Hello,
I have computer with 2 interfaces : eth0 with local network
192.168.1.0/24 and eth1 with other local network with internet
(192.168.2.1 - it is router with internet) - 192.168.2.0/24.
Gateway to internet is in 192.168.2.0/24 network on IP 192.168.2.1.
My linux slackware IP (it is gateway to my local network on
192.168.1.0/24) is 192.168.1.9.
I have done configuration property in my slackware linux (rc.inet1 and
resolv.conf files). But I have no internet access on my slackware linux
on any intercafe (on IP 192.168.1.1 and on IP 192.168.2.9). I thik
that problem is connected with my shorewall:
my msq file:
eth1 eth0
my policy:
loc net ACCEPT
net loc ACCEPT
loc fw ACCEPT
fw loc ACCEPT
net fw ACCEPT
fw net ACCEPT
fw fw ACCEPT info
net all DROP info
all all REJECT info
my interfaces file:
net eth1 192.168.2.255
loc eth0 192.168.1.255
and nothing in rules file.
root@hades:/etc/shorewall# ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:4F:1B:AB:16
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4361 errors:0 dropped:0 overruns:0 frame:0
TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:327928 (320.2 Kb) TX bytes:6626 (6.4 Kb)
Interrupt:10 Base address:0xa000
eth1 Link encap:Ethernet HWaddr 00:30:4F:38:75:7F
inet addr:192.168.2.9 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:647 errors:0 dropped:0 overruns:0 frame:0
TX packets:3864 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:67687 (66.1 Kb) TX bytes:691498 (675.2 Kb)
Interrupt:12 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:300 (300.0 b) TX bytes:300 (300.0 b)
root@hades:/etc/shorewall# route
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.2.1 0.0.0.0 UG 1 0 0 eth1
Please help me :)
--
Best wishes from Poland
Maciek
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
And I want to add that from my local gateway (192.168.1.1(eth0) and 192.168.2.9(eth1)) I can ping internet gateway 192.168.2.1(eth1) on any interface: eth0, eth1. My DNS servers in resolv.conf are correct. That''s why I think that it is shorewall problem. In windows on that settings everithing is ok with internet access. -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
What happens if you: ping www.vg.no ping 193.69.165.21 and then: shorewall clear ping www.vg.no ping 193.69.165.21 ? /Kristian. -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of viuwier Sent: 19. februar 2006 17:59 To: viuwier Subject: Re: [Shorewall-users] eth1 with internet and eth0 with local And I want to add that from my local gateway (192.168.1.1(eth0) and 192.168.2.9(eth1)) I can ping internet gateway 192.168.2.1(eth1) on any interface: eth0, eth1. My DNS servers in resolv.conf are correct. That''s why I think that it is shorewall problem. In windows on that settings everithing is ok with internet access. -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hello, root@hades:~# ping www.vg.no (wating long time) ping: unknown host www.vg.no root@hades:~# ping 193.69.165.21 (wating long time) PING 193.69.165.21 (193.69.165.21) 56(84) bytes of data. From 192.168.2.9 icmp_seq=6 Destination Host Unreachable root@hades:~# shorewall clear root@hades:~# ping www.vg.no (wating long time) ping: unknown host www.vg.no root@hades:~# ping 193.69.165.21 (wating long time) ING 193.69.165.21 (193.69.165.21) 56(84) bytes of data. From 192.168.2.9 icmp_seq=39 Destination Host Unreachable From 192.168.2.9 icmp_seq=45 Destination Host Unreachable From 192.168.2.9 icmp_seq=63 Destination Host Unreachable From 192.168.2.9 icmp_seq=66 Destination Host Unreachable From 192.168.2.9 icmp_seq=81 Destination Host Unreachable From 192.168.2.9 icmp_seq=90 Destination Host Unreachable From 192.168.2.9 icmp_seq=114 Destination Host Unreachable And ? It is no shorewall problem ? What does it mean ? Look at numbers of ismp_seq in ping ! Something is wrong :/ And after ping it is wayting very long time :( -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hello Maciej. This looks like a internet connection problem. If the problem was shorewall related, after "shorewall clear" the ping should have gotten trough. Failing to resolve "www.vg.no" is a failure to connect to the DNS server (with all probability. This may also be a result of the DNS server not being able to resolve the host IP but if this is you ISP''s DNS server that''s not likely) I this case your failure to ping the IP directly will also probably just mean that the server can''t connect to the DNS server at all. So you should take a look at getting a connection to the internet working without shorewall running first. I''m no good at troubleshooting this without fiddling around my self with the server so maybe someone else can give you some pointers. Good luck! /K -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of viuwier Sent: 19. februar 2006 18:51 To: K Subject: Re: [Shorewall-users] eth1 with internet and eth0 with local Hello, root@hades:~# ping www.vg.no (wating long time) ping: unknown host