Wayne <linuxtwo@gmail.com> put forth on 1/1/2010 5:31 PM:
Hope this helps!!
Best I can tell all the subnet masks are correct.
I was just thinking... (smoke rises). dmesg shows a small amount of packet
traffic to/from the MiFi WLAN interface, basically the DHCP setup handshake
packets, and nothing more. Yet, you are unable to ping or telnet or www to that
interface on the MiFi, but you can ping your local WiFi interface.
What I'm thinking here is that your network stack is active, but something is
preventing your user space applications from accessing the network stack. If
you have SELinux enabled, disable it. Check to make sure you have no iptables
rules in place that might be causing problems. If you don't know what iptables
is, disable or clear out any "firewall" software front end you have installed,
such as those listed here:
As soon as you said firewall, I remembered having this problem before.
I had meant to disable the firewall last night when testing the MiFi
connection, but forgot.
I did it just now and was able to ping, finally, 192.168.1 .1. I then
http'ed to it and connected to the Admin page!!! Entered the passwd and
got to the configuration pages.!!! No firewall running but tried to
connect to Google anyway. No Joy. Checked /etc/resolv.conf. The DNS
from the MiFi are not there so replaced one with the mifi dns but no
joy. I still think my routing is incomplete
http://wiki.debian.org/Firewalls
To do it manually, first, from a bash shell, do an "iptables -S" and reply here
with the output (this is merely informational for those following this thread).
Immediately afterward, without waiting for my response, execute "iptables -F"
to flush the current rules. You should now be working.
I checked the firewall script (firehol) and found an obvious error. As I
have been using modems I had ehol) and found an obvious error. I've
been using modems so I had PUBLIC_MYIF="ppp+". Changed it to
PUBLIC_MYIF="ath0", started the firewall, ran iptbles -S, tried to
connect, No, so ran iptables -F, tried to connect, no, do stopped the
firewall and connected to the admin page, but not to the internet.
I should have thought of this earlier, because of this:
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
I've never seen that error before. "Operation not permitted" is obviously a
policy error, not a network error.
I have seen that. Not to long ago either. I fixed it but can't
remember what I did. I 'think' it was due to an incorrect routing table
or the firewall though
I apologize for the length of this, but for others to learn from I will
include the results of iptables -S which is how I caught the ppp+ error.
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N BL_IN_BI
-N BL_IN_UNI
-N BL_OUT_BI
-N in_home
-N in_home_all_c4
-N in_home_all_s1
-N in_home_ftp_c6
-N in_home_ftp_s3
-N in_home_irc_c5
-N in_home_irc_s2
-N in_internet
-N in_internet2lan
-N in_internet2lan_all_c1
-N in_internet2lan_ftp_c3
-N in_internet2lan_irc_c2
-N in_internet_all_c5
-N in_internet_ftp_c7
-N in_internet_http_s4
-N in_internet_irc_c6
-N in_internet_smtp_s3
-N in_internet_torrent_c2
-N in_internet_torrent_s1
-N out_home
-N out_home_all_c4
-N out_home_all_s1
-N out_home_ftp_c6
-N out_home_ftp_s3
-N out_home_irc_c5
-N out_home_irc_s2
-N out_internet
-N out_internet2lan
-N out_internet2lan_all_c1
-N out_internet2lan_ftp_c3
-N out_internet2lan_irc_c2
-N out_internet_all_c5
