x13
asked on
Can't ping anything on LAN or WAN
Background info:
OS: MandrakeSecurity Multi-Network-Firewall 8.2
Kernel: 2.4.18-8.1mdksecure
Hope-to-have setup:
Internet -> ADSL router -> eth0 (server) eth1 -> switch -> LAN
Current setup: (until the server is configured)
Internet -> ADSL router/gateway/DHCP -> hub -> LAN -> Linux server
My Linux box is a IBM eServer xSeries 335 (rack) with 2 built-in BroadCom netXtreme Gigabit Ethernet cards. I have (finally) successfully installed the drivers and Linux detects both as eth0 and eth1.
I have tried assigning static IPs and using the router's IP as gateway. I have tried assigning a static IP to one card and a DHCP to the other. Finally I tried both DHCP. The cards get IP addresses from the DHCP server.
But I cannot ping anything except 127.0.0.1 (and the current IP). The router is 192.168.1.1. If i ping that or any other machine, I get this
[root@localhost ]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) from 192.168.1.102 : 58(84) bytes of data.
^C
--- Ping statistics for 192.168.1.1 ---
5 packets sent, 0 packets received, 100% packet loss
[root@localhost ]#
Here's the (current) contents of /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=localhost.localdo main
DOMAINNAME=localdomain
# Gateway configuration
GATEWAYDEV=eth1
GATEWAY= //note: doesn't seem to make a difference if there's an IP here or not
Here's the contents of /etc/sysconfig/network-scr ipts/ifcfg -eth0 (currently set up with static IP)
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.99.2
NETMASK=255.255.255.0
GATEWAY=192.168.99.254 //note: fake
Here's the contents of /etc/sysconfig/network-scr ipts/ifcfg -eth1
(currently set up with DHCP)
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=dhcp
the eth1 interface is currently 192.168.1.102 and the router is at 192.168.1.1. All DHCP machines are 192.168.1.1XX.
Whenever I try to ping anything, I just get 0 packets received.
When I ping either 192.168.1.103 or when it's static like 192.168.1.3 from a Windows ME computer, I get this error
C:\WINDOWS> ping 192.168.1.103
Pinging 192.168.1.103 with 32 bytes of data:
Reply from 192.168.1.103: Destination port unreachable.
Reply from 192.168.1.103: Destination port unreachable.
Reply from 192.168.1.103: Destination port unreachable.
Reply from 192.168.1.103: Destination port unreachable.
Ping statistics for 192.168.1.103:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\WINDOWS>
Please tell me what could be wrong and how could I connect to my LAN/Router/ Internet!!!!
OS: MandrakeSecurity Multi-Network-Firewall 8.2
Kernel: 2.4.18-8.1mdksecure
Hope-to-have setup:
Internet -> ADSL router -> eth0 (server) eth1 -> switch -> LAN
Current setup: (until the server is configured)
Internet -> ADSL router/gateway/DHCP -> hub -> LAN -> Linux server
My Linux box is a IBM eServer xSeries 335 (rack) with 2 built-in BroadCom netXtreme Gigabit Ethernet cards. I have (finally) successfully installed the drivers and Linux detects both as eth0 and eth1.
I have tried assigning static IPs and using the router's IP as gateway. I have tried assigning a static IP to one card and a DHCP to the other. Finally I tried both DHCP. The cards get IP addresses from the DHCP server.
But I cannot ping anything except 127.0.0.1 (and the current IP). The router is 192.168.1.1. If i ping that or any other machine, I get this
[root@localhost ]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) from 192.168.1.102 : 58(84) bytes of data.
