Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Unable to route local network?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Starblazer
n00b
n00b


Joined: 14 Jul 2002
Posts: 8

PostPosted: Sun Jul 14, 2002 12:46 am    Post subject: Unable to route local network? Reply with quote

Has anyone encountered the following problem?

I currently have a firewall/proxy/dhcp server with an internal address of 192.168.1.1

My PC is Windows XP Pro.

The dhcp server is able to grant me a lease in the 192.168.1.x subnet (mask 255.255.255.0) with default gw of 192.168.1.1

Now, web browsing through the proxy (192.168.1.1:3128) works fine. IPTables forwarding (no proxy) works fine.

My problem is when I try to connect to the internal NIC via SSH. I've included the correct statement to open up incoming connections, but I get connection refused. The error does not show up when I log all connections that go through iptables.

It looks like my PC does not know how to handle routing for the local subnet. The following is an example error using telnet to the proxy server's port:

Code:
telnet proxy 3128
Connecting To proxy...Could not open connection to the host, on port 3128.
No connection could be made because the target machine actively refused it.


When I use Nmap, i get this:

Code:
WARNING:  Could not determine what interface to route packets through to 192.168.1.1, changing ping scantype to ICMP only


This is my routing table:

Code:
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.102       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.102   192.168.1.102       20
    192.168.1.102  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.102   192.168.1.102       20
        224.0.0.0        240.0.0.0    192.168.1.102   192.168.1.102       20
  255.255.255.255  255.255.255.255    192.168.1.102   192.168.1.102       1
Default Gateway:       192.168.1.1


Anyone have any ideas? This is a big pain since I can't remotely administer the firewall.
Back to top
View user's profile Send private message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Sun Jul 14, 2002 5:41 am    Post subject: Reply with quote

I don't think it is a routing problem. If it was a routing problem, you wouldn't be able to touch any of the services on that box at all. Simple test is a ping. As long as you don't have an explicit rule in your firewall disallowing pings or have pings shut off in your kernel this will tell us the story about routing.

Ping both interfaces tell us the results, and ping from each computer to the other. If the pings work, scratch routing problems. You might want to try flushing your iptables rules to see if that fixes it. The following should flush all rules and chains:
Code:

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X

_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.
Back to top
View user's profile Send private message
Starblazer
n00b
n00b


Joined: 14 Jul 2002
Posts: 8

PostPosted: Wed Jul 17, 2002 3:35 am    Post subject: Reply with quote

I personally don't think it's a routing problem either. But it's just plain weird. I've already tried turning off the firewall and just have it behave as a DHCP server. I can ping from both machines. But I can't telnet/ssh in. The part that gets me, is that it obviously finds the proxy server somehow, otherwise, I won't be able to post this message (the logs do confirm that I'm using the proxy).
Back to top
View user's profile Send private message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Wed Jul 17, 2002 4:08 am    Post subject: Reply with quote

Starblazer wrote:
I personally don't think it's a routing problem either. But it's just plain weird. I've already tried turning off the firewall and just have it behave as a DHCP server. I can ping from both machines. But I can't telnet/ssh in. The part that gets me, is that it obviously finds the proxy server somehow, otherwise, I won't be able to post this message (the logs do confirm that I'm using the proxy).


:) You are using TCP wrappers huh? Well, you are by default.

Try putting the followingin hosts.allow:
Code:
sshd:ALL
and the following in hosts.deny:
Code:
ALL:ALL

_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.
Back to top
View user's profile Send private message
Starblazer
n00b
n00b


Joined: 14 Jul 2002
Posts: 8

PostPosted: Wed Jul 17, 2002 4:53 am    Post subject: Reply with quote

That was a pretty good idea... but it didn't pan out. :cry:

I went a step further and sniffed my connection. I can see the traffic go out to the proxy server and back, but that's it. If I use telnet/ssh/nmap, no traffic whatsoever.

When I try a ping, I can see my ping packets go out. I also see the bootp protocol going back and forth.
Back to top
View user's profile Send private message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Wed Jul 17, 2002 12:15 pm    Post subject: Reply with quote

You wouldn't happen to have ECN turned on in your kernel would you?

Networking options ---> IP: TCP Explicit Congestion Notification support

Have you tried recompiling your kernel? Perhaps even trying the vanilla sources kernel to rule out any problems with a patch gone bad on your gentoo-sources?
_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.
Back to top
View user's profile Send private message
Starblazer
n00b
n00b


Joined: 14 Jul 2002
Posts: 8

PostPosted: Wed Jul 17, 2002 7:32 pm    Post subject: Reply with quote

I've recompiled a few times already, and no ECN isn't enabled. I haven't tried using the vanilla-sources yet, but I strongly suspect that my problem isn't gentoo related since traffic never even leaves my PC.

I think it has something to do with the network layer on XP. I'm going to try something else tonight. But if you think of anything, please let me know! Thanks for the help so far.
Back to top
View user's profile Send private message
Starblazer
n00b
n00b


Joined: 14 Jul 2002
Posts: 8

PostPosted: Wed Jul 17, 2002 11:16 pm    Post subject: Reply with quote

ALRIGHT!!!

It's kinda silly really, but I've figured out what was blocking me. I had to uninstall Zonealarm. Apparently, even though I thought it wasn't running, it had some sort of hook into the OS that must've prevented me from connecting directly to the firewall. All's good now. Thanks for the all the help.
Back to top
View user's profile Send private message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Thu Jul 18, 2002 1:51 am    Post subject: Reply with quote

Ack, don't you hate it when that happens? :lol: :lol:
_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum