troubleshooting  a connectivity problem

Posted on 2005-04-14
Last Modified: 2010-03-18
Hi there,

I'd like some help troubleshooting a Internet connectivity problem.  The situation is an internal lan client
with a gateway firewall (mandrake OS and iptables) with an internal and external interfaces.
Am unable to get out to the Internet from the lan, but can get out locally from the firewall.

I'd really like some tips on network troubleshooting tips. The problem arose after a house move. All else stayed the same
except the network scripts weren't saved. The firewall hasn't changed,except its running over ppoe now.

I'm not looking for a solution just loads of tips on how to investigate this.


Question by:jjbarnsley
    LVL 14

    Accepted Solution

    i have this script and work all ok under ppoe  you need to change 200. for your isp provider address or range. and the 192.xxxx internal network for your internal network.


    # set up firewall

    case "$1" in
            echo "Starting firewall"

    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT

    iptables -P POSTROUTING ACCEPT -t nat
    iptables -P PREROUTING ACCEPT -t nat
    iptables -P OUTPUT ACCEPT -t nat

    modprobe iptable_nat
    modprobe ip_nat_ftp
    modprobe ip_conntrack_ftp

    echo 1 > /proc/sys/net/ipv4/ip_forward

    #iptables -N PORTSCANDROPLAN
    #iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
    #iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
    #iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    #iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags ALL FIN -j DROP
    #iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags ALL ALL -j DROP

    iptables -A FORWARD -j ACCEPT -i eth0 -o eth0 -d 0/0
    iptables -A FORWARD -j ACCEPT -i ppp0 -o eth0 -d 0/0
    iptables -A FORWARD -j ACCEPT -i eth0 -o ppp0 -d 0/0
    iptables -A FORWARD -j ACCEPT -i eth0 -o ppp0 -d 0/0

    iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
    #iptables -A FORWARD -j ACCEPT -p icmp
    iptables -A OUTPUT -j ACCEPT -s  -d 0/0
    iptables -A OUTPUT -j ACCEPT -s -d 0/0
    iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -i eth0 -j ACCEPT
    iptables -A INPUT -i ppp0 -j ACCEPT
    iptables -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 21  --syn -j ACCEPT
    iptables -A INPUT -p tcp -m tcp  --dport 8080  -j ACCEPT
    iptables -A INPUT -p tcp -m tcp  --dport 995 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 4662 -j ACCEPT
    iptables -A INPUT -p udp -m udp --dport 4672 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 953 -j ACCEPT
    iptables -A INPUT  -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT  -p udp --dport 53 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp  --dport 143 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    iptables -N dropwall
    iptables -A dropwall -j DROP
    iptables -A INPUT -j dropwall


            echo "Removing firewall"
            iptables -F
            iptables -Z
            iptables -P OUTPUT  ACCEPT
            iptables -P INPUT   ACCEPT
            iptables -P FORWARD ACCEPT
            iptables -P dropwall ACCEPT

            echo "$0 {start|stop}"

    LVL 19

    Expert Comment

    try enabling forwarding:

    echo "1" > /proc/sys/net/ipv4/ip_forward
    LVL 25

    Expert Comment

    No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
    I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: pablouruguay

    Any objections should be posted here in the next 4 days. After that time, the question will be closed.

    EE Cleanup Volunteer

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now