-N out_internet_ftp_c7
-N out_internet_http_s4
-N out_internet_irc_c6
-N out_internet_smtp_s3
-N out_internet_torrent_c2
-N out_internet_torrent_s1
-N pr_internet_fragments
-N pr_internet_icmpflood
-N pr_internet_malbad
-N pr_internet_malnull
-N pr_internet_malxmas
-N pr_internet_nosyn
-N pr_internet_synflood
-A INPUT -s 4.79.132.217/32 -j BL_IN_BI
-A INPUT -s 69.94.105.81/32 -j BL_IN_BI
-A INPUT -s 65.120.238.2/32 -j BL_IN_BI
-A INPUT -s 66.79.167.34/32 -j BL_IN_BI
-A INPUT -s 68.230.241.41/32 -j BL_IN_BI
-A INPUT -s 89.77.64.72/32 -j BL_IN_BI
-A INPUT -s 216.239.51.91/32 -j BL_IN_BI
-A INPUT -s 73.14.253.95/32 -j BL_IN_BI
-A INPUT -s 68.142.110.0/24 -j BL_IN_BI
-A INPUT -s 207.251.224.0/20 -j BL_IN_BI
-A INPUT -s 210.251.192.0/19 -j BL_IN_BI
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 192.168.1.11/32 -i eth0 -j in_home
-A INPUT -s 192.168.1.0/24 -d 192.168.1.255/32 -i eth0 -j in_home
-A INPUT -i ath0 -j in_internet
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -m limit --limit 30/min -j ULOG --ulog-prefix "'IN-unknown:'"
-A INPUT -j DROP
-A FORWARD -d 4.79.132.217/32 -j BL_OUT_BI
-A FORWARD -s 4.79.132.217/32 -j BL_IN_BI
-A FORWARD -d 69.94.105.81/32 -j BL_OUT_BI
-A FORWARD -s 69.94.105.81/32 -j BL_IN_BI
-A FORWARD -d 65.120.238.2/32 -j BL_OUT_BI
-A FORWARD -s 65.120.238.2/32 -j BL_IN_BI
-A FORWARD -d 66.79.167.34/32 -j BL_OUT_BI
-A FORWARD -s 66.79.167.34/32 -j BL_IN_BI
-A FORWARD -d 68.230.241.41/32 -j BL_OUT_BI
-A FORWARD -s 68.230.241.41/32 -j BL_IN_BI
-A FORWARD -d 89.77.64.72/32 -j BL_OUT_BI
-A FORWARD -s 89.77.64.72/32 -j BL_IN_BI
-A FORWARD -d 216.239.51.91/32 -j BL_OUT_BI
-A FORWARD -s 216.239.51.91/32 -j BL_IN_BI
-A FORWARD -d 73.14.253.95/32 -j BL_OUT_BI
-A FORWARD -s 73.14.253.95/32 -j BL_IN_BI
-A FORWARD -d 68.142.110.0/24 -j BL_OUT_BI
-A FORWARD -s 68.142.110.0/24 -j BL_IN_BI
-A FORWARD -d 207.251.224.0/20 -j BL_OUT_BI
-A FORWARD -s 207.251.224.0/20 -j BL_IN_BI
-A FORWARD -d 210.251.192.0/19 -j BL_OUT_BI
-A FORWARD -s 210.251.192.0/19 -j BL_IN_BI
-A FORWARD -d 192.168.1.0/24 -i ath0 -o eth0 -j in_internet2lan
-A FORWARD -s 192.168.1.0/24 -i eth0 -o ath0 -j out_internet2lan
-A FORWARD -m state --state RELATED -j ACCEPT
-A FORWARD -m limit --limit 30/min -j ULOG --ulog-prefix
"'PASS-unknown:'"
-A FORWARD -j DROP
-A OUTPUT -d 4.79.132.217/32 -j BL_OUT_BI
-A OUTPUT -d 69.94.105.81/32 -j BL_OUT_BI
-A OUTPUT -d 65.120.238.2/32 -j BL_OUT_BI
-A OUTPUT -d 66.79.167.34/32 -j BL_OUT_BI
-A OUTPUT -d 68.230.241.41/32 -j BL_OUT_BI
-A OUTPUT -d 89.77.64.72/32 -j BL_OUT_BI
-A OUTPUT -d 216.239.51.91/32 -j BL_OUT_BI
-A OUTPUT -d 73.14.253.95/32 -j BL_OUT_BI
-A OUTPUT -d 68.142.110.0/24 -j BL_OUT_BI
-A OUTPUT -d 207.251.224.0/20 -j BL_OUT_BI
-A OUTPUT -d 210.251.192.0/19 -j BL_OUT_BI
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.1.11/32 -d 192.168.1.0/24 -o eth0 -j out_home
-A OUTPUT -s 192.168.1.255/32 -d 192.168.1.0/24 -o eth0 -j out_home
-A OUTPUT -o ath0 -j out_internet
-A OUTPUT -m state --state RELATED -j ACCEPT
-A OUTPUT -m limit --limit 30/min -j ULOG --ulog-prefix "'OUT-unknown:'"
-A OUTPUT -j DROP
-A BL_IN_BI -j DROP
-A BL_IN_UNI -m state --state NEW -j DROP
-A BL_OUT_BI -p tcp -j REJECT --reject-with tcp-reset
-A BL_OUT_BI -j REJECT --reject-with icmp-host-unreachable
-A in_home -j in_home_all_s1
-A in_home -j in_home_irc_s2
-A in_home -j in_home_ftp_s3
-A in_home -j in_home_all_c4
-A in_home -j in_home_irc_c5
-A in_home -j in_home_ftp_c6
-A in_home -m state --state RELATED -j ACCEPT
-A in_home -p tcp -m limit --limit 30/min -j ULOG --ulog-prefix
"'IN-home':'"
-A in_home -p tcp -j REJECT --reject-with tcp-reset
-A in_home -m limit --limit 30/min -j ULOG --ulog-prefix "'IN-home':'"
-A in_home -j REJECT --reject-with icmp-port-unreachable
-A in_home_all_c4 -m state --state ESTABLISHED -j ACCEPT
-A in_home_all_s1 -m state --state NEW,ESTABLISHED -j ACCEPT
-A in_home_ftp_c6 -p tcp -m tcp --sport 21 --dport 32768:61000 -m state
--state ESTABLISHED -j ACCEPT
-A in_home_ftp_c6 -p tcp -m tcp --sport 20 --dport 32768:61000 -m state
--state RELATED,ESTABLISHED -j ACCEPT
-A in_home_ftp_c6 -p tcp -m tcp --sport 1024:65535 --dport 32768:61000
-m state --state ESTABLISHED -j ACCEPT
-A in_home_ftp_s3 -p tcp -m tcp --sport 1024:65535 --dport 21 -m state
--state NEW,ESTABLISHED -j ACCEPT
-A in_home_ftp_s3 -p tcp -m tcp --sport 1024:65535 --dport 20 -m state
--state ESTABLISHED -j ACCEPT
-A in_home_ftp_s3 -p tcp -m tcp --sport 1024:65535 --dport 32768:61000
-m state --state RELATED,ESTABLISHED -j ACCEPT
-A in_home_irc_c5 -p tcp -m tcp --sport 6667 --dport 32768:61000 -m
state --state ESTABLISHED -j ACCEPT
-A in_home_irc_s2 -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state
--state NEW,ESTABLISHED -j ACCEPT
-A in_internet -s 0.0.0.0/7 -j RETURN
-A in_internet -s 5.0.0.0/8 -j RETURN
-A in_internet -s 10.0.0.0/8 -j RETURN
-A in_internet -s 14.0.0.0/8 -j RETURN
-A in_internet -s 23.0.0.0/8 -j RETURN
-A in_internet -s 27.0.0.0/8 -j RETURN
-A in_internet -s 31.0.0.0/8 -j RETURN
-A in_internet -s 36.0.0.0/7 -j RETURN
-A in_internet -s 39.0.0.0/8 -j RETURN
-A in_internet -s 42.0.0.0/8 -j RETURN
-A in_internet -s 49.0.0.0/8 -j RETURN
-A in_internet -s 50.0.0.0/8 -j RETURN
-A in_internet -s 100.0.0.0/6 -j RETURN
-A in_internet -s 104.0.0.0/6 -j RETURN
-A in_internet -s 127.0.0.0/8 -j RETURN
-A in_internet -s 176.0.0.0/7 -j RETURN
-A in_internet -s 179.0.0.0/8 -j RETURN
-A in_internet -s 181.0.0.0/8 -j RETURN
-A in_internet -s 185.0.0.0/8 -j RETURN
-A in_internet -s 223.0.0.0/8 -j RETURN
-A in_internet -s 240.0.0.0/4 -j RETURN
-A in_internet -s 10.0.0.0/8 -j RETURN
-A in_internet -s 169.254.0.0/16 -j RETURN
-A in_internet -s 172.16.0.0/12 -j RETURN
-A in_internet -s 192.0.2.0/24 -j RETURN
-A in_internet -s 192.88.99.0/24 -j RETURN
-A in_internet -s 192.168.0.0/16 -j RETURN
-A in_internet -j in_internet_torrent_s1
-A in_internet -j in_internet_torrent_c2
-A in_internet -f -j pr_internet_fragments
-A in_internet -p tcp -m state --state NEW -m tcp ! --tcp-flags
FIN,SYN,RST,ACK SYN -j pr_internet_nosyn
-A in_internet -p icmp -m icmp --icmp-type 8 -j pr_internet_icmpflood
-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j
pr_internet_synflood
-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,SYN,RST,PSH,ACK,URG -j pr_internet_malxmas
-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j
pr_internet_malnull
-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j
pr_internet_malbad
-A in_internet -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j
pr_internet_malbad
-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,SYN,RST,ACK,URG -j pr_internet_malbad
-A in_internet -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,PSH,URG -j pr_internet_malbad
-A in_internet -m state --state INVALID -j DROP
-A in_internet -j in_internet_smtp_s3
-A in_internet -j in_internet_http_s4
