re: new install: network unreachable
- To: Chris Brown <CBROWN@seitz.com>
- Cc: "Holanyi Janos, jr." <csani@budapest.hitsmaster.net>, debian-user@lists.debian.org, debian-laptop@lists.debian.org, JOHN@seitz.com, DEMOND@seitz.com, demond@erols.com, ROSS@seitz.com, vandegrift@erols.com, bruno1@netreach.net
- Subject: re: new install: network unreachable
- From: "Holanyi Janos, jr." <csani@budapest.hitsmaster.net>
- Date: Wed, 7 Apr 1999 01:16:04 +0200 (CEST)
- Message-id: <[🔎] Pine.LNX.3.96.990407005749.2860A-100000@erdely.hitsmaster.net>
- Reply-to: "Janos Holanyi, jr." <csani@makosteszta.sote.hu>
- In-reply-to: <[🔎] 324641A05DD@hal.seitz.com>
Hi Chris,
I'm glad that my idea worked for you.
To be honest, everything you described suggested that you had a "problem"
with the firewall. Also, you wrote that the were some "paranoia" messages
during bootup... check tcplogd daemon about that.
There is a "paranoia" option in the firewalls (used to be -o for spoofing
in ipfwadm - do not really know 2.2+'s ipchains yet, but should be
something similar).
So I told myself: OK, let's open your firewall to exclude this option
first of all. And, it worked. So please check the following packages (the
ones that are relevant - Debian) in the first wave:
iplogger
ipmasq
"my_ip" variable in /etc/init.d/netstd
ipportfw
etc...
That's OK that ipfwadm -Mf was rejected.
To be honest, I am not able to tell why your config changed.
Whenever you get such messages like Operation not permitted and such, it
is a good idea to check through the firewall related configuration.
ipfwadm -Iln
ipfwadm -Oln
ipfwadm -Fln
ipfwadm -Mln
will list the actual settings of your firewall. These commands could be a
good way for you to start investigating some more.
Keep in mind that with the commands that I gave you you opened all the
doors on your linux box - which is now a big security hole!!!
That's it, hope you'll be able to manage to set up your firewall as
desired - should you not, write to me, I'll be glad to help if I can.
Regs
csani
PS: Linux - Kings' toy! ;)
On Tue, 6 Apr 1999, Chris Brown wrote:
> Hi csani,
> You're a genius!.... the ipfwadm -Mf command was rejected, but the
> others worked and now I'm back on the net! Can you please explain a
> little what was going on and why my config defaulted to
> allow_no_network_traffic_mode?
>
> What's the best way to permanently set the correct options?
>
> Many thanks,
> Chris.
>
> On 6 Apr 99 at 16:35, Holanyi Janos, jr. wrote:
> > Just wondering... try these commands:
> > (for a 2.0 kernel)
> >
> > ipfwadm -If
> > ipfwadm -Of
> > ipfwadm -Ff
> > ipfwadm -Mf
> > ipfwadm -I -p acc
> > ipfwadm -O -p acc
> > ipfwadm -F -p acc
> > ipfwadm -F -p acc
> >
> > ...and ping. Is it better?
> >
> > Bye
> > csani
> >
> > On Tue, 6 Apr 1999, Chris Brown wrote:
> >
> > > Brant & others..... getting desperate here, please help!
> > >
> > > To answer your question, I'm not sure *EXACTLY* how to check if the
> > > PCMCIA packages are installed, but I believe the answer is yes.
> > >
> > > If I look at top, I can see cardmgr running. If I insert/remove the
> > > 3c589 I hear the tell-tale hot-swap beeps, and when the system boots
> > > or the card is inserted, the network active light comes on on the
> > > adapter at the appropiate times.
> > >
> > > Also, a ping of the machine's own address completes properly in a
> > > millisecond or two. If I remove the card, pinging its own address
> > > returns the message "network is unreachable". Pings to any other
> > > address with the card in result in:
> > > ping: sendto: operation not permitted
> > > ping: wrote 207...... 64 chars, ret=-1
> > >
> > >
> > > I had a linux_guru_friend stop by last night to look at the problem,
> > > he looked at some low level tcpip functionality and saw that arp
> > > requests were being received by the laptop, but is wasn't sending
> > > anything out on the network. After mucking with it for a few hours he
> > > thought he would try a re-install from the rescue disks..... same
> > > result! We successfully installed debian via nfs over the *EXACT*
> > > same network and interface, then on rebooting the network doesn't
> > > work and ping returns "operation not allowed"
> > >
> > > Any suggestions please !!!!!!
> > >
> > > On 5 Apr 99 at 22:42, Brant Wells wrote:
> > > >
> > > > Have you checked to make sure that the latptop PCMCIA packages are
> > > > installed?
> > > >
> > > > Just checking,
> > > >
> > > > Brant.
> > > >
> > > > Chris Brown wrote:
> > > >
> > > > > Please help, this is a newbie being stupid question....
> > > > >
> > > > > I've done several slink installs that have worked fine.
> > > > >
> > > > > I'm trying to install it on my laptop now and am having problems
> > > > > with the system once its installed. Basically everything seems
> > > > > fine but I can't use the network (3c589 pcmcia ethernet). I can ping
> > > > > the machine's own address but pings anywhere else result with ping
> > > > > declaring "not allowed"...
> > > > >
> > > > > My ifconfig and route table look fine. I know the driver and network
> > > > > is okay because the entire system was nfs installed initially! This
> > > > > problem occurs when I reboot after completing the entire install
> > > > > process.
> > > > >
> > > > > I suspect that I've (unknowingly) installed some sort of ip security
> > > > > program that is not allowing network access, I see things in the boot
> > > > > log like "ip paranoia deamon"... and others that I don't understand. I
> > > > > used the custom package selection of dinstall. I've carefully done
> > > > > the process twice with the same results.
> > > > >
> > > > > As a newbie, I have no idea how to search the OS to find the
> > > > > offending software if that's the problem.
> > > > >
> > > > > Besides any suggestions on what might be causing this problem, can
> > > > > someone please let me know how I'd (efficiently) go about tracking
> > > > > down offending software in general?
> > >
>
>
>
> *********************************************************************
> Chris Brown cbrown@seitz.com !!! HELP FIGHT SPAM !!!
>
> Join; www.cauce.org See; spam.abuse.net, spamsucks.com, www.cm.org
> ****************************************************************
>
>
>
> --
> To UNSUBSCRIBE, email to debian-laptop-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
-=+=---
Janos & Orsolya Holanyi. (csani & Lilia)
Emil: csani@makosteszta.sote.hu
URL : http://makosteszta.sote.hu/~csani/
Reply to: