Can't ping anything on LAN or WAN

Background info:

OS: MandrakeSecurity Multi-Network-Firewall 8.2
Kernel: 2.4.18-8.1mdksecure

Hope-to-have setup:

Internet -> ADSL router -> eth0 (server) eth1 -> switch -> LAN

Current setup: (until the server is configured)

Internet -> ADSL router/gateway/DHCP -> hub -> LAN -> Linux server

My Linux box is a IBM eServer xSeries 335 (rack) with 2 built-in BroadCom netXtreme Gigabit Ethernet cards. I have (finally) successfully installed the drivers and Linux detects both as eth0 and eth1.

I have tried assigning static IPs and using the router's IP as gateway. I have tried assigning a static IP to one card and a DHCP to the other. Finally I tried both DHCP. The cards get IP addresses from the DHCP server.

But I cannot ping anything except (and the current IP). The router is If i ping that or any other machine, I get this

[root@localhost ]# ping
PING ( from : 58(84) bytes of data.
--- Ping statistics for ---
5 packets sent, 0 packets received, 100% packet loss
[root@localhost ]#

Here's the (current) contents of /etc/sysconfig/network


# Gateway configuration
GATEWAY= //note: doesn't seem to make a difference if there's an IP here or not

Here's the contents of /etc/sysconfig/network-scripts/ifcfg-eth0 (currently set up with static IP)
GATEWAY= //note: fake

Here's the contents of /etc/sysconfig/network-scripts/ifcfg-eth1
(currently set up with DHCP)

the eth1 interface is currently and the router is at All DHCP machines are

Whenever I try to ping anything, I just get 0 packets received.

When I ping either or when it's static like from a Windows ME computer, I get this error

C:\WINDOWS> ping
Pinging with 32 bytes of data:

Reply from Destination port unreachable.
Reply from Destination port unreachable.
Reply from Destination port unreachable.
Reply from Destination port unreachable.

Ping statistics for
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Please tell me what could be wrong and how could I connect to my LAN/Router/ Internet!!!!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Can you run

route -nNvee

and post the results?
Also, please run


and post those results.  
x13Author Commented:

[root@localhost ]# route -nNvee
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt U 0 0 0 eth1 40 0 0 U 0 0 0 eth0 40 0 0 U 0 0 0 lo 40 0 0

[root@localhost ]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:(etc)
       inet addr: Bcast: Mask:
       Rx packets:160 errors:0 dropped:0 overruns:0 frame:0
       Tx packets:1 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:100
       RX bytes:16618(16.2 Kb) TX bytes:64 (64.0 b)
       Interrupt:24 Memory:fbff0000-fc000000

eth1 Link encap:Ethernet HWaddr:00:09:6B:etc
       inet addr: Bcast: Mask:
       RX packets:243 errors:0 dropped:0 overruns:0 frame:0
       TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:100
       RX bytes:23814 (23.2 Kb) TX bytes:812 (812.0 b)
       Interrupt:25 Memory:fbfe0000-fbff0000

lo   Link encap:Local Loopback
      inet addr: Mask:
      UP LOOPBACK RUNNING MTU:16436 Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@localhost ]#

Phew, that was a lot of typing. :-) Let me know if you need any more info. Oh, I almost forgot. I couldn't ping even the loopback address,, until I modified this: /proc/sys/net/ipv4/icmp_echo_ignore_all to have a value of 0. I now can ping loopback and my own IP but nothing else.

Also, I am supposed to be able to use a web browser on the LAN to configure the server, but I can't access it using https: protocol either.

OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

x13Author Commented:
could it be related to iptables?
Sorry, the typing could have been avoided using redirection

route -nNvee >outroute.txt
ipconfig >outconfig.txt

Really sorry...
x13Author Commented:
that's ok, as long as it helps to find an answer... it's like this machine isn't even plugged in. I can't FTP, telnet, or http or ping it from another computer. I can't ping or ftp out either. I have no idea what to do, and i'm suposed to be configuring it from a browser on my LAN. Well I can't because the LAN can't see the blasted thing, except to say "Port unreachable" and stuff. :-(
eth0 is pointing to the ADSL router?  I would have expected that to have an IP of somthing like (what eth1 seems to have).  As it is it looks like eth0 has an address that does not mesh with the ADSL.  Is eth0 getting its address from DHCP from the ADSL?  If not, I would try allowing it to.

Then the following might do the trick:

ip route add default via dev eth0

But then you have the situation where eth0 and eth1 are using the same subnet...
x13Author Commented:
eth0 is not pointing to anything. I gave it a fake static IP on a new subnet (192.168.99.X) because someone had mentioned that the subnets have to be different.

The DSL modem is somewhere on the LAN right now.

eth1 *should* be able to connect to the LAN

eth0 should *not* connect to the lan due to its IP address.

