Re: no network access to or from server
You must check 3 things:
1. Your interface has the correct ip/netmask
2. Routing is correct
3. No firewall rules drops your traffic