^C
--- Ping statistics for 192.168.1.1 ---
5 packets sent, 0 packets received, 100% packet loss
[root@localhost ]#
Here's the (current) contents of /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=localhost.localdo
DOMAINNAME=localdomain
# Gateway configuration
GATEWAYDEV=eth1
GATEWAY= //note: doesn't seem to make a difference if there's an IP here or not
Here's the contents of /etc/sysconfig/network-scr
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.99.2
NETMASK=255.255.255.0
GATEWAY=192.168.99.254 //note: fake
Here's the contents of /etc/sysconfig/network-scr
(currently set up with DHCP)
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=dhcp
the eth1 interface is currently 192.168.1.102 and the router is at 192.168.1.1. All DHCP machines are 192.168.1.1XX.
Whenever I try to ping anything, I just get 0 packets received.
When I ping either 192.168.1.103 or when it's static like 192.168.1.3 from a Windows ME computer, I get this error
C:\WINDOWS> ping 192.168.1.103
Pinging 192.168.1.103 with 32 bytes of data:
Reply from 192.168.1.103: Destination port unreachable.
Reply from 192.168.1.103: Destination port unreachable.
Reply from 192.168.1.103: Destination port unreachable.
Reply from 192.168.1.103: Destination port unreachable.
Ping statistics for 192.168.1.103:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\WINDOWS>
Please tell me what could be wrong and how could I connect to my LAN/Router/ Internet!!!!
Also, please run
ifconfig
and post those results.
ifconfig
and post those results.
ASKER
Sure:
[root@localhost ]# route -nNvee
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 40 0 0
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 40 0 0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 40 0 0
[root@localhost ]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:(etc)
inet addr: 192.168.99.2 Bcast: 192.168.99.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric:1
Rx packets:160 errors:0 dropped:0 overruns:0 frame:0
Tx packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:16618(16.2 Kb) TX bytes:64 (64.0 b)
Interrupt:24 Memory:fbff0000-fc000000
eth1 Link encap:Ethernet HWaddr:00:09:6B:etc
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:243 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:23814 (23.2 Kb) TX bytes:812 (812.0 b)
Interrupt:25 Memory:fbfe0000-fbff0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@localhost ]#
Phew, that was a lot of typing. :-) Let me know if you need any more info. Oh, I almost forgot. I couldn't ping even the loopback address, 127.0.0.1, until I modified this: /proc/sys/net/ipv4/icmp_ec ho_ignore_ all to have a value of 0. I now can ping loopback and my own IP but nothing else.
Also, I am supposed to be able to use a web browser on the LAN to configure the server, but I can't access it using https: protocol either.
ideas??
[root@localhost ]# route -nNvee
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 40 0 0
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 40 0 0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 40 0 0
[root@localhost ]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:(etc)
inet addr: 192.168.99.2 Bcast: 192.168.99.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric:1
Rx packets:160 errors:0 dropped:0 overruns:0 frame:0
Tx packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:16618(16.2 Kb) TX bytes:64 (64.0 b)
Interrupt:24 Memory:fbff0000-fc000000
eth1 Link encap:Ethernet HWaddr:00:09:6B:etc
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:243 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:23814 (23.2 Kb) TX bytes:812 (812.0 b)
Interrupt:25 Memory:fbfe0000-fbff0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@localhost ]#
Phew, that was a lot of typing. :-) Let me know if you need any more info. Oh, I almost forgot. I couldn't ping even the loopback address, 127.0.0.1, until I modified this: /proc/sys/net/ipv4/icmp_ec
Also, I am supposed to be able to use a web browser on the LAN to configure the server, but I can't access it using https: protocol either.
ideas??
ASKER
could it be related to iptables?
Sorry, the typing could have been avoided using redirection
route -nNvee >outroute.txt
ipconfig >outconfig.txt
Really sorry...
route -nNvee >outroute.txt
ipconfig >outconfig.txt
Really sorry...
ASKER
that's ok, as long as it helps to find an answer... it's like this machine isn't even plugged in. I can't FTP, telnet, or http or ping it from another computer. I can't ping or ftp out either. I have no idea what to do, and i'm suposed to be configuring it from a browser on my LAN. Well I can't because the LAN can't see the blasted thing, except to say "Port unreachable" and stuff. :-(
eth0 is pointing to the ADSL router? I would have expected that to have an IP of somthing like 192.168.1.103 (what eth1 seems to have). As it is it looks like eth0 has an address that does not mesh with the ADSL. Is eth0 getting its address from DHCP from the ADSL? If not, I would try allowing it to.
