[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

re: new install: network unreachable

Hi Chris,

I'm glad that my idea worked for you.
To be honest, everything you described suggested that you had a "problem"
with the firewall. Also, you wrote that the were some "paranoia" messages
during bootup... check tcplogd daemon about that.
There is a "paranoia" option in the firewalls (used to be -o for spoofing
in ipfwadm - do not really know 2.2+'s ipchains yet, but should be
something similar).

So I told myself: OK, let's open your firewall to exclude this option
first of all. And, it worked. So please check the following packages (the
ones that are relevant - Debian) in the first wave:

iplogger
ipmasq
"my_ip" variable in /etc/init.d/netstd
ipportfw

etc...
That's OK that ipfwadm -Mf was rejected.
To be honest, I am not able to tell why your config changed.
Whenever you get such messages like Operation not permitted and such, it
is a good idea to check through the firewall related configuration.

ipfwadm -Iln
ipfwadm -Oln
ipfwadm -Fln
ipfwadm -Mln

will list the actual settings of your firewall. These commands could be a
good way for you to start investigating some more.
Keep in mind that with the commands that I gave you you opened all the
doors on your linux box - which is now a big security hole!!!

That's it, hope you'll be able to manage to set up your firewall as
desired - should you not, write to me, I'll be glad to help if I can.


Regs
csani

PS: Linux - Kings' toy! ;)


On Tue, 6 Apr 1999, Chris Brown wrote:

> Hi csani,
> You're a genius!....  the ipfwadm -Mf command was rejected, but the
> others worked and now I'm back on the net! Can you please explain a
> little what was going on and why my config defaulted to
> allow_no_network_traffic_mode?
> 
> What's the best way to permanently set the correct options?
> 
> Many thanks,
> Chris.
> 
> On  6 Apr 99 at 16:35, Holanyi Janos, jr. wrote:
> > Just wondering... try these commands:
> > (for a 2.0 kernel)
> > 
> > ipfwadm -If
> > ipfwadm -Of
> > ipfwadm -Ff
> > ipfwadm -Mf
> > ipfwadm -I -p acc
> > ipfwadm -O -p acc
> > ipfwadm -F -p acc
> > ipfwadm -F -p acc
> > 
> > ...and ping. Is it better?
> > 
> > Bye
> > csani
> > 
> > On Tue, 6 Apr 1999, Chris Brown wrote:
> > 
> > > Brant & others.....   getting desperate here, please help!
> > > 
> > > To answer your question, I'm not sure *EXACTLY* how to check if the 
> > > PCMCIA packages are installed, but I believe the answer is yes.
> > > 
> > > If I look at top, I can see cardmgr running. If I insert/remove the 
> > > 3c589 I hear the tell-tale hot-swap beeps, and when the system boots 
> > > or the card is inserted, the network active light comes on on the 
> > > adapter at the appropiate times.
> > > 
> > > Also, a ping of the machine's own address completes properly in a 
> > > millisecond or two. If I remove the card, pinging its own address 
> > > returns the message "network is unreachable". Pings to any other 
> > > address with the card in result in:
> > >  ping: sendto: operation not permitted
> > >  ping: wrote 207......  64 chars, ret=-1
> > >  
> > > 
> > > I had a linux_guru_friend stop by last night to look at the problem, 
> > > he looked at some low level tcpip functionality and saw that arp 
> > > requests were being received by the laptop, but is wasn't sending 
> > > anything out on the network. After mucking with it for a few hours he 
> > > thought he would try a re-install from the rescue disks..... same 
> > > result! We successfully installed debian via nfs over the *EXACT* 
> > > same network and interface, then on rebooting the network doesn't 
> > > work and ping returns "operation not allowed"
> > > 
> > > Any suggestions please !!!!!!
> > > 
> > > On  5 Apr 99 at 22:42, Brant Wells wrote:
> > > > 
> > > > Have you checked to make sure that the latptop PCMCIA packages are
> > > > installed?
> > > > 
> > > > Just checking,
> > > > 
> > > > Brant.
> > > > 
> > > > Chris Brown wrote:
> > > > 
> > > > > Please help, this is a newbie being stupid question....
> > > > >
> > > > > I've done several slink installs that have worked fine.
> > > > >
> > > > > I'm trying to install it on my laptop now and am having problems
> > > > > with the system once its installed. Basically everything seems
> > > > > fine but I can't use the network (3c589 pcmcia ethernet). I can ping
> > > > > the machine's own address but pings anywhere else result with ping
> > > > > declaring "not allowed"...
> > > > >
> > > > > My ifconfig and route table look fine. I know the driver and network
> > > > > is okay because the entire system was nfs installed initially! This
> > > > > problem occurs when I reboot after completing the entire install
> > > > > process.
> > > > >
> > > > > I suspect that I've (unknowingly) installed some sort of ip security
> > > > > program that is not allowing network access, I see things in the boot
> > > > > log like "ip paranoia deamon"... and others that I don't understand. I
> > > > > used the custom package selection of dinstall. I've carefully done
> > > > > the process twice with the same results.
> > > > >
> > > > > As a newbie, I have no idea how to search the OS to find the
> > > > > offending software if that's the problem.
> > > > >
> > > > > Besides any suggestions on what might be causing this problem, can
> > > > > someone please let me know how I'd (efficiently) go about tracking
> > > > > down offending software in general?
> > > 
> 
> 
> 
>  *********************************************************************
>  Chris Brown       cbrown@seitz.com         !!! HELP FIGHT SPAM !!!
> 
>  Join; www.cauce.org  See; spam.abuse.net, spamsucks.com, www.cm.org
>  ****************************************************************
>  
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-laptop-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-=+=---
Janos & Orsolya Holanyi. (csani & Lilia)
Emil: csani@makosteszta.sote.hu
URL : http://makosteszta.sote.hu/~csani/
Reply to: