FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 07-14-2008, 05:31 PM
Harry Putnam
 
Default Curious ping problem with no FW

I've had a problem with being able to ping out to the internet from my
gentoo box, while at the same time I'm able to ping outbound from
several windows boxes on same home lan.

I don't run a firewall at all from linux but do have a Netgear
switch/router/Firewall upstream between me and the internet cable
modem.

Output of iptables -L:

reader > sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

What I'm asking for here is advice about where to start debugging
this.

I can ping anything on my home lan, but nothing on the internet.
Not even my IP's nameservers.

And as mentioned, at the same time I'm able to ping from any of
several windows boxes out to the internet.

My router/fw can be set to deny specific machines outbound traffic but
that is not done in this case. So the solution must reside somewhere
in my gentoo install.

What things should I be checking.

A ping attempt like this:

ping ftp.ucsb.edu
PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data.

Just never moves any further, but you can see it has resolved the
alpha address to numeric forum so must have contacted and received
info from the nameserver.


--
gentoo-user@lists.gentoo.org mailing list
 
Old 07-19-2008, 07:16 PM
Miernik
 
Default Curious ping problem with no FW

Harry Putnam <reader@newsguy.com> wrote:
> What I'm asking for here is advice about where to start debugging
> this.

How about running tcpdump on your outgoing ethernet interface while
running ping?

--
Miernik
http://miernik.name/

--
gentoo-user@lists.gentoo.org mailing list
 
Old 07-20-2008, 03:58 PM
Mick
 
Default Curious ping problem with no FW

On Monday 14 July 2008, Harry Putnam wrote:
> I've had a problem with being able to ping out to the internet from my
> gentoo box, while at the same time I'm able to ping outbound from
> several windows boxes on same home lan.
>
> I don't run a firewall at all from linux but do have a Netgear
> switch/router/Firewall upstream between me and the internet cable
> modem.
[snip..]

> My router/fw can be set to deny specific machines outbound traffic but
> that is not done in this case. So the solution must reside somewhere
> in my gentoo install.

It may be worth checking your router's firewall rules once more. Is the
gentoo box connected to the router in the same fashion as the MSWindows
boxen, or is it in some funny DMZ set up?

What do the firewall logs show?

> What things should I be checking.

If as you say you have no firewall on the Gentoo box then you ought to have a
quick look at your kernel. Use sysclt:

/sbin/sysctl -a

and look at your settings probably for net.ipv4.icmp_* or your specific NIC.

> A ping attempt like this:
>
> ping ftp.ucsb.edu
> PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data.
>
> Just never moves any further, but you can see it has resolved the
> alpha address to numeric forum so must have contacted and received
> info from the nameserver.

Or from your router if it acts as a caching DNS resolver?

Unless you have configured your Gentoo kernel in a way that I am not sure is
possible, my money would go on something being amiss with the router firewall
settings.
--
Regards,
Mick
 
Old 07-22-2008, 03:16 PM
Harry Putnam
 
Default Curious ping problem with no FW

Mick <michaelkintzios@gmail.com> writes:

> On Monday 14 July 2008, Harry Putnam wrote:
>> I've had a problem with being able to ping out to the internet from my
>> gentoo box, while at the same time I'm able to ping outbound from
>> several windows boxes on same home lan.
>>
>> I don't run a firewall at all from linux but do have a Netgear
>> switch/router/Firewall upstream between me and the internet cable
>> modem.
> [snip..]
>
>> My router/fw can be set to deny specific machines outbound traffic but
>> that is not done in this case. So the solution must reside somewhere
>> in my gentoo install.
>
> It may be worth checking your router's firewall rules once more. Is the
> gentoo box connected to the router in the same fashion as the MSWindows
> boxen, or is it in some funny DMZ set up?

The section involving blocking has nothing whatever set.

> What do the firewall logs show?

Since there is nothing outgoing set to log, it says nothing.

>> What things should I be checking.
>
> If as you say you have no firewall on the Gentoo box then you ought to have a
> quick look at your kernel. Use sysclt:
>
> /sbin/sysctl -a

Here I see:
sysctl -a|grep 'net.*icmp'

net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 250
net.ipv4.icmp_ratemask = 6168

But not sure what any of it means. The first line looks kind of
ominous though.

>> A ping attempt like this:
>>
>> ping ftp.ucsb.edu
>> PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data.
>>
>> Just never moves any further, but you can see it has resolved the
>> alpha address to numeric forum so must have contacted and received
>> info from the nameserver.
>
> Or from your router if it acts as a caching DNS resolver?

I don't think so, at least there is no mention in the documentation of
such a feature.
 
Old 07-23-2008, 09:14 PM
Mick
 
Default Curious ping problem with no FW

On Tuesday 22 July 2008, Harry Putnam wrote:
> Mick <michaelkintzios@gmail.com> writes:

> > It may be worth checking your router's firewall rules once more. Is the
> > gentoo box connected to the router in the same fashion as the MSWindows
> > boxen, or is it in some funny DMZ set up?
>
> The section involving blocking has nothing whatever set.

OK, but is NATing configured the same way for both Linux & MS Windows
machines?

> > What do the firewall logs show?
>
> Since there is nothing outgoing set to log, it says nothing.

Does your router give you the option to log outgoing packets, or monitor them
in real time?

> Here I see:
> sysctl -a|grep 'net.*icmp'
>
> net.ipv4.icmp_echo_ignore_all = 0

That's how it should be if you want your Linux box to respond to pings.

> net.ipv4.icmp_echo_ignore_broadcasts = 1
> net.ipv4.icmp_ignore_bogus_error_responses = 1
> net.ipv4.icmp_errors_use_inbound_ifaddr = 0
> net.ipv4.icmp_ratelimit = 250
> net.ipv4.icmp_ratemask = 6168

Nothing amiss here either.

Have you tried going back to basics: unplug the MSWindows box from your
router and plug your Linux box in the same port to see if you can ping
internet addresses.

Can you ping the IP address of ftp.ucsb.edu; i.e. 128.111.24.43 (although I
would expect that if your linux had DSN problems you wouldn't be able to
browse from it altogether.

What does traceroute show and how does this compare with traceroute -T?
--
Regards,
Mick
 

Thread Tools




All times are GMT. The time now is 02:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org