-A in_internet -j in_internet_all_c5
-A in_internet -j in_internet_irc_c6
-A in_internet -j in_internet_ftp_c7
-A in_internet -m state --state RELATED -j ACCEPT
-A in_internet -m limit --limit 30/min -j ULOG --ulog-prefix
"'IN-internet':'"
-A in_internet -j DROP
-A in_internet2lan -s 0.0.0.0/7 -j RETURN
-A in_internet2lan -s 5.0.0.0/8 -j RETURN
-A in_internet2lan -s 10.0.0.0/8 -j RETURN
-A in_internet2lan -s 14.0.0.0/8 -j RETURN
-A in_internet2lan -s 23.0.0.0/8 -j RETURN
-A in_internet2lan -s 27.0.0.0/8 -j RETURN
-A in_internet2lan -s 31.0.0.0/8 -j RETURN
-A in_internet2lan -s 36.0.0.0/7 -j RETURN
-A in_internet2lan -s 39.0.0.0/8 -j RETURN
-A in_internet2lan -s 42.0.0.0/8 -j RETURN
-A in_internet2lan -s 49.0.0.0/8 -j RETURN
-A in_internet2lan -s 50.0.0.0/8 -j RETURN
-A in_internet2lan -s 100.0.0.0/6 -j RETURN
-A in_internet2lan -s 104.0.0.0/6 -j RETURN
-A in_internet2lan -s 127.0.0.0/8 -j RETURN
-A in_internet2lan -s 176.0.0.0/7 -j RETURN
-A in_internet2lan -s 179.0.0.0/8 -j RETURN
-A in_internet2lan -s 181.0.0.0/8 -j RETURN
-A in_internet2lan -s 185.0.0.0/8 -j RETURN
-A in_internet2lan -s 223.0.0.0/8 -j RETURN
-A in_internet2lan -s 240.0.0.0/4 -j RETURN
-A in_internet2lan -s 10.0.0.0/8 -j RETURN
-A in_internet2lan -s 169.254.0.0/16 -j RETURN
-A in_internet2lan -s 172.16.0.0/12 -j RETURN
-A in_internet2lan -s 192.0.2.0/24 -j RETURN
-A in_internet2lan -s 192.88.99.0/24 -j RETURN
-A in_internet2lan -s 192.168.0.0/16 -j RETURN
-A in_internet2lan -j in_internet2lan_all_c1
-A in_internet2lan -j in_internet2lan_irc_c2
-A in_internet2lan -j in_internet2lan_ftp_c3
-A in_internet2lan -m state --state RELATED -j ACCEPT
-A in_internet2lan_all_c1 -m state --state ESTABLISHED -j ACCEPT
-A in_internet2lan_ftp_c3 -p tcp -m tcp --sport 21 --dport 1024:65535 -m
state --state ESTABLISHED -j ACCEPT
-A in_internet2lan_ftp_c3 -p tcp -m tcp --sport 20 --dport 1024:65535 -m
state --state RELATED,ESTABLISHED -j ACCEPT
-A in_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport
1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A in_internet2lan_irc_c2 -p tcp -m tcp --sport 6667 --dport 1024:65535
-m state --state ESTABLISHED -j ACCEPT
-A in_internet_all_c5 -m state --state ESTABLISHED -j ACCEPT
-A in_internet_ftp_c7 -p tcp -m tcp --sport 21 --dport 32768:61000 -m
state --state ESTABLISHED -j ACCEPT
-A in_internet_ftp_c7 -p tcp -m tcp --sport 20 --dport 32768:61000 -m
state --state RELATED,ESTABLISHED -j ACCEPT
-A in_internet_ftp_c7 -p tcp -m tcp --sport 1024:65535 --dport
32768:61000 -m state --state ESTABLISHED -j ACCEPT
-A in_internet_http_s4 -p tcp -m tcp --sport 1024:65535 --dport 80 -m
state --state NEW,ESTABLISHED -j ACCEPT
-A in_internet_irc_c6 -p tcp -m tcp --sport 6667 --dport 32768:61000 -m
state --state ESTABLISHED -j ACCEPT
-A in_internet_smtp_s3 -p tcp -m tcp --sport 1024:65535 --dport 25 -m
state --state NEW,ESTABLISHED -j ACCEPT
-A in_internet_torrent_c2 -p udp -m udp --sport 5290:6999 --dport
32768:61000 -m state --state ESTABLISHED -j ACCEPT
-A in_internet_torrent_s1 -p udp -m udp --sport 1024:65535 --dport
5290:6999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A out_home -j out_home_all_s1
-A out_home -j out_home_irc_s2
-A out_home -j out_home_ftp_s3
-A out_home -j out_home_all_c4
-A out_home -j out_home_irc_c5
-A out_home -j out_home_ftp_c6
-A out_home -m state --state RELATED -j ACCEPT
-A out_home -p tcp -m limit --limit 30/min -j ULOG --ulog-prefix