Then the following might do the trick:
ip route add default via 192.168.1.1 dev eth0
But then you have the situation where eth0 and eth1 are using the same subnet...
Then the following might do the trick:
ip route add default via 192.168.1.1 dev eth0
But then you have the situation where eth0 and eth1 are using the same subnet...
ASKER
eth0 is not pointing to anything. I gave it a fake static IP on a new subnet (192.168.99.X) because someone had mentioned that the subnets have to be different.
The DSL modem is somewhere on the LAN right now.
eth1 *should* be able to connect to the LAN
eth0 should *not* connect to the lan due to its IP address.
If I set both eth0 and eth1 to DHCP they get IP addresses:
eth0: 192.168.1.103
eth1: 192.168.1.102
But I just set eth0 to have a static IP. My goal is just to connect to my LAN at least. I am hoping that once I can connect to the server with a browser, I can configure the rest that way.
The DSL modem is somewhere on the LAN right now.
eth1 *should* be able to connect to the LAN
eth0 should *not* connect to the lan due to its IP address.
If I set both eth0 and eth1 to DHCP they get IP addresses:
eth0: 192.168.1.103
eth1: 192.168.1.102
But I just set eth0 to have a static IP. My goal is just to connect to my LAN at least. I am hoping that once I can connect to the server with a browser, I can configure the rest that way.
The DSL modem is at 192.168.1.1 ?
Then eth0 will have to have an address of 192.168.1.x if it is to contact the modem.
What happens if you let both eth0 and eth1 use DHCP and you say
ip route add default via 192.168.1.1 dev eth0
Then eth0 will have to have an address of 192.168.1.x if it is to contact the modem.
What happens if you let both eth0 and eth1 use DHCP and you say
ip route add default via 192.168.1.1 dev eth0
If you want eth0 to have access to only to the DSL modem then you will have to change the IP address of the modem.
So if eth0 has address 192.168.66.2 then the modem should have address 192.168.66.1 (for example). This will make the modem unavailable to the LAN - except for your system through eth0.
Is the DSL Modem supplying DHCP services? This is not good if there is another DHCP server on the LAN. You should disable this on the modem if this is the case.
So if eth0 has address 192.168.66.2 then the modem should have address 192.168.66.1 (for example). This will make the modem unavailable to the LAN - except for your system through eth0.
Is the DSL Modem supplying DHCP services? This is not good if there is another DHCP server on the LAN. You should disable this on the modem if this is the case.
ASKER
hi robertjbarker,
thank you for continuing to send your ideas.
RIGHT NOW - the DSL modem is the *only* dchp server on the network. the Linux box is not yet configured to do anything (well not that I know of anyway). eth0 is not plugged into the modem yet.
in the future, I am planning to set it up the way you said, with the modem and the eth0 on one subnet, and eth1 and LAN on another. But currently eth0 and the modem aren't direcly connected.
I set both to use DHCP and they have
eth0: 192.168.1.103
eth1: 192.168.1.102
[root@localhost ]# ip route add default via 192.168.1.1 dev eth0
RTNETLINK answers: Network is unreachable
[root@localhost ]# ip route add default via 192.168.1.1 dev eth1
RTNETLINK answers: File exists
[root@localhost ]#
Interesting. after ONCE AGAIN editing that pesky /proc/sys/net/ipv4/icmp_ec ho_ignore_ all, I have discovered that I can ping 192.168.1.102 (eth1) from eth1 and 192.168.1.103 (eth0) from eth0, but I can't ping eth1 from eth0. (Error: Destination host unreachable)
thank you for continuing to send your ideas.
