i feel like a newbie. (probably look the part, too. not that
there's anything wrong with that.) my 3c509 connection won't
cooperate. it'll respond only to self-pings; no other traffic
seems to get in or out.
On Sat, Feb 16, 2002 at 05:26:10AM -0200, Michel Loos wrote:
> missing the
> netstat -rn
> output
here's a script of everything i could think of that might show
pertinent info to those of you who know this stuff [long lines
follow; a wider window will work better...]
[EMAIL PROTECTED] ifdown eth0 ; ifup eth0
[EMAIL PROTECTED] ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:60:8C:82:CF:3B
inet addr:208.251.253.83 Bcast:208.251.253.87 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:590 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x300
[EMAIL PROTECTED] ipmasq -v
Interfaces found:
eth0 208.251.253.83/255.255.255.248
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains -P forward DENY
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j DENY -i !lo -s 127.0.0.1/255.0.0.0 -l
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 208.251.253.83/32
/sbin/ipchains -A input -j ACCEPT -i eth0 -d 208.251.253.87/32
/sbin/ipchains -A output -j ACCEPT -i lo
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 208.251.253.83/32
/sbin/ipchains -A output -j ACCEPT -i eth0 -s 208.251.253.87/32
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
[EMAIL PROTECTED] ipchains -nvL
Chain input (policy DENY: 255160 packets, 23735195 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 ACCEPT all ------ 0xFF 0x00 lo
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 !lo
127.0.0.0/8 0.0.0.0/0 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0
0.0.0.0/0 208.251.253.83 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0
0.0.0.0/0 208.251.253.87 n/a
0 0 DENY all ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 DENY all ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 510311 packets, 35223165 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 ACCEPT all ------ 0xFF 0x00 lo
0.0.0.0/0 0.0.0.0/0 n/a
1 73 ACCEPT all ------ 0xFF 0x00 eth0
208.251.253.83 0.0.0.0/0 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0
208.251.253.87 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
[EMAIL PROTECTED] route -nvCF
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
208.251.253.80 0.0.0.0 255.255.255.248 U 0 0 0 eth0
0.0.0.0 208.251.253.81 0.0.0.0 UG 0 0 0 eth0
Kernel IP routing cache
Source Destination Gateway Flags Metric Ref Use Iface
208.251.253.83 192.112.36.4 208.251.253.81 0 0 0 eth0
208.251.253.83 192.36.148.17 208.251.253.81 0 0 0 eth0
208.251.253.83 208.251.253.83 208.251.253.83 l 0 0 2 lo
208.251.253.83 128.8.10.90 208.251.253.81 0 1 0 eth0
208.251.253.83 198.41.0.4 208.251.253.81 0 0 0 eth0
[EMAIL PROTECTED] route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
208.251.253.80 0.0.0.0 255.255.255.248 U 0 0 0 eth0
0.0.0.0 208.251.253.81 0.0.0.0 UG 0 0 0 eth0
[EMAIL PROTECTED] netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
208.251.253.80 0.0.0.0 255.255.255.248 U 0 0 0 eth0
0.0.0.0 208.251.253.81 0.0.0.0 UG 0 0 0 eth0
[EMAIL PROTECTED] netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ns.midwestRepo.c:domain *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:time *:* LISTEN
tcp 0 0 *:daytime *:* LISTEN
tcp 0 0 *:discard *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
udp 0 0 ns.midwestRepo.c:domain *:*
udp 0 0 *:discard *:*
udp 0 112 *:1024 *:*
udp 0 0 localhost:domain *:*
raw 0 0 *:icmp *:* 7
raw 0 0 *:tcp *:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 110
/var/run/postgresql/.s.PGSQL.5432
unix 0 [ ACC ] STREAM LISTENING 62 /var/run/ndc
unix 0 [ ACC ] STREAM LISTENING 3245 /dev/gpmctl
unix 0 [ ACC ] STREAM LISTENING 17502 /dev/log
unix 1 [ ] STREAM CONNECTED 59 @00000002
unix 1 [ ] STREAM CONNECTED 56 @00000001
unix 1 [ ] STREAM CONNECTED 92 @00000004
unix 1 [ ] STREAM CONNECTED 93 /dev/log
unix 1 [ ] STREAM CONNECTED 60 /dev/log
unix 1 [ ] STREAM CONNECTED 57 /dev/log
here it responds to pings sent to itself --
[EMAIL PROTECTED] ping 208.251.253.83
PING 208.251.253.83 (208.251.253.83): 56 data bytes
64 bytes from 208.251.253.83: icmp_seq=0 ttl=255 time=0.2 ms
64 bytes from 208.251.253.83: icmp_seq=1 ttl=255 time=0.1 ms
64 bytes from 208.251.253.83: icmp_seq=2 ttl=255 time=0.1 ms
64 bytes from 208.251.253.83: icmp_seq=3 ttl=255 time=0.1 ms
--- 208.251.253.83 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms
but pings sent anywhere else are dropped...
[EMAIL PROTECTED] ping 208.33.90.85
PING 208.33.90.85 (208.33.90.85): 56 data bytes
--- 208.33.90.85 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
[EMAIL PROTECTED]
is it something embarrassingly obvious that i'm missing?
--
DEBIAN NEWBIE TIP #14 from Will Trillich <[EMAIL PROTECTED]>
:
What's a RUNLEVEL? It's simply a big-time setting group;
runlevel 2 might have a full-blown web server plus X running,
and runlevel 3 might be ssh-only, for secure logins. Check
/etc/inittab (and /etc/rc<RUNLEVEL>.d/*) for details on how
yours are set up. And try "man runlevel".
Also see http://newbieDoc.sourceForge.net/ ...