"'OUT-home':'"
-A out_home -p tcp -j REJECT --reject-with tcp-reset
-A out_home -m limit --limit 30/min -j ULOG --ulog-prefix
"'OUT-home':'"
-A out_home -j REJECT --reject-with icmp-port-unreachable
-A out_home_all_c4 -m state --state NEW,ESTABLISHED -j ACCEPT
-A out_home_all_s1 -m state --state ESTABLISHED -j ACCEPT
-A out_home_ftp_c6 -p tcp -m tcp --sport 32768:61000 --dport 21 -m state
--state NEW,ESTABLISHED -j ACCEPT
-A out_home_ftp_c6 -p tcp -m tcp --sport 32768:61000 --dport 20 -m state
--state ESTABLISHED -j ACCEPT
-A out_home_ftp_c6 -p tcp -m tcp --sport 32768:61000 --dport 1024:65535
-m state --state RELATED,ESTABLISHED -j ACCEPT
-A out_home_ftp_s3 -p tcp -m tcp --sport 21 --dport 1024:65535 -m state
--state ESTABLISHED -j ACCEPT
-A out_home_ftp_s3 -p tcp -m tcp --sport 20 --dport 1024:65535 -m state
--state RELATED,ESTABLISHED -j ACCEPT
-A out_home_ftp_s3 -p tcp -m tcp --sport 32768:61000 --dport 1024:65535
-m state --state ESTABLISHED -j ACCEPT
-A out_home_irc_c5 -p tcp -m tcp --sport 32768:61000 --dport 6667 -m
state --state NEW,ESTABLISHED -j ACCEPT
-A out_home_irc_s2 -p tcp -m tcp --sport 6667 --dport 1024:65535 -m
state --state ESTABLISHED -j ACCEPT
-A out_internet -d 0.0.0.0/7 -j RETURN
-A out_internet -d 5.0.0.0/8 -j RETURN
-A out_internet -d 10.0.0.0/8 -j RETURN
-A out_internet -d 14.0.0.0/8 -j RETURN
-A out_internet -d 23.0.0.0/8 -j RETURN
-A out_internet -d 27.0.0.0/8 -j RETURN
-A out_internet -d 31.0.0.0/8 -j RETURN
-A out_internet -d 36.0.0.0/7 -j RETURN
-A out_internet -d 39.0.0.0/8 -j RETURN
-A out_internet -d 42.0.0.0/8 -j RETURN
-A out_internet -d 49.0.0.0/8 -j RETURN
-A out_internet -d 50.0.0.0/8 -j RETURN
-A out_internet -d 100.0.0.0/6 -j RETURN
-A out_internet -d 104.0.0.0/6 -j RETURN
-A out_internet -d 127.0.0.0/8 -j RETURN
-A out_internet -d 176.0.0.0/7 -j RETURN
-A out_internet -d 179.0.0.0/8 -j RETURN
-A out_internet -d 181.0.0.0/8 -j RETURN
-A out_internet -d 185.0.0.0/8 -j RETURN
-A out_internet -d 223.0.0.0/8 -j RETURN
-A out_internet -d 240.0.0.0/4 -j RETURN
-A out_internet -d 10.0.0.0/8 -j RETURN
-A out_internet -d 169.254.0.0/16 -j RETURN
-A out_internet -d 172.16.0.0/12 -j RETURN
-A out_internet -d 192.0.2.0/24 -j RETURN
-A out_internet -d 192.88.99.0/24 -j RETURN
-A out_internet -d 192.168.0.0/16 -j RETURN
-A out_internet -j out_internet_torrent_s1
-A out_internet -j out_internet_torrent_c2
-A out_internet -j out_internet_smtp_s3
-A out_internet -j out_internet_http_s4
-A out_internet -j out_internet_all_c5
-A out_internet -j out_internet_irc_c6
-A out_internet -j out_internet_ftp_c7
-A out_internet -m state --state RELATED -j ACCEPT
-A out_internet -m limit --limit 30/min -j ULOG --ulog-prefix
"'OUT-internet':'"
-A out_internet -j DROP
-A out_internet2lan -d 0.0.0.0/7 -j RETURN
-A out_internet2lan -d 5.0.0.0/8 -j RETURN
-A out_internet2lan -d 10.0.0.0/8 -j RETURN
-A out_internet2lan -d 14.0.0.0/8 -j RETURN
-A out_internet2lan -d 23.0.0.0/8 -j RETURN
-A out_internet2lan -d 27.0.0.0/8 -j RETURN
-A out_internet2lan -d 31.0.0.0/8 -j RETURN
-A out_internet2lan -d 36.0.0.0/7 -j RETURN
-A out_internet2lan -d 39.0.0.0/8 -j RETURN
-A out_internet2lan -d 42.0.0.0/8 -j RETURN
-A out_internet2lan -d 49.0.0.0/8 -j RETURN
-A out_internet2lan -d 50.0.0.0/8 -j RETURN
-A out_internet2lan -d 100.0.0.0/6 -j RETURN
-A out_internet2lan -d 104.0.0.0/6 -j RETURN
-A out_internet2lan -d 127.0.0.0/8 -j RETURN
