On 2002.01.02 22:19 Jor-el wrote:
> The hostnames in your prev. post were truncated and it was hard to guess
> how the routing was setup.
>
Here is an easier to read routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
216.86.213.93 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
216.86.213.94 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
216.86.213.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 216.86.213.1 0.0.0.0 UG 1 0 0
eth0
> Also try the following : from B / C, do
> 1. traceroute A
> 2. traceroute A -s C
>
traceroute A works as expected. However traceroute A -s C results in:
1 traceroute: wrote 24.52.153.102 38 chars, ret=-1
*traceroute: wrote 24.52.153.102 38 chars, ret=-1
*traceroute: wrote 24.52.153.102 38 chars, ret=-1
Note: each of the above lines were preceded by:
traceroute: sendto: Operation not permitted
which for somereason wasn't included in the output of traceroute A -s C
> traceroute
I've noticed this on a few other procedures I've tried to do, but it isn't
really that big of a deal to add the other information. But I know there is
a way to capture the screen, I just don't know how to do it.
> On A, monitor the traffic using a filter for src = A or dst = A
> and post the results.
I don't think that I can do this. A is a D-Link Wireless cable modem/dsl
router. I tried it anyway and didn't pick up anything from things that I
know work.
>
> > Jan 2 15:23:46 hostname kernel: Packet log: input DENY eth0 PROTO=1
> > MACHINEA:8 IPADDRC:0 L=92 S=0x00 I=0 F=0x4000 T=43 (#9)
> >
> I dont know what this log entry means. Its possible that you have
> a firewall problem but your symptoms are more indicative of a routing
> problem. Perhaps the output of 'ipchains -L -v -n' would help (Note: I
> run
> iptables and I'm guessing that its options are similar to ipchains. The
> -n
> will produce numeric, rather than symbolic output).
>
That worked just fine, here is the output:
Chain input (policy ACCEPT: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
39536 3757K ACCEPT all ------ 0xFF 0x00 lo
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 !lo
127.0.0.0/8 0.0.0.0/0 n/a
89474 7888K ACCEPT all ------ 0xFF 0x00 eth0
216.86.213.0/24 0.0.0.0/0 n/a
204K 21M ACCEPT all ------ 0xFF 0x00 eth1
192.168.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
216.86.213.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/24 0.0.0.0/0 n/a
234K 189M ACCEPT all ------ 0xFF 0x00 eth0
0.0.0.0/0 216.86.213.93 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0
0.0.0.0/0 216.86.213.255 n/a
17858 1487K DENY all ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 MASQ all ------ 0xFF 0x00 eth0
192.168.0.2 0.0.0.0/0 n/a
0 0 MASQ all ------ 0xFF 0x00 eth0
192.168.0.21 0.0.0.0/0 n/a
4464 690K MASQ all ------ 0xFF 0x00 eth0
192.168.0.22 0.0.0.0/0 n/a
443 66229 MASQ all ------ 0xFF 0x00 eth0
192.168.0.23 0.0.0.0/0 n/a
257 38564 MASQ all ------ 0xFF 0x00 eth0
192.168.0.24 0.0.0.0/0 n/a
58 4837 MASQ all ------ 0xFF 0x00 eth0
192.168.0.25 0.0.0.0/0 n/a
0 0 MASQ all ------ 0xFF 0x00 eth0
192.168.0.26 0.0.0.0/0 n/a
2606 571K MASQ all ------ 0xFF 0x00 eth0
192.168.0.27 0.0.0.0/0 n/a
2641 367K MASQ all ------ 0xFF 0x00 eth0
192.168.0.28 0.0.0.0/0 n/a
0 0 MASQ all ------ 0xFF 0x00 eth0
192.168.0.254 0.0.0.0/0 n/a
Chain output (policy ACCEPT: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
39536 3757K ACCEPT all ------ 0xFF 0x00 lo
0.0.0.0/0 0.0.0.0/0 n/a
89476 7888K ACCEPT all ------ 0xFF 0x00 eth0
0.0.0.0/0 216.86.213.0/24 n/a
0 0 ACCEPT !tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 224.0.0.0/4 * -> *
229K 187M ACCEPT all ------ 0xFF 0x00 eth1
0.0.0.0/0 192.168.0.0/24 n/a
0 0 ACCEPT !tcp ------ 0xFF 0x00 eth1
0.0.0.0/0 224.0.0.0/4 * -> *
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/0 216.86.213.0/24 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/0 192.168.0.0/24 n/a
168K 14M ACCEPT all ------ 0xFF 0x00 eth0
216.86.213.93 0.0.0.0/0 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0
216.86.213.255 0.0.0.0/0 n/a
11 418 DENY all ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Thanks for the help so far, hopefully this will give you, or someone else
some ideas.
Chad