www.vg.no root@hades:~# ping 193.69.165.21 (wating long time) PING 193.69.165.21 (193.69.165.21) 56(84) bytes of data. From 192.168.2.9 icmp_seq=6 Destination Host Unreachable root@hades:~# shorewall clear root@hades:~# ping www.vg.no (wating long time) ping: unknown host www.vg.no root@hades:~# ping 193.69.165.21 (wating long time) ING 193.69.165.21 (193.69.165.21) 56(84) bytes of data. From 192.168.2.9 icmp_seq=39 Destination Host Unreachable From 192.168.2.9 icmp_seq=45 Destination Host Unreachable From 192.168.2.9 icmp_seq=63 Destination Host Unreachable From 192.168.2.9 icmp_seq=66 Destination Host Unreachable From 192.168.2.9 icmp_seq=81 Destination Host Unreachable From 192.168.2.9 icmp_seq=90 Destination Host Unreachable From 192.168.2.9 icmp_seq=114 Destination Host Unreachable And ? It is no shorewall problem ? What does it mean ? Look at numbers of ismp_seq in ping ! Something is wrong :/ And after ping it is wayting very long time :( -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
OK, I have wrote the same settings withe the same DNS to computer with windows. And it is working. It is really strange, are you shure that afer "shorewall clear" shorewall really stops ? Because my setting are ok. -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
On Sunday 19 February 2006 11:51, viuwier wrote:> OK, I have wrote the same settings withe the same DNS to computer with > windows. And it is working. It is really strange, are you shure that > afer "shorewall clear" shorewall really stops ? Because my setting are > ok.Yes! "shorewall clear" removes all iptables rules. If you don''t believe us: a) cd /etc/ b) cp -a shorewall shorwall.save (So you won''t have to reconfigure after c) Uninstall Shorewall d) Reboot Does it work now? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> a) cd /etc/ > b) cp -a shorewall shorwall.save (So you won''t have to reconfigure after > c) Uninstall Shorewall > d) Reboot> Does it work now?Yes ! Thank you Tom !! You are great ! P.S. Irony for irony :p -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
I''m not the expert her, but if you run shorewall clear and type "iptables --list" you should see something like this: ************************* [root@fw shorewall]# iptables --list Chain FORWARD (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ************************* This means that no blocking is going on. Shorewall in not a program on it one per say, it is a "scripting tool" that invokes your systems functionality (not sure my definition is accurate on what shorewall "is") The point is that shorewall clear leaves the system as is shorewall was not installed. If you then get your system to work with internet correctly you can start with shorewall again. I hope the rules you posted in your first mail was for trying to get a connection going. A policy like net loc ACCEPT isn''t very recommendable. /K -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of viuwier Sent: 19. februar 2006 20:52 To: K Subject: Re: [Shorewall-users] eth1 with internet and eth0 with local OK, I have wrote the same settings withe the same DNS to computer with windows. And it is working. It is really strange, are you shure that afer "shorewall clear" shorewall really stops ? Because my setting are ok. -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hi,> I''m not the expert her, but if you run shorewall clear and type > "iptables --list" you should see something like this:Yes, you are right. Thank you for your help! I will look for problem in my system configuration :/ -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
On Sunday 19 February 2006 12:23, viuwier wrote:> Hi, > > > I''m not the expert her, but if you run shorewall clear and type > > "iptables --list" you should see something like this: > > Yes, you are right. Thank you for your help! I will look for problem > in my system configuration :/Some things to look at: a) Often these problems are the result of physical link problems (bad cables, bad hub/switch ports, bad Network Adapters, driver problems, cables plugged into wrong interfaces). "ip -s link ls" will show you the error and carrier-loss counts which should be very low if everything is working correctly. b) If you cable both eth0 and eth1 to the same switch/hub, you will see all sorts of problems (but usually only with Shorewall started). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hi, Thank you Tom :) I had few days ago dsl (for 2 years time) also with eth0 and eth1 on the same computer with shorewall. Today I have new ISP, so I have hanged my configuration in rc.inet and resolv.conf also in shorewall. I have eth0 and eth1 connected to the same switch but `ip -s link ls` show no erros. Thank you, now I now that it is not shorewall configuratin problem. I will look into other sytem configuration files. Probably it is simple problem but it is hard to find it ;) -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642