Re: Can't access aliased ip address

To: jorel@austin.rr.com
Cc: Chad Morgan <chad@chadmorgan.com>, debian-user@lists.debian.org
Subject: Re: Can't access aliased ip address
From: Chad Morgan <chad@chadmorgan.com>
Date: Thu, 3 Jan 2002 12:53:36 -0800
Message-id: <[🔎] 20020103125336.A1830@chadmbl.stmnca.adelphia.net>
In-reply-to: <[🔎] Pine.LNX.3.96.1020103001143.11651A-100000@trillian>; from jorel@trillian.megadodo.umb on Wed, Jan 02, 2002 at 22:19:06 -0800
References: <[🔎] 20020102220946.K677@chadmbl.stmnca.adelphia.net> <[🔎] Pine.LNX.3.96.1020103001143.11651A-100000@trillian>

On 2002.01.02 22:19 Jor-el wrote:

> The hostnames in your prev. post were truncated and it was hard to guess
> how the routing was setup.
> 
Here is an easier to read routing table:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
216.86.213.93   0.0.0.0         255.255.255.255 UH    0      0        0
eth0
216.86.213.94   0.0.0.0         255.255.255.255 UH    0      0        0
eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0
eth1
216.86.213.0    0.0.0.0         255.255.255.0   U     0      0        0
eth0
0.0.0.0         216.86.213.1    0.0.0.0         UG    1      0        0
eth0


> 	Also try the following : from B / C, do 
> 1.  traceroute A
> 2.  traceroute A -s C
> 
traceroute A works as expected. However traceroute A -s C results in:

 1 traceroute: wrote 24.52.153.102 38 chars, ret=-1
 *traceroute: wrote 24.52.153.102 38 chars, ret=-1
 *traceroute: wrote 24.52.153.102 38 chars, ret=-1

Note: each of the above lines were preceded by:
traceroute: sendto: Operation not permitted

which for somereason wasn't included in the output of    traceroute A -s C
> traceroute

I've noticed this on a few other procedures I've tried to do, but it isn't
really that big of a deal to add the other information. But I know there is
a way to capture the screen, I just don't know how to do it. 

> 	On A, monitor the traffic using a filter for src = A or dst = A
> and post the results.

I don't think that I can do this. A is a D-Link Wireless cable modem/dsl
router. I tried it anyway and didn't pick up anything from things that I
know work.
>  
> > Jan  2 15:23:46 hostname kernel: Packet log: input DENY eth0 PROTO=1
> > MACHINEA:8 IPADDRC:0 L=92 S=0x00 I=0 F=0x4000 T=43 (#9)
> > 
> 	I dont know what this log entry means. Its possible that you have
> a firewall problem but your symptoms are more indicative of a routing
> problem. Perhaps the output of 'ipchains -L -v -n' would help (Note: I
> run
> iptables and I'm guessing that its options are similar to ipchains. The
> -n
> will produce numeric, rather than symbolic output).
> 

That worked just fine, here is the output:

Chain input (policy ACCEPT: 0 packets, 0 bytes):
 pkts bytes target     prot opt    tosa tosx  ifname     mark       outsize
 source                destination           ports
39536 3757K ACCEPT     all  ------ 0xFF 0x00  lo                           
 0.0.0.0/0            0.0.0.0/0             n/a
    0     0 DENY       all  ----l- 0xFF 0x00  !lo                          
 127.0.0.0/8          0.0.0.0/0             n/a
89474 7888K ACCEPT     all  ------ 0xFF 0x00  eth0                         
 216.86.213.0/24      0.0.0.0/0             n/a
 204K   21M ACCEPT     all  ------ 0xFF 0x00  eth1                         
 192.168.0.0/24       0.0.0.0/0             n/a
    0     0 DENY       all  ----l- 0xFF 0x00  eth0                         
 216.86.213.0/24      0.0.0.0/0             n/a
    0     0 DENY       all  ----l- 0xFF 0x00  eth0                         
 192.168.0.0/24       0.0.0.0/0             n/a
 234K  189M ACCEPT     all  ------ 0xFF 0x00  eth0                         
 0.0.0.0/0            216.86.213.93         n/a
    0     0 ACCEPT     all  ------ 0xFF 0x00  eth0                         
 0.0.0.0/0            216.86.213.255        n/a
17858 1487K DENY       all  ----l- 0xFF 0x00  *                            
 0.0.0.0/0            0.0.0.0/0             n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
 pkts bytes target     prot opt    tosa tosx  ifname     mark       outsize
 source                destination           ports
    0     0 MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.2          0.0.0.0/0             n/a
    0     0 MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.21         0.0.0.0/0             n/a
 4464  690K MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.22         0.0.0.0/0             n/a
  443 66229 MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.23         0.0.0.0/0             n/a
  257 38564 MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.24         0.0.0.0/0             n/a
   58  4837 MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.25         0.0.0.0/0             n/a
    0     0 MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.26         0.0.0.0/0             n/a
 2606  571K MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.27         0.0.0.0/0             n/a
 2641  367K MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.28         0.0.0.0/0             n/a
    0     0 MASQ       all  ------ 0xFF 0x00  eth0                         
 192.168.0.254        0.0.0.0/0             n/a
Chain output (policy ACCEPT: 0 packets, 0 bytes):
 pkts bytes target     prot opt    tosa tosx  ifname     mark       outsize
 source                destination           ports
39536 3757K ACCEPT     all  ------ 0xFF 0x00  lo                           
 0.0.0.0/0            0.0.0.0/0             n/a
89476 7888K ACCEPT     all  ------ 0xFF 0x00  eth0                         
 0.0.0.0/0            216.86.213.0/24       n/a
    0     0 ACCEPT    !tcp  ------ 0xFF 0x00  eth0                         
 0.0.0.0/0            224.0.0.0/4           * ->   *
 229K  187M ACCEPT     all  ------ 0xFF 0x00  eth1                         
 0.0.0.0/0            192.168.0.0/24        n/a
    0     0 ACCEPT    !tcp  ------ 0xFF 0x00  eth1                         
 0.0.0.0/0            224.0.0.0/4           * ->   *
    0     0 DENY       all  ----l- 0xFF 0x00  eth0                         
 0.0.0.0/0            216.86.213.0/24       n/a
    0     0 DENY       all  ----l- 0xFF 0x00  eth0                         
 0.0.0.0/0            192.168.0.0/24        n/a
 168K   14M ACCEPT     all  ------ 0xFF 0x00  eth0                         
 216.86.213.93        0.0.0.0/0             n/a
    0     0 ACCEPT     all  ------ 0xFF 0x00  eth0                         
 216.86.213.255       0.0.0.0/0             n/a
   11   418 DENY       all  ----l- 0xFF 0x00  *                            
 0.0.0.0/0            0.0.0.0/0             n/a

Thanks for the help so far, hopefully this will give you, or someone else
some ideas.

Chad

Reply to:

Follow-Ups:
- SOLVED Can't access aliased ip address
  - From: Chad Morgan <chad@chadmorgan.com>
- screen capture
  - From: Nori Heikkinen <nori@sccs.swarthmore.edu>

References:
- Re: Can't access aliased ip address
  - From: Chad Morgan <chad@chadmorgan.com>
- Re: Can't access aliased ip address
  - From: Jor-el <jorel@trillian.megadodo.umb>

Prev by Date: Re: ISDN on Potato
Next by Date: Re: What is option "-P" to smbclient?
Previous by thread: Re: Can't access aliased ip address
Next by thread: SOLVED Can't access aliased ip address
Index(es):
- Date
- Thread