| View previous topic :: View next topic |
| Author |
Message |
hitman200ca
Tux's lil' helper
Joined: 02 Oct 2002
Posts: 110
Location: Canada
|
 Posted: Sat Jan 31, 2004 4:45 pm Post subject: Can't ping local interfaces but can ping outside [SOLVED] |
 |
|
This is a wierd one.
| Code: |
midnight dosemu # ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:BF:3A:4F:C2
inet addr:192.168.2.19 Bcast:255.255.255.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55158 errors:0 dropped:0 overruns:0 frame:0
TX packets:39323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:36684061 (34.9 Mb) TX bytes:4486160 (4.2 Mb)
Interrupt:11 Base address:0x9f00
eth1 Link encap:Ethernet HWaddr 00:50:BF:3A:49:6E
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5064 errors:0 dropped:0 overruns:0 frame:0
TX packets:3217 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:681556 (665.5 Kb) TX bytes:581488 (567.8 Kb)
Interrupt:12 Base address:0xbe00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:130 errors:0 dropped:0 overruns:0 frame:0
TX packets:130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10580 (10.3 Kb) TX bytes:10580 (10.3 Kb)
|
Which looks good to me. I can ping a machine behind eth1 (192.168.0.217) which
gets its IP address from my local DHCPd server running for eth1 only. I can also
ping a machine behind eth0 (192.168.2.1 and 192.168.2.38) but none of them can
ping my computer. Also I can't ping localhost or either eth0/1 ip address.
Any ideas. ping localhost can resolve the 127 ip address but just sits there.
The other strange thing is that the TX/RX counts in ifconfig increases normally
but there are no ping replys.
HeLP !!! Please.
_________________
"Against stupidity, the Gods themselves contend in vain."
-- Friedrich von Schiller
Last edited by hitman200ca on Tue Feb 10, 2004 1:50 am; edited 1 time in total |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Jan 31, 2004 5:25 pm Post subject: |
|
|
Routing table please:
Just the ifconfig is inconclusive.
Then we'll see whether it's weird. |
|
| Back to top |
|
|
hitman200ca
Tux's lil' helper
Joined: 02 Oct 2002
Posts: 110
Location: Canada
|
| Posted: Sat Jan 31, 2004 6:50 pm Post subject: |
|
|
| Code: |
midnight dosemu # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 1 0 0 eth0
|
| Code: |
midnight dosemu # cat /etc/hosts
127.0.0.1 localhost midnight
|
_________________
"Against stupidity, the Gods themselves contend in vain."
-- Friedrich von Schiller |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Jan 31, 2004 7:10 pm Post subject: |
|
|
You should by preference not place any machine names on the localhost line; use its own IP address (or one of them) on another line, and leave the
| Code: | | 127.0.0.1 localhost.localdomain localhost |
line intact.
Add
| Code: | | 192.168.2.19 myhost.mydomain myhost |
(Since that is the NIC that connects to the default gateway)
You may also add multiple IP addresses for one hostname, each on its own line.
But none of this explains why routing or pinging doesn't work.
Do you run a nameserver on this host?
What is the host resolution order (in /etc/host.conf) ?
What do you have in /etc/resolv.conf ? |
|
| Back to top |
|
|
hitman200ca
Tux's lil' helper
Joined: 02 Oct 2002
Posts: 110
Location: Canada
|
| Posted: Sat Jan 31, 2004 7:27 pm Post subject: |
|
|
Well I am almost certain I am not running a nameserver but
I dont know how to check that.
I dont have the file /etc/host.conf
but ...
| Code: |
midnight dosemu # cat /etc/resolv.conf
nameserver 192.168.2.1
search WORKGROUP
|
The when pinging the internet using names they all resolve properly.
The only thing I can think of for this is that I have an improperly compiled kernel.
I was going to try moving to the 2.6 kernel and using genkernel for a default kernel
in the hopes that that will fix it.
What kernel options need to be compiled in for ping reply's to work?
Here are my firewall rules (iptable)
| Code: |
midnight dosemu # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
midnight dosemu # iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
As you can see its wide open right now. (My SMC router is currently the external firewall)
_________________
"Against stupidity, the Gods themselves contend in vain."
-- Friedrich von Schiller |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Jan 31, 2004 7:46 pm Post subject: |
|
|
If you don't use iptables, then don't use it!
The plethora of masq entries can never do good - they may harm you.
How to check if you're running a nameserver:
| Code: | | netstat -lpn | grep 53 |
For instance.
No, the chances that you've "compiled your kernel incorrectly" are close to 0.000 - if you had, it wouldn't run.
Lose the WORKGROUP entry from resolv.conf - you can't resolve WINS names via the standard Unix name resolution mechanism.
What options need to be compiled into the kernel ?
The options to allow TCP/IP networking - collectively known as the TCP/IP "stack".
BTW the (spurious) masquerading is the single reason that your networking doesn't. |
|
| Back to top |
|
|
hitman200ca
Tux's lil' helper
Joined: 02 Oct 2002
Posts: 110
Location: Canada
|
| Posted: Tue Feb 10, 2004 1:49 am Post subject: |
|
|
I finally found the error.
/proc/sys/net/ipv4/icmp_echo_ignore_all
must be set to 0 in order for you to be able to ping yourself.
It's wierd though because I could not find this documented almost anywhere
I just happened to stumble upon it in an unrelated thread.
:o)
_________________
"Against stupidity, the Gods themselves contend in vain."
-- Friedrich von Schiller |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Fri Feb 13, 2004 4:10 pm Post subject: |
|
|
Yes, well, but why was this option set in the first place?
I can assure you that that is not sysctl's default - pinging yourself on a vanilla kernel always works.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
hitman200ca
Tux's lil' helper
Joined: 02 Oct 2002
Posts: 110
Location: Canada
|
| Posted: Fri Feb 13, 2004 8:22 pm Post subject: |
|
|
I believe in hind sight that it was set by shorewall.
I was frustrated with iptables configuration and tried shorewall
for about 10 minutes but it seems the unemerge didn't change
the config files back to thier default.
:o)
Thanks for your help throughout.
_________________
"Against stupidity, the Gods themselves contend in vain."
-- Friedrich von Schiller |
|
| Back to top |
|
|
|
Networking & Security
