> It appears to be down. >> > > No, ICMP is apparently blocked. > It is answering just fine for DNS queries. >I was just about to mention the icmp blocking My tracert looks like this; 1 <10 ms <10 ms <10 ms server [192.168.0.3] 2 38 ms 51 ms 66 ms 99.128.96-84.rev.gaoland.net [84.96.128.99] 3 32 ms 54 ms 36 ms 201.130.96-84.rev.gaoland.net [84.96.130.201] 4 * 32 ms * 198.130.96-84.rev.gaoland.net [84.96.130.198] 5 36 ms 48 ms 52 ms V4070.th21-co-1.n9uf.net [62.39.148.97] 6 37 ms 98 ms 64 ms V4090.abv1-co-1.n9uf.net [62.39.148.18] 7 54 ms 57 ms 48 ms V4089.cbv1-co-1.n9uf.net [62.39.148.22] 8 * * * Request timed out. 9 * * * Request timed out. and then I tried nslookup C:\>nslookup - 217.18.16.224 *** Can''t find server name for address 217.18.16.224: Server failed Default Server: UnKnown Address: 217.18.16.224 > www.google.com Server: UnKnown Address: 217.18.16.224 Non-authoritative answer: Name: www.l.google.com Addresses: 66.249.87.104, 66.249.87.99 Aliases: www.google.com The nslookup means I''m able to resolve names ok (at least from my PC), but the tracert means something else maybe, or perhaps that''s the icmp blocking again? Nik
Nicholas Cain wrote:> > The nslookup means I''m able to resolve names ok (at least from my PC), > but the tracert means something else maybe, or perhaps that''s the icmp > blocking again? >Yes -- tracert uses ICMP echo-request (ping) packets. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Nicholas Cain wrote: > > >>The nslookup means I''m able to resolve names ok (at least from my PC), >>but the tracert means something else maybe, or perhaps that''s the icmp >>blocking again? >> > > > Yes -- tracert uses ICMP echo-request (ping) packets. > > -Tomthanks. I''ve installed ethereal, and will see where that gets me. Nik
2005/5/14, Nicholas Cain <nik.cain@neuf.fr>:> Christian Lox wrote: > > Ryan wrote: > > > >> --- 217.18.16.224 ping statistics --- > >> 6 packets transmitted, 0 received, 100% packet loss, time 4999ms > >> > >> It appears to be down. > >> > > > > No, ICMP is apparently blocked. > > It is answering just fine for DNS queries. > > > > I was just about to mention the icmp blocking >next time use tcptraceroute. ;) http://michael.toren.net/code/tcptraceroute/
Nicholas Cain wrote:> thanks. I''ve installed ethereal, and will see where that gets me.Any luck? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key