Re: Help I am getting frustrated

To: Tzafrir Cohen <tzafrir@technion.ac.il>
Cc: debian-firewall@lists.debian.org
Subject: Re: Help I am getting frustrated
From: Robert Schweikert <rjschwei@mindspring.com>
Date: Tue, 25 Sep 2001 21:44:38 -0400
Message-id: <3BB13306.CD655D3C@mindspring.com>
References: <Pine.GSO.4.33_heb2.09.0109232133580.22886-100000@techunix.technion.ac.il>

Tzafrir Cohen wrote:

> On Sat, 22 Sep 2001, Robert Schweikert wrote:
>
> > I would like to switch to Debian, and once this is accomplished I'd like
> > to helpwith the project. However, switching has been much more
> > difficult than I anticipated. Anyway, right now I am trying to figure
> > out why I cannot get any packages from the internet. It appears that
> > there is a firewall running somewhere. I did not intentionally set that
> > up and I cannot figure out how to turn it off. Here are the messages
> > that are being logged.
> >
> > Sep 20 17:10:41 journey kernel: Packet log: input DENY ppp0PROTO=2
> > 209.247.23.242:65535 224.0.0.1:65535 L=28 S=0x00 I=31895 F=0x0000 T=1
> > (#6)
>
> Some broadcast. Is 209.247.23.242 one of your interfaces or a computer
> near you?

Don't know, could be the IP from my ISP.

>
>
> > Sep 20 17:48:23 journey kernel: Packet log: input DENY eth0 PROTO=17
> > 192.168.1.2:138 192.168.255.255:138 L=205 S=0x00 I=50609 F=0x0000 T=128
> > (#6)
>
> Part of the SMB traffic on your local network.

Any idea how I get rid of this? After I flushed ipchains this appeared to go
away.

>
>
> >
> > As can be seen, Idid succeed in getting ppp to dial in and connect to
> > my ISP, but that's the end of it. It appears as if everything coming
> > into the machine gets rejected. WHy? and how do I turn this off.
>
> Is that all the traffic that gets rejected?

Well I think I am a step closer in diagnosing the problem but I still need
some help. When I connect to my ISP the ISP's IP address is printed to the
log file. I can ping that IP address and all works fine. However, when I try
to ping my ISP's nameserver IP it fails. I think I might have a name
resolution issue.

Using the same IP address (for my ISP's name server) on my RedHat system ping
works just fine. I copied the resolv.conf from my RedHat system to the Debian
drive but that didn't work either. I have copied /etc/hosts, /etc/hosts.deny,
/etc/hosts.allow, and /etc/resolv.conf from my RedHat system to the Debian
drive, but still cannot get the networking (ppp to my ISP) to work. Any idea
what I am missing here?

>
>
> Even when you try 'apt-get update' ?

Get some weird error message when I try that. The error is probably related
to the name resolution issue.

>
>
> what is your /etc/apt/sources.list ?

cat /etc/apt/sources.list
# See sources.list(5) for more information, especialy
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.
#deb http://http.us.debian.org/debian stable main contrib non-free
#deb http://non-us.debian.org/debian-non-US stable/non-US main contrib
non-free
#deb http://security.debian.org stable/updates main contrib non-free

# Get the test packages
deb http://http.us.debian.org/debian testing main contrib non-free

# Uncomment if you want the apt-get source function to work
#deb-src http://http.us.debian.org/debian stable main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US stable non-US

#deb cdrom:[Debian GNU/Linux 2.2 r3 _Potato_ - Official i386 Binary-2
(20010427)]/ unstable contrib main non-US/contrib non-US/main
#deb cdrom:[Debian GNU/Linux 2.2 r3 _Potato_ - Official i386 Binary-1
(20010427)]/ unstable contrib main non-US/contrib non-US/main


>
>
> Yo get a list of local ipchains ruls run 'ipchains -L -n' ('-n' is so you
> won't waste a couple of minutes resolving names of IPs).

The out put looked as follows

Chain input (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
DENY       all  ----l-  127.0.0.0/8          0.0.0.0/0             n/a
ACCEPT     all  ------  0.0.0.0/0            255.255.255.255       n/a
ACCEPT     all  ------  0.0.0.0/0            192.168.1.1           n/a
ACCEPT     all  ------  0.0.0.0/0            192.168.1.255         n/a
DENY       all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
Chain forward (policy DENY):
target     prot opt     source                destination           ports
DENY       all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
MASQ       all  ------  192.168.1.0/24       0.0.0.0/0             n/a
Chain output (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  192.168.1.1          0.0.0.0/0             n/a
ACCEPT     all  ------  192.168.1.255        0.0.0.0/0             n/a
DENY       all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a

Your help is appreciated.

Thanks,
Robert

>
>
> --
> Tzafrir Cohen
> mailto:tzafrir@technion.ac.il
> http://www.technion.ac.il/~tzafrir

--
Robert Schweikert                      MAY THE SOURCE BE WITH YOU
rjschwei@mindspring.com                         LINUX

Reply to:

Follow-Ups:
- Re: Help I am getting frustrated
  - From: Tzafrir Cohen <tzafrir@technion.ac.il>

References:
- Re: Help I am getting frustrated
  - From: Tzafrir Cohen <tzafrir@technion.ac.il>

Prev by Date: bridging is not so good?
Next by Date: Virus Checking on Firewall
Previous by thread: Re: Help I am getting frustrated
Next by thread: Re: Help I am getting frustrated
Index(es):
- Date
- Thread