[oclug]networking: sending from inside network to isp

Martin Hicks mort at bork.org
Mon Oct 21 21:57:04 EDT 2002 

You must do IP-Masquerading, because your internal net is non-routable 
(network is within 192.168.0.0/16).

http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html


mh

On Mon, Oct 21, 2002 at 08:46:03PM -0400, Brenda J. Butler wrote:
> 
> 
> I have two machines at home.  I used to use the machine
> which is connected to the modem to dial up and as my
> main machine, but now I want to use it as a firewall
> and use the other machine as my main machine.
> 
> My problem is that the second machine (taz) can ping
> the firewall machine (seal).  However, some attempts
> to communicate with machines outside my home network
> result in silence and timeouts (even when the modem
> has connected !  heh heh)
> 
> seal is running debian woody 3.0, kernel 2.2.19
> ipchains -L returns:
>     Chain input (policy ACCEPT):
>     Chain forward (policy ACCEPT):
>     Chain output (policy ACCEPT):
> 
> taz is running debian woody 3.0, kernel 2.4.18
> iptables -L returns:
> iptables v1.2.6a: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> 
> When I modprobe ip_tables and iptable_filter and ip_conntrack and
> then run iptables -L I get:
>     tazmaniandevil:/usr/share/doc/HOWTO/en-txt# iptables -L
>     Chain INPUT (policy ACCEPT)
>     target     prot opt source               destination
>     
>     Chain FORWARD (policy ACCEPT)
>     target     prot opt source               destination
>     
>     Chain OUTPUT (policy ACCEPT)
>     target     prot opt source               destination
>     tazmaniandevil:/usr/share/doc/HOWTO/en-txt#
> 
> 
> Examples of things I've tried:
> 
> ping from taz to seal:  works
>   The modem lights don't blink.
>   The internal network hub light blinks.
> 
> ping from seal to taz:  works
>   The modem lights don't blink.
>   The internal network hub light blinks.
> 
> ping from seal to isp's ip ("remote" ip in ppp connection log):  works
>   The modem send and receive lights blink.
>   The internal network hub light also blinks.
> 
> ping from seal to isp's ip ("local" ip in ppp connection log):  works
>   The modem send and receive lights don't blink.
>   The internal network hub light does blink.
> 
> ping from seal to isp's nameserver (specified as dotted quad):  fails.
>   I see the modem lights light up for send, but not for receive.
>   The internal network hub light does not blink.
> 
> ping from seal to another outside nameserver (same failure)
> 
> ping from taz to isp's nameserver (specified as dotted quad):  fails.
>   I don't see the modem lights light up at all.  The hub
>   light blinks (between taz and seal).
> 
> fetchmail downloads and exim mail uploads work (to/from seal).
> 
> visiting an external web page from seal works.
> 
> visiting an external web page from taz doesn't (times out)
> 
> 
> bjb at tazmaniandevil ~ 510 $ /sbin/route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> localnet        *               255.255.255.0   U     0      0        0 eth0
> default         seal.stuffed.an 0.0.0.0         UG    0      0        0 eth0
> bjb at tazmaniandevil ~ 511 $ ifconfig
> bash: ifconfig: command not found
> bjb at tazmaniandevil ~ 512 $ /sbin/ifconfig
> eth0      Link encap:Ethernet  HWaddr 08:00:20:7C:9C:FD
>           inet addr:192.168.110.44  Bcast:192.168.110.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:2961627 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1565185 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:4313278147 (4.0 GiB)  TX bytes:106629622 (101.6 MiB)
>           Interrupt:32
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:427 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:38646 (37.7 KiB)  TX bytes:38646 (37.7 KiB)
> 
> bjb at tazmaniandevil ~ 513 $
> 
> 
> bjb at seal:~$ /sbin/route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> tnt04.magma.ca  *               255.255.255.255 UH    0      0        0 ppp0
> localnet        *               255.255.255.0   U     0      0        0 eth0
> default         *               0.0.0.0         U     0      0        0 ppp0
> bjb at seal:~$ /sbin/ifconfig
> eth0      Link encap:Ethernet  HWaddr 08:00:20:76:0C:60
>           inet addr:192.168.110.5  Bcast:192.168.110.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:2255380 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:4283525 errors:1 dropped:0 overruns:0 carrier:1
>           collisions:6 txqueuelen:100
>           RX bytes:153527361 (146.4 MiB)  TX bytes:1931003524 (1.7 GiB)
>           Interrupt:38 Base address:0xf600
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:36122 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:36122 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:10272940 (9.7 MiB)  TX bytes:10272940 (9.7 MiB)
> 
> ppp0      Link encap:Point-to-Point Protocol
>           inet addr:64.26.139.172  P-t-P:206.191.0.146  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1524  Metric:1
>           RX packets:46 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:107 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:10
>           RX bytes:1758 (1.7 KiB)  TX bytes:5864 (5.7 KiB)
> 
> bjb at seal:~$
> 
> 
> 
> I see nothing related to refused, rejected or dropped network
> connections or packets in my log files.
> 
> Although... there is something about "Cannot determine ethernet
> address for proxy ARP" every time I connect via ppp.
> 
> 
> So!  What do I look for next?  As I'm a beginner at networking,
> please don't hesitate to ask me if "the cable is plugged in".
> It probably isn't.  Also if the answer is obvious to you from
> the above data, please explain it to me 'cause its not obvious
> to me.
> 
> Thanks in advance!
> 
> -- 
> bjb at achilles dot net
> Debian  http://www.debian.org
> 
> _______________________________________________
> oclug mailing list
> oclug at lists.oclug.on.ca
> http://www.oclug.on.ca/mailman/listinfo/oclug

-- 
Martin Hicks  ||  mort at bork.org  || PGP/GnuPG: 0x4C7F2BEE
plato up 20 days,  3:54, 13 users,  load average: 0.02, 0.04, 0.06
Beer: So much more than just a breakfast drink.

More information about the OCLUG mailing list