Re: Internet stops working right after startup
Hi,
I've attached the logs Mark asked for. I removed all iptables rules but
the ones to allow ip masquerading. The problem still persists. I can
ping the internal hosts just fine though. The only thing that seems to
solve this is to bring down eth0 and bring it up again. Are there any
logs I can read to help identify this problem?
Frank
Ajitabh Pandey wrote:
2009/1/21 Frank Razenberg <frank@zzattack.org <mailto:frank@zzattack.org>>
Hi Ajitabh,
I attached the information you asked. Apologies for the mail I
just sent to your address instead of to the mailing list.
[snip...]
Thanks for the info. Although this has nothing to do with your
problem, but check your config of the INPUT chain. All incoming
connections are allowed. Also, to rule out the firewall completely,
just drop your firewall for the testing and see whether you have problems.
Also when this problem happens, can your internal hosts ping the
Debian machine or connect to it?
Regards.
--
Ajitabh Pandey
http://www.ajitabhpandey.info/ | http://www.unixclinic.net/
ICQ - 150615062
Registered Linux User - 240748
raw:
Chain PREROUTING (policy ACCEPT 7216 packets, 7169K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 55 packets, 11031 bytes)
pkts bytes target prot opt in out source destination
mangle:
Chain PREROUTING (policy ACCEPT 99750 packets, 95M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1260 packets, 156K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 106K packets, 102M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 779 packets, 296K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 108K packets, 103M bytes)
pkts bytes target prot opt in out source destination
filter:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 1335 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- !lo * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- !lo * 127.0.0.0/8 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 255.255.255.255
404 34855 ACCEPT all -- eth1 * 10.31.45.0/24 0.0.0.0/0
0 0 ACCEPT !tcp -- eth1 * 0.0.0.0/0 224.0.0.0/4
0 0 LOG all -- eth0 * 10.31.45.0/24 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- eth0 * 10.31.45.0/24 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 255.255.255.255
254 38886 ACCEPT all -- eth0 * 0.0.0.0/0 88.159.xx.xx
2 514 ACCEPT all -- eth0 * 0.0.0.0/0 88.159.xx.xx
4 496 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
4 496 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
60040 67M ACCEPT all -- eth1 eth0 10.31.45.0/24 0.0.0.0/0
39042 28M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG all -- * eth0 0.0.0.0/0 10.31.45.0/24 LOG flags 0 level 4
0 0 DROP all -- * eth0 0.0.0.0/0 10.31.45.0/24
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 2 packets, 263 bytes)
pkts bytes target prot opt in out source destination
3 1335 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 255.255.255.255
499 272K ACCEPT all -- * eth1 0.0.0.0/0 10.31.45.0/24
0 0 ACCEPT !tcp -- * eth1 0.0.0.0/0 224.0.0.0/4
0 0 LOG all -- * eth0 0.0.0.0/0 10.31.45.0/24 LOG flags 0 level 4
0 0 DROP all -- * eth0 0.0.0.0/0 10.31.45.0/24
0 0 ACCEPT all -- * eth0 0.0.0.0/0 255.255.255.255
275 22643 ACCEPT all -- * eth0 88.159.xx.xx 0.0.0.0/0
0 0 ACCEPT all -- * eth0 88.159.xx.xx 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Badflags (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `Badflags: '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Firewall (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `Firewall: '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Rejectwall (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `Rejectwall: '
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
nat:
Chain PREROUTING (policy ACCEPT 1127 packets, 133K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 45 packets, 5594 bytes)
pkts bytes target prot opt in out source destination
885 105K MASQUERADE all -- * eth0 10.31.45.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * eth0 10.31.46.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 45 packets, 5594 bytes)
pkts bytes target prot opt in out source destination
raw:
Chain PREROUTING (policy ACCEPT 187 packets, 133K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 35 packets, 8391 bytes)
pkts bytes target prot opt in out source destination
mangle:
Chain PREROUTING (policy ACCEPT 1459 packets, 767K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 478 packets, 43381 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1210 packets, 747K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 242 packets, 30262 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1683 packets, 822K bytes)
pkts bytes target prot opt in out source destination
filter:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8 560 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- !lo * 127.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- !lo * 127.0.0.0/8 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 255.255.255.255
209 17344 ACCEPT all -- eth1 * 10.31.45.0/24 0.0.0.0/0
0 0 ACCEPT !tcp -- eth1 * 0.0.0.0/0 224.0.0.0/4
0 0 LOG all -- eth0 * 10.31.45.0/24 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- eth0 * 10.31.45.0/24 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 255.255.255.255
46 4962 ACCEPT all -- eth0 * 0.0.0.0/0 88.159.xx.xx
15 1440 ACCEPT all -- eth0 * 0.0.0.0/0 88.159.xx.xx
1 32 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
1 32 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
762 716K ACCEPT all -- eth1 eth0 10.31.45.0/24 0.0.0.0/0
418 26072 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG all -- * eth0 0.0.0.0/0 10.31.45.0/24 LOG flags 0 level 4
0 0 DROP all -- * eth0 0.0.0.0/0 10.31.45.0/24
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8 560 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 255.255.255.255
173 24317 ACCEPT all -- * eth1 0.0.0.0/0 10.31.45.0/24
0 0 ACCEPT !tcp -- * eth1 0.0.0.0/0 224.0.0.0/4
0 0 LOG all -- * eth0 0.0.0.0/0 10.31.45.0/24 LOG flags 0 level 4
0 0 DROP all -- * eth0 0.0.0.0/0 10.31.45.0/24
0 0 ACCEPT all -- * eth0 0.0.0.0/0 255.255.255.255
61 5385 ACCEPT all -- * eth0 88.159.xx.xx 0.0.0.0/0
0 0 ACCEPT all -- * eth0 88.159.xx.xx 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
nat:
Chain PREROUTING (policy ACCEPT 148 packets, 24853 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4 packets, 280 bytes)
pkts bytes target prot opt in out source destination
98 19507 MASQUERADE all -- * eth0 10.31.45.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 4 packets, 280 bytes)
pkts bytes target prot opt in out source destination
Reply to: