Re: routing question

Wed, 28 Nov 2001 13:41:49 -0600 

On Wed, 2001-11-28 at 11:34, shock wrote:
> * Michael Heldebrant ([EMAIL PROTECTED]) spake thusly:
> >
> > What is the default policy for the input and output chains on "a". 
> > ipchains -L -v -n output will show this.  
> 
> [EMAIL PROTECTED] stephen]# /sbin/ipchains -L -v -n
> Chain input (policy ACCEPT: 3466 packets, 774392 bytes):
> pkts bytes target     prot opt    tosa tosx  ifname     mark outsize  source  
>               destination           ports
> 0     0 ACCEPT     udp  ------ 0xFF 0x00  eth0 0.0.0.0/0            0.0.0.0/0 
>             67 ->   68
> Chain forward (policy DENY: 0 packets, 0 bytes):
> pkts bytes target     prot opt    tosa tosx  ifname     mark outsize  source  
>               destination           ports
> 1206 76677 MASQ       all  ------ 0xFF 0x00  * 192.168.2.0/24       0.0.0.0/0 
>             n/a
> Chain output (policy ACCEPT: 3294 packets, 806120 bytes):
> 
> > The output of netstat -atp on
> > "a" would also be helpfull along with the route output from both
> > machines.  

Everything looks ok so far.  Routing information is the only thing left
that I can think of.

> [EMAIL PROTECTED] stephen]# netstat -atp
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address State       
> PID/Program name
> tcp        0      0 pappy.exitwound.o:pop-3 calypso.exitwound:44919 TIME_WAIT 
>   -
> tcp        0      0 192.168.1.10:pop-3      calypso.exitwound:44918 TIME_WAIT 
>   -
> tcp        0      0 *:6010                  *:* LISTEN      607/sshd2
> tcp        0    232 pappy.exitwound.org:ssh calypso.exitwound:44912 
> ESTABLISHED 607/sshd2
> tcp        0      0 *:smtp                  *:* LISTEN      409/sendmail: 
> accep
> tcp        0      0 192.168.1.10:www        *:* LISTEN      363/httpd
> tcp        0      0 *:mysql                 *:* LISTEN      359/mysqld
> tcp        0      0 *:ssh                   *:* LISTEN      291/sshd2
> tcp        0      0 *:pop-3                 *:* LISTEN      282/inetd
> tcp        0      0 *:pop-2                 *:* LISTEN      282/inetd

You are listening on both cards in theory for sshd2.  Can "a" get a ping
response from "e"?
> 
> > I assume the "broadcase" above for eth1 is a typo and not the
> > actual command right?  
> 
> actually, that wasn't a typo.  it's been corrected.  thanks.
> 
> >Are you using some sort of dhcp on "a" with pump?
> 
> Nope.  All of that is handled through the DSL modem/router.  I just
> simply set the default gateway to point to it.

Why do you have a hole in your firewall for the dhcp information then? 
If it's all internal to the modem (meaning you never change ip's ever)
you may want to remove that from the firewall.

--mike

Reply via email to