-A out_internet2lan -d 176.0.0.0/7 -j RETURN
-A out_internet2lan -d 179.0.0.0/8 -j RETURN
-A out_internet2lan -d 181.0.0.0/8 -j RETURN
-A out_internet2lan -d 185.0.0.0/8 -j RETURN
-A out_internet2lan -d 223.0.0.0/8 -j RETURN
-A out_internet2lan -d 240.0.0.0/4 -j RETURN
-A out_internet2lan -d 10.0.0.0/8 -j RETURN
-A out_internet2lan -d 169.254.0.0/16 -j RETURN
-A out_internet2lan -d 172.16.0.0/12 -j RETURN
-A out_internet2lan -d 192.0.2.0/24 -j RETURN
-A out_internet2lan -d 192.88.99.0/24 -j RETURN
-A out_internet2lan -d 192.168.0.0/16 -j RETURN
-A out_internet2lan -j out_internet2lan_all_c1
-A out_internet2lan -j out_internet2lan_irc_c2
-A out_internet2lan -j out_internet2lan_ftp_c3
-A out_internet2lan -m state --state RELATED -j ACCEPT
-A out_internet2lan_all_c1 -m state --state NEW,ESTABLISHED -j ACCEPT
-A out_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport 21
-m state --state NEW,ESTABLISHED -j ACCEPT
-A out_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport 20
-m state --state ESTABLISHED -j ACCEPT
-A out_internet2lan_ftp_c3 -p tcp -m tcp --sport 1024:65535 --dport
1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A out_internet2lan_irc_c2 -p tcp -m tcp --sport 1024:65535 --dport 6667
-m state --state NEW,ESTABLISHED -j ACCEPT
-A out_internet_all_c5 -m state --state NEW,ESTABLISHED -j ACCEPT
-A out_internet_ftp_c7 -p tcp -m tcp --sport 32768:61000 --dport 21 -m
state --state NEW,ESTABLISHED -j ACCEPT
-A out_internet_ftp_c7 -p tcp -m tcp --sport 32768:61000 --dport 20 -m
state --state ESTABLISHED -j ACCEPT
-A out_internet_ftp_c7 -p tcp -m tcp --sport 32768:61000 --dport
1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A out_internet_http_s4 -p tcp -m tcp --sport 80 --dport 1024:65535 -m
state --state ESTABLISHED -j ACCEPT
-A out_internet_irc_c6 -p tcp -m tcp --sport 32768:61000 --dport 6667 -m
state --state NEW,ESTABLISHED -j ACCEPT
-A out_internet_smtp_s3 -p tcp -m tcp --sport 25 --dport 1024:65535 -m
state --state ESTABLISHED -j ACCEPT
-A out_internet_torrent_c2 -p udp -m udp --sport 32768:61000 --dport
5290:6999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A out_internet_torrent_s1 -p udp -m udp --sport 5290:6999 --dport
1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A pr_internet_fragments -m limit --limit 30/min -j ULOG --ulog-prefix
"'PACKET FRAGMENTS:'"
-A pr_internet_fragments -j DROP
-A pr_internet_icmpflood -m limit --limit 100/sec --limit-burst 50 -j
RETURN
-A pr_internet_icmpflood -m limit --limit 30/min -j ULOG --ulog-prefix
"'ICMP FLOOD:'"
-A pr_internet_icmpflood -j DROP
-A pr_internet_malbad -m limit --limit 30/min -j ULOG --ulog-prefix
"'MALFORMED BAD:'"
-A pr_internet_malbad -j DROP
-A pr_internet_malnull -m limit --limit 30/min -j ULOG --ulog-prefix
"'MALFORMED NULL:'"
-A pr_internet_malnull -j DROP
-A pr_internet_malxmas -m limit --limit 30/min -j ULOG --ulog-prefix
"'MALFORMED XMAS:'"
-A pr_internet_malxmas -j DROP
-A pr_internet_nosyn -m limit --limit 30/min -j ULOG --ulog-prefix
"'NEW TCP w/o SYN:'"
-A pr_internet_nosyn -j DROP
-A pr_internet_synflood -m limit --limit 100/sec --limit-burst 50 -j RETURN
-A pr_internet_synflood -m limit --limit 30/min -j ULOG --ulog-prefix
"'SYN FLOOD:'"
-A pr_internet_synflood -j DROP
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
01-02-2010, 10:42 PM
Stan Hoeppner
Wayne <linuxtwo@gmail.com> put forth on 1/2/2010 1:53 PM:
