Menu
▾
▴
Re: [Devil-Linux-discuss] no NAT from newbie
|
From: John B. <sag...@gm...> - 2007-09-18 00:19:26
|
STILL NOT WORKING
Hi Fred,
Included is XP: route PRINT.
I'll also repeat the XP ipconfig /all results & notes from DL ifconfig that
were in another post.
I will say the XP machine has no trouble automatically connecting directly
to a conventional stand-alone router on the cable modem.
It will be working a few seconds after I disconnect it from DL & reconnect
to the router, so we should be able to rule out any XP trouble.
While ping may be stopped firewall, the Masquerade should let me pull up an
an html page with Mozilla, and
that does not happen.
>From the setup in Devil-Linux, I chose the 2 port firewall. THIS SHOULD
SIMPLY WORK.
Since it doesn't, I assume there is some minor edit / tweak. All I'm aiming
for is a simple firewall;
I don't even have a static IP.
I could look into FWbuilder, but
1) a second learning curve
2) I don't see how to use it with Devil-Linux, unless it would fit on the
floppy.
Thanks,
Chip
----------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------
from XP:
C:\Documents and Settings\chip>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 14 22 ec e0 a6 ...... Broadcom 440x 10/100 Integrated Controller -
Pac
ket Scheduler Miniport
0x5 ...00 13 02 08 be cf ...... Intel(R) PRO/Wireless 3945ABG Network
Connection
- Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.199 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.199 192.168.1.199 30
192.168.1.199 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.199 192.168.1.199 30
192.168.150.0 255.255.255.0 192.168.150.1 192.168.150.1 20
192.168.150.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.150.255 255.255.255.255 192.168.150.1 192.168.150.1 20
192.168.162.0 255.255.255.0 192.168.162.1 192.168.162.1 20
192.168.162.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.162.255 255.255.255.255 192.168.162.1 192.168.162.1 20
224.0.0.0 240.0.0.0 192.168.1.199 192.168.1.199 30
224.0.0.0 240.0.0.0 192.168.150.1 192.168.150.1 20
224.0.0.0 240.0.0.0 192.168.162.1 192.168.162.1 20
255.255.255.255 255.255.255.255 192.168.1.199 192.168.1.199 1
255.255.255.255 255.255.255.255 192.168.1.199 5 1
255.255.255.255 255.255.255.255 192.168.150.1 192.168.150.1 1
255.255.255.255 255.255.255.255 192.168.162.1 192.168.162.1 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\chip>ping 192.168.162.1
Pinging 192.168.162.1 with 32 bytes of data:
Reply from 192.168.162.1: bytes=32 time<1ms TTL=128
Reply from 192.168.162.1: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.162.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
----------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------
relevant lines from XP ipconfig /all
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.org
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated
Cont
roller
Physical Address. . . . . . . . . : 00-14-22-EC-E0-A6
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.199
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.1
----------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------
The lines from DL ifconfig -a:
eth0 ...
inet adder: 69.181.170.104 Bcast 255.255.255.255 Mask
255.255.248.0
...
RX 112.4 kB TX 1.9Kib
eth1 ...
inet addr: 192.168.1.254 Bcast: 192.168.1.255 Mask:
255.255.255.0
...
RX 702 b TX 634 b
On 9/17/07, Fred Frigerio <ffr...@lo...> wrote:
>
> John, I tried to learn how to do those scripts by hand but it is too
> specialized for however many times I will have to do it so I ended up
> doing the FWBuilder way which is a cop out. You tell it what you want at
> a higher abstraction level and it write the code for you.
>
> I am sure you have a problem other than ping but ping may not work
> because of the firewall itself so you may get DL working and not realize
> it if you just do ping.
>
> Attach the results from ipconfig /all and route print from the XP
> machine like someone else suggested. That should help rule that out.
>
>
> Fred Frigerio
> Locust USA
>
> This electronic message transmission contains information from Locust
> USA which may be confidential or privileged. The information is
> intended to be for the use of the individual or entity named above. If
> you are not the intended recipient, be aware that any disclosure,
> copying, distribution or use of the contents of this information is
> prohibited. If you have received this electronic transmission in error,
> please notify us by telephone (305-889-5410) or by reply via electronic
> mail immediately.
>
> -----Original Message-----
> From: dev...@li...
> [mailto:dev...@li...] On Behalf Of
> John Boden
> Sent: Monday, September 17, 2007 5:19 PM
> To: dev...@li...
> Subject: Re: [Devil-Linux-discuss] no NAT from newbie
>
> STILL NOT CONNECTING
>
> Hi Fred,
>
> Probably, from my limited ability to read /etc/init.d/firewall.rules I
> see
>
> # stop some smurf attacks
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
>
> # Stop ICMP redirect
> for interface in /proc/sys/net/ipv4/conf/*/accept_redirects; do
> echo "0" > ${interface}
> done
>
> In addition to ping, I tried to simply open pages with Mozilla and
> failed.
>
> All I did was make sure my ethernet cards were supported and selected
> the setup option configure as a 2 card firewall Do I need to edit
> anything else?
>
> Thanks,
> Chip
>
>
> On 9/17/07, Fred Frigerio <ffr...@lo... > wrote:
>
> If I remember correctly the firwall script
> (/etc/init.d/firewall.rules)
> blocks ICMP (ping). I am rolling my own using fwbuilder since
> neither of
> the templates provided directly work for me. Fwbuilder is free
> for
> linux, for Windows I think you have to pay.
>
>
> Fred Frigerio
> Locust USA
>
> This electronic message transmission contains information from
> Locust
> USA which may be confidential or privileged. The information is
> intended to be for the use of the individual or entity named
> above. If
> you are not the intended recipient, be aware that any
> disclosure,
> copying, distribution or use of the contents of this information
> is
> prohibited. If you have received this electronic transmission
> in error,
> please notify us by telephone (305-889-5410) or by reply via
> electronic
> mail immediately.
>
> -----Original Message-----
> From: dev...@li...
> [mailto: dev...@li...
> <mailto:dev...@li...> ] On Behalf
> Of
> John Boden
> Sent: Monday, September 17, 2007 1:50 PM
> To: dev...@li...
> Subject: Re: [Devil-Linux-discuss] no NAT from newbie
>
> Hi Bruce,
>
> Thanks for the advise.
>
> after removing the router,
> with
> XP <--> DL <--> cable modem
>
> from DL: ping yahoo.com <http://yahoo.com>
> works
> ping 216.109.112.135 (aka yahoo) works
>
> from XP: ping DL (well ping 192.168.1.254 ) works
> ping outside addr ( 69.181.170.104) FAILS
> ping yahoo
> FAILS
> ping 216.109.112.135 <http://216.109.112.135>
> (aka yahoo) FAILS
>
>
> >> I STILL NEED MORE HELP <<
>
> Thanks,
> Chip
>
>
>
>
> ------------------------------------------------------------------------
> -
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
> <https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss>
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>
|