If I set both eth0 and eth1 to DHCP they get IP addresses:

But I just set eth0 to have a static IP. My goal is just to connect to my LAN at least. I am hoping that once I can connect to the server with a browser, I can configure the rest that way.
The DSL modem is at ?
Then eth0 will have to have an address of 192.168.1.x if it is to contact the modem.
What happens if you let both eth0 and eth1 use DHCP and you say

ip route add default via dev eth0
If you want eth0 to have access to only to the DSL modem then you will have to change the IP address of the modem.
So if eth0 has address then the modem should have address (for example).  This will make the modem unavailable to the LAN - except for your system through eth0.

Is the DSL Modem supplying DHCP services?  This is not good if there is another DHCP server on the LAN.  You should disable this on the modem if this is the case.
x13Author Commented:
hi robertjbarker,

thank you for continuing to send your ideas.

RIGHT NOW - the DSL modem is the *only* dchp server on the network. the Linux box is not yet configured to do anything (well not that I know of anyway). eth0 is not plugged into the modem yet.

in the future, I am planning to set it up the way you said, with the modem and the eth0 on one subnet, and eth1 and LAN on another. But currently eth0 and the modem aren't direcly connected.

I set both to use DHCP and they have

[root@localhost ]# ip route add default via dev eth0
RTNETLINK answers: Network is unreachable
[root@localhost ]# ip route add default via dev eth1
RTNETLINK answers: File exists
[root@localhost ]#

Interesting. after ONCE AGAIN editing that pesky /proc/sys/net/ipv4/icmp_echo_ignore_all, I have discovered that I can ping (eth1) from eth1 and (eth0) from eth0, but I can't ping eth1 from eth0. (Error: Destination host unreachable)
Can you get through to the DSL modem through eth1 now?
I worry about the responses to the ip route commands.  If you run ifconfig after these I would expect that you would come up with output something like this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt   U     0      0        0 eth0     0     0      0         UG    0      0        0 eth0     0     0      0   U     0      0        0 eth1     0     0      0         UG    0      0        0 eth1     0     0      0

If not then something is clearly amiss with the execution of the ip route commands

I wonder if you are running into firewall rules.

First, it seems strange to me to have two network connections on a firewall communicating with the same subnet - it kind of defeats the purpose of the whole thing.

Perhaps it would be better if you went straight to your intended configuration and tried to get it going. Then you would at least be solving the problems you will need to solve in your intended solution, instead of problems you might not run into otherwise.

Am I right to assume that the DSL modem is in use by the others on the LAN now so that you don't want to take it out of the subnet at this time?  If so, you could try taking eth0 off the LAN and hooking it directly to a single workstation.  Then you could set up a subnet, say 10.x.x.x, with just that workstation and eth0, and figure out how to route through the firewall to the modem.
x13Author Commented:
You are correct, the DSL modem is in use, and unfortunately I don't have access to the building after hours (no one does) so the amount of time I will have to play with it will be very limited.

Excellent suggestion. I am going to plug eth0 into this little workstation here, and make a new subnet. And leave eth1 plugged into the LAN. I will post back here shortly. Thank you.
x13Author Commented:

Current configuration

DSL modem -> LAN -> my hub -> Windows ME (
                                                   Windows 98 (
                                                   Linux eth0 (
                                                   Linux eth1 (

route -n:

Destination      Gateway      Genmask        Flags Metric Ref Use Iface    U       0      0    0    eth1    U       0      0    0    eth0           U       0      0    0    lo             UG      0      0    0    eth1

I even tried netconfig -d eth0 --gateway= but it doesn't put a gateway for eth0.


From the Windows 98 workstation ( ping -> Destination port unreachable

From eth0 ( ping -> 0 packets received

From eth1 ( ping -> 0 packets received

From Windows ME ( ping -> Destination port unreachable.

I don't seem to be helping a great deal, do I.

I'm pretty much stumped, and pretty sorry about it too...
x13Author Commented:
Well, i appreciate all your help, do not give up...

a tcpdump reveals the message

17 packets received by filter
0 packets dropped by kernel

This makes me think that my firewall or iptables are interfereing in some way. I have renamed my iptables file and tried to edit the policies in shorewall. But still the problem persists and I can't ping anyone, not even the other network card
x13Author Commented:
Solved the mystery.

I had to disable shorewall:

[root@localhost ]# shorewall stop

enable icmp

[root@localhost ]# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

and delete, remove executable, and flush IP tables (after backing up onto floppy of course

[root@localhost ]# cd /etc/rc.d/init.d
[root@localhost ]# rm iptables
[root@localhost ]# chmod -x iptables // yes it makes another one
[root@localhost ]# iptables -F (get rid of all the default rulse
[root@localhost ]# iptables -P INPUT ACCEPT
[root@localhost ]# iptables -P OUTPUT ACCEPT
[root@localhost ]# iptables -P FORWARD ACCEPT


[root@localhost ]# ping
PING from : 56(84) bytes of data
64 bytes from icmp_seq=0 ttl=128 time=726 usec
64 bytes from icmp_seq=1 ttl=128 time=403 usec
64 bytes from icmp_seq=2 ttl=128 time=402 usec

--- ping statistics
3 packets transmitted, 3 packets received, 0% packet loss


Of course, i now have no firewall and no protection. But at least i can function better. Yeesh.
Very good, and congrats!
Question closed and points refunded

CS Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.