> As soon as you said firewall, I remembered having this problem before. I
> had meant to disable the firewall last night when testing the MiFi
> connection, but forgot.
First rule of thumb: Network problem? Disable all firewalls before additional
troubleshooting.
> I did it just now and was able to ping, finally, 192.168.1 .1. I then
> http'ed to it and connected to the Admin page!!! Entered the passwd and
> got to the configuration pages.!!! No firewall running but tried to
> connect to Google anyway. No Joy. Checked /etc/resolv.conf. The DNS
> from the MiFi are not there so replaced one with the mifi dns but no
> joy. I still think my routing is incomplete.
Can you ping any real addresses outside of 192.168.1.x? Try 65.41.216.221. If
you can ping that then your only remaining issue is DNS resolution. Try pinging
www.google.com. Packet timeout and no DNS will return different errors.
> I checked the firewall script (firehol) and found an obvious error. As I
> have been using modems I had ehol) and found an obvious error. I've
> been using modems so I had PUBLIC_MYIF="ppp+". Changed it to
> PUBLIC_MYIF="ath0", started the firewall, ran iptbles -S, tried to
> connect, No, so ran iptables -F, tried to connect, no, do stopped the
> firewall and connected to the admin page, but not to the internet.
I bet you have spent, and will spend, more time in your life screwing with
firewall problems on Linux desktop machines that you ever would fixing an
unfirewalled Linux machine that was compromised at the network layer, which is
the only thing packet firewalls prevent. This scenario is true for the vast
majority of desktop Linux users: packet firewalls cause more user problems than
they prevent.
> I have seen that. Not to long ago either. I fixed it but can't
> remember what I did. I 'think' it was due to an incorrect routing table
> or the firewall though
You fixed it unknowingly by changing your iptables rules through firehol.
Do yourself a huge favor. Once you get the dns/routing table issues fixed, turn
off packet firewalling, permanently, or learn to use it correctly.
Anyway, glad to hear you are a few steps closer to getting this all straightened
out.
--
Stan
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
01-04-2010, 12:49 AM
ariel quezada
quezadaleal@gmail.com
--
Ubuntu-Studio-users mailing list
Ubuntu-Studio-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-users
01-05-2010, 12:45 AM
mulato
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
01-05-2010, 04:26 AM
Paul Hartman
On Sat, Dec 26, 2009 at 4:54 PM, Paul Hartman
<paul.hartman+gentoo@gmail.com> wrote:
> Hi,
>
> I got a Nokia N900 linux internet tablet/phone a few days ago, and
> when I connect it in USB Mass Storage mode to a Windows Vista computer
> I can write at 17MB/sec, but when I connect it to my Gentoo box my
> writes are really slow, between 500-900kb/sec depending on if I mount
> in "sync" mode or not. As far as I know it should be just a totally
> standard/generic mass storage device. (there were no drivers or
> software install needed in windows, it just worked)
>
> Other USB devices plugged into the same port go full speed, and AFAIK
> everything appears as if it should be high speed USB 2.0. Has anyone
> seen something like this before? I'm not sure what the deal is. It
> takes 20 minutes to copy 1 gigabyte from Linux and takes just under 1
> minute to do the same in Windows.