RIGHT NOW - the DSL modem is the *only* dchp server on the network. the Linux box is not yet configured to do anything (well not that I know of anyway). eth0 is not plugged into the modem yet.
in the future, I am planning to set it up the way you said, with the modem and the eth0 on one subnet, and eth1 and LAN on another. But currently eth0 and the modem aren't direcly connected.
I set both to use DHCP and they have
eth0: 192.168.1.103
eth1: 192.168.1.102
[root@localhost ]# ip route add default via 192.168.1.1 dev eth0
RTNETLINK answers: Network is unreachable
[root@localhost ]# ip route add default via 192.168.1.1 dev eth1
RTNETLINK answers: File exists
[root@localhost ]#
Interesting. after ONCE AGAIN editing that pesky /proc/sys/net/ipv4/icmp_ec
Can you get through to the DSL modem through eth1 now?
I worry about the responses to the ip route commands. If you run ifconfig after these I would expect that you would come up with output something like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0 0 0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 0 0 0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0 0 0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 0 0 0
If not then something is clearly amiss with the execution of the ip route commands
I wonder if you are running into firewall rules.
First, it seems strange to me to have two network connections on a firewall communicating with the same subnet - it kind of defeats the purpose of the whole thing.
Perhaps it would be better if you went straight to your intended configuration and tried to get it going. Then you would at least be solving the problems you will need to solve in your intended solution, instead of problems you might not run into otherwise.
Am I right to assume that the DSL modem is in use by the others on the LAN now so that you don't want to take it out of the 192.168.1.0 subnet at this time? If so, you could try taking eth0 off the LAN and hooking it directly to a single workstation. Then you could set up a subnet, say 10.x.x.x, with just that workstation and eth0, and figure out how to route through the firewall to the modem.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0 0 0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 0 0 0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0 0 0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 0 0 0
If not then something is clearly amiss with the execution of the ip route commands
I wonder if you are running into firewall rules.
First, it seems strange to me to have two network connections on a firewall communicating with the same subnet - it kind of defeats the purpose of the whole thing.
Perhaps it would be better if you went straight to your intended configuration and tried to get it going. Then you would at least be solving the problems you will need to solve in your intended solution, instead of problems you might not run into otherwise.
Am I right to assume that the DSL modem is in use by the others on the LAN now so that you don't want to take it out of the 192.168.1.0 subnet at this time? If so, you could try taking eth0 off the LAN and hooking it directly to a single workstation. Then you could set up a subnet, say 10.x.x.x, with just that workstation and eth0, and figure out how to route through the firewall to the modem.
ASKER
You are correct, the DSL modem is in use, and unfortunately I don't have access to the building after hours (no one does) so the amount of time I will have to play with it will be very limited.
Excellent suggestion. I am going to plug eth0 into this little workstation here, and make a new subnet. And leave eth1 plugged into the LAN. I will post back here shortly. Thank you.
Excellent suggestion. I am going to plug eth0 into this little workstation here, and make a new subnet. And leave eth1 plugged into the LAN. I will post back here shortly. Thank you.
ASKER
OK
Current configuration
DSL modem -> LAN -> my hub -> Windows ME (192.168.1.122)
Windows 98 (192.168.99.121)
Linux eth0 (192.168.99.1)
Linux eth1 (192.168.1.2)
route -n:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
I even tried netconfig -d eth0 --gateway=192.168.99.1 but it doesn't put a gateway for eth0.
Results:
From the Windows 98 workstation (192.168.99.121) ping 192.168.99.1 -> Destination port unreachable
From eth0 (192.168.99.1) ping 192.168.99.121 -> 0 packets received
From eth1 (192.168.1.2) ping 192.168.1.1 -> 0 packets received
From Windows ME (192.168.1.121) ping 192.168.1.2 -> Destination port unreachable.
Drat.
Current configuration
DSL modem -> LAN -> my hub -> Windows ME (192.168.1.122)
Windows 98 (192.168.99.121)
Linux eth0 (192.168.99.1)
Linux eth1 (192.168.1.2)
route -n:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
I even tried netconfig -d eth0 --gateway=192.168.99.1 but it doesn't put a gateway for eth0.
