From: Beolach <beolach@comcast.net>
To: "Chadha, Devesh" <devesh.chadha@lehman.com>
Cc: linux-newbie@vger.kernel.org
Subject: Re: 2 NIC cards not talking
Date: Wed, 21 Jan 2004 21:02:58 -0700 [thread overview]
Message-ID: <400F4B72.6090508@comcast.net> (raw)
In-Reply-To: <5F84A09ECDD5D411973000508BE32470266024F6@exnyc07.lehman.com>
[-- Attachment #1: Type: text/plain, Size: 2686 bytes --]
It looks to me like you're iptables haven't been setup to NAT. I have
attached the output of 'iptables -nvL' on my NATing gateway. Just for
the heck of it I obscured my public address too. I used a slightly
modified version of the rc.firewall-stronger startup script from the
IP-Masquerade HOWTO (IP-Masquerade is the same thing as NAT). Links:
The IP-Masquerade HOWTO:
<http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html>
The exampe startup scripts from the HOWTO.
<http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/examples/>
Good luck,
Conway S. Smith
Chadha, Devesh wrote:
> Here are all the answers:
>
> Chuck's questions:
> My IP address is a public IP.
> I think I am not NATing correctly and hence this problem.
> ping -c 4 192.168.1.1 gives:
> 64 bytes from 192.168.1.1 icmp_seq=1 ttl=64 time=0.237 ms
> 64 bytes from 192.168.1.1 icmp_seq=2 ttl=64 time=0.152 ms
> 64 bytes from 192.168.1.1 icmp_seq=3 ttl=64 time=0.150 ms
> 64 bytes from 192.168.1.1 icmp_seq=4 ttl=64 time=0.152 ms
>
> --- 192.168.1.1 ping statistics ---
> 4 packets transmitted, 4 received, 0% loss, time 3000ms
>
> ping -c 4 xxx.xxx.xxx.xxx gives:
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=1 ttl=64 time=0.237 ms
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=2 ttl=64 time=0.146 ms
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=3 ttl=64 time=0.151 ms
> 64 bytes from xxx.xxx.xxx.xxx icmp_seq=4 ttl=64 time=0.149 ms
>
> --- xxx.xxx.xxx.xxx ping statistics ---
> 4 packets transmitted, 4 received, 0% loss, time 2998ms
>
> Rays questions:
> 1. Correction, both are not on same subnet. Sorry for the wrong info. I
> guess I am not NATing right
> 2. given that information. see below
> 3. ip forwarding is on. I dont know if I have NATing set up correct. I
> looked up the internet and ran some scripts.
> Here is my iptables -nvl output:
>
> Chain INPUT (policy ACCEPT 46 packets, 4390 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT all -- eth1 * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 66 packets, 6036 bytes)
> pkts bytes target prot opt in out source
> destination
>
> 4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging
> xxx.xxx.xxx.xxx from eth1 gave the same.
>
> 5. I can connect to internet using eth0 since I can browse the internet. I
> can also ping the gateway from eth0
>
> Hope this helps. I know that xxx.xxx.... is annoying, but I cant help it.
>
> Thanks for taking interest...
>
[-- Attachment #2: iptables-nvL --]
[-- Type: text/plain, Size: 3214 bytes --]
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1614 165K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
339K 51M ACCEPT all -- eth0 * 192.168.0.0/24 0.0.0.0/0
0 0 drop-and-log-it all -- eth1 * 192.168.0.0/24 0.0.0.0/0
5577 489K ACCEPT icmp -- eth1 * 0.0.0.0/0 xxx.xxx.xxx.xxx
756K 1092M ACCEPT all -- eth1 * 0.0.0.0/0 xxx.xxx.xxx.xxx state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp spt:123 dpt:123
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:123 dpt:123
1358 66864 ACCEPT tcp -- eth1 * 0.0.0.0/0 xxx.xxx.xxx.xxx state NEW,RELATED,ESTABLISHED tcp dpt:80
62 2232 ACCEPT udp -- eth1 * 0.0.0.0/0 xxx.xxx.xxx.xxx udp spt:6112
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 xxx.xxx.xxx.xxx udp dpt:6112
358K 127M drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19540 1801K ACCEPT tcp -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:6112 state NEW,RELATED,ESTABLISHED
2210 109K ACCEPT tcp -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:6113 state NEW,RELATED,ESTABLISHED
3773K 2726M ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3785K 2010M ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
0 0 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 4 packets, 960 bytes)
pkts bytes target prot opt in out source destination
1614 165K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
564 443K ACCEPT all -- * eth0 xxx.xxx.xxx.xxx 192.168.0.0/24
423K 1093M ACCEPT all -- * eth0 192.168.0.0/24 192.168.0.0/24
0 0 drop-and-log-it all -- * eth1 0.0.0.0/0 192.168.0.0/24
645K 39M ACCEPT all -- * eth1 xxx.xxx.xxx.xxx 0.0.0.0/0
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:123 dpt:123
0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:123 dpt:123
0 0 drop-and-log-it all -- * * 0.0.0.0/0 0.0.0.0/0
Chain drop-and-log-it (5 references)
pkts bytes target prot opt in out source destination
358K 127M LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6
358K 127M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
next prev parent reply other threads:[~2004-01-22 4:02 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-22 2:31 2 NIC cards not talking Chadha, Devesh
2004-01-22 4:02 ` Beolach [this message]
2004-01-22 4:16 ` chuck
2004-01-22 4:28 ` Beolach
2004-01-22 4:32 ` Beolach
2004-01-22 21:23 ` chuck
-- strict thread matches above, loose matches on Subject: below --
2004-01-22 21:39 Chadha, Devesh
2004-01-23 0:52 ` chuck
2004-01-23 4:04 ` Beolach
2004-01-23 6:33 ` pa3gcu
2004-01-23 16:54 ` Ray Olszewski
2004-01-23 10:55 ` chuck
2004-01-22 13:52 Chadha, Devesh
[not found] <5F84A09ECDD5D411973000508BE32470266024F6@exnyc07.lehman.co m>
2004-01-22 5:56 ` Ray Olszewski
[not found] <5F84A09ECDD5D411973000508BE32470266024F5@exnyc07.lehman.co m>
2004-01-22 1:35 ` Ray Olszewski
2004-01-22 0:32 Chadha, Devesh
2004-01-22 1:24 ` chuck
[not found] <5F84A09ECDD5D411973000508BE32470266024F2@exnyc07.lehman.co m>
2004-01-22 0:01 ` Ray Olszewski
2004-01-21 21:52 Chadha, Devesh
[not found] <5F84A09ECDD5D411973000508BE32470266024E7@exnyc07.lehman.co m>
2004-01-21 17:08 ` Ray Olszewski
2004-01-21 16:47 Chadha, Devesh
2004-01-21 15:23 Chadha, Devesh
2004-01-21 16:38 ` pa3gcu
2004-01-21 16:47 ` Juan Facundo Suárez
2004-01-21 15:13 Juan Facundo Suárez
2004-01-21 14:25 Chadha, Devesh
2004-01-21 21:44 ` chuck gelm net
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=400F4B72.6090508@comcast.net \
--to=beolach@comcast.net \
--cc=devesh.chadha@lehman.com \
--cc=linux-newbie@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.