>
> I'm not sure about debugging USB or what the options are. Everything
> I've used previously has worked without any hassle.
Solved. The problem was CFQ I/O scheduler. It was several times slower
than the others, for whatever reason.
So, the winner is deadline. CFQ doesn't make it to the podium.
Thanks,
Paul
01-05-2010, 05:21 AM
Mick
On Tuesday 05 January 2010 05:26:32 Paul Hartman wrote:
> On Sat, Dec 26, 2009 at 4:54 PM, Paul Hartman
>
> <paul.hartman+gentoo@gmail.com> wrote:
> > Hi,
> >
> > I got a Nokia N900 linux internet tablet/phone a few days ago, and
> > when I connect it in USB Mass Storage mode to a Windows Vista computer
> > I can write at 17MB/sec, but when I connect it to my Gentoo box my
> > writes are really slow, between 500-900kb/sec depending on if I mount
> > in "sync" mode or not. As far as I know it should be just a totally
> > standard/generic mass storage device. (there were no drivers or
> > software install needed in windows, it just worked)
> >
> > Other USB devices plugged into the same port go full speed, and AFAIK
> > everything appears as if it should be high speed USB 2.0. Has anyone
> > seen something like this before? I'm not sure what the deal is. It
> > takes 20 minutes to copy 1 gigabyte from Linux and takes just under 1
> > minute to do the same in Windows.
> >
> > I'm not sure about debugging USB or what the options are. Everything
> > I've used previously has worked without any hassle.
>
> Solved. The problem was CFQ I/O scheduler. It was several times slower
> than the others, for whatever reason.
>
> Here is the scoreboard:
>
> single-file: 1m25s
>
> multi-file (same total size):
> cfq: 6m51.439s
> noop: 3m0.733s
> anticipatory: 1m44.348s
> deadline: 1m36.804s
>
> So, the winner is deadline. CFQ doesn't make it to the podium.
Hmmm ... reading at the help files I thought that CFQ was the default/best
option for a desktop. Is there such a thing as a best fit here?
--
Regards,
Mick
01-05-2010, 07:15 AM
Stroller
On 5 Jan 2010, at 06:21, Mick wrote:
>> ...
>> Solved. The problem was CFQ I/O scheduler. It was several times slower
>> than the others, for whatever reason.
>> ...
>
> Hmmm ... reading at the help files I thought that CFQ was the default/best
> option for a desktop. Is there such a thing as a best fit here?
I had this notion that it was the worst option for everything, unless your computer has 96+ CPUs.
Stroller.
01-05-2010, 07:40 AM
Alan McKinnon
On Tuesday 05 January 2010 10:15:00 Stroller wrote:
> On 5 Jan 2010, at 06:21, Mick wrote:
> >> ...
> >> Solved. The problem was CFQ I/O scheduler. It was several times slower
> >> than the others, for whatever reason.
> >> ...
> >
> > Hmmm ... reading at the help files I thought that CFQ was the
> > default/best option for a desktop. Is there such a thing as a best fit
> > here?
>
> I had this notion that it was the worst option for everything, unless your
> computer has 96+ CPUs.
I had this notion that the author of the help files was talking through a hole
in his butt and just expressing his own views.
--
alan dot mckinnon at gmail dot com
01-05-2010, 10:39 AM
Mick
2010/1/5 Alan McKinnon <alan.mckinnon@gmail.com>:
> On Tuesday 05 January 2010 10:15:00 Stroller wrote:
>> On 5 Jan 2010, at 06:21, Mick wrote:
>> >> ...
>> >> Solved. The problem was CFQ I/O scheduler. It was several times slower
>> >> than the others, for whatever reason.
>> >> ...
>> >
>> > Hmmm ... reading at the help files I thought that CFQ was the
>> > default/best option for a desktop. *Is there such a thing as a best fit
>> > here?
>>
>> I had this notion that it was the worst option for everything, unless your
>> *computer has 96+ CPUs.
>
> I had this notion that the author of the help files was talking through a hole
> in his butt and just expressing his own views.
Ha, ha!
What does experience show to be a best option for a desktop that has:
a) Single CPU?
b) Dual core?
c) Quad core?
--
Regards,
Mick
01-05-2010, 11:38 AM
Szénási István
And what about the BFS scheduler? I know, that it isn't in the
mainline kernel, bit I've heard a lot of good about that.
If you send me the size and the number of the test files, I'll make an
other benchmark with the CFQ, the Deadline and the BFS scheduler on a
Dual Core machine. :-)