Results:
From the Windows 98 workstation (192.168.99.121) ping 192.168.99.1 -> Destination port unreachable
From eth0 (192.168.99.1) ping 192.168.99.121 -> 0 packets received
From eth1 (192.168.1.2) ping 192.168.1.1 -> 0 packets received
From Windows ME (192.168.1.121) ping 192.168.1.2 -> Destination port unreachable.
Drat.
I don't seem to be helping a great deal, do I.
I'm pretty much stumped, and pretty sorry about it too...
I'm pretty much stumped, and pretty sorry about it too...
ASKER
Well, i appreciate all your help, do not give up...
a tcpdump reveals the message
17 packets received by filter
0 packets dropped by kernel
This makes me think that my firewall or iptables are interfereing in some way. I have renamed my iptables file and tried to edit the policies in shorewall. But still the problem persists and I can't ping anyone, not even the other network card
a tcpdump reveals the message
17 packets received by filter
0 packets dropped by kernel
This makes me think that my firewall or iptables are interfereing in some way. I have renamed my iptables file and tried to edit the policies in shorewall. But still the problem persists and I can't ping anyone, not even the other network card
ASKER
Solved the mystery.
I had to disable shorewall:
[root@localhost ]# shorewall stop
enable icmp
[root@localhost ]# echo 0 > /proc/sys/net/ipv4/icmp_ec ho_ignore_ all
and delete, remove executable, and flush IP tables (after backing up onto floppy of course
[root@localhost ]# cd /etc/rc.d/init.d
[root@localhost ]# rm iptables
[root@localhost ]# chmod -x iptables // yes it makes another one
[root@localhost ]# iptables -F (get rid of all the default rulse
[root@localhost ]# iptables -P INPUT ACCEPT
[root@localhost ]# iptables -P OUTPUT ACCEPT
[root@localhost ]# iptables -P FORWARD ACCEPT
finally!!!
[root@localhost ]# ping 192.168.1.1
PING 192.168.1.1 from 192.168.1.66 : 56(84) bytes of data
64 bytes from 192.168.1.1: icmp_seq=0 ttl=128 time=726 usec
64 bytes from 192.168.1.1: icmp_seq=1 ttl=128 time=403 usec
64 bytes from 192.168.1.1: icmp_seq=2 ttl=128 time=402 usec
--- 192.168.1.1 ping statistics
3 packets transmitted, 3 packets received, 0% packet loss
*YAY*
Of course, i now have no firewall and no protection. But at least i can function better. Yeesh.
I had to disable shorewall:
[root@localhost ]# shorewall stop
enable icmp
[root@localhost ]# echo 0 > /proc/sys/net/ipv4/icmp_ec
and delete, remove executable, and flush IP tables (after backing up onto floppy of course
[root@localhost ]# cd /etc/rc.d/init.d
[root@localhost ]# rm iptables
[root@localhost ]# chmod -x iptables // yes it makes another one
[root@localhost ]# iptables -F (get rid of all the default rulse
[root@localhost ]# iptables -P INPUT ACCEPT
[root@localhost ]# iptables -P OUTPUT ACCEPT
[root@localhost ]# iptables -P FORWARD ACCEPT
finally!!!
[root@localhost ]# ping 192.168.1.1
PING 192.168.1.1 from 192.168.1.66 : 56(84) bytes of data
64 bytes from 192.168.1.1: icmp_seq=0 ttl=128 time=726 usec
64 bytes from 192.168.1.1: icmp_seq=1 ttl=128 time=403 usec
64 bytes from 192.168.1.1: icmp_seq=2 ttl=128 time=402 usec
--- 192.168.1.1 ping statistics
3 packets transmitted, 3 packets received, 0% packet loss
*YAY*
Of course, i now have no firewall and no protection. But at least i can function better. Yeesh.
Very good, and congrats!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
route -nNvee
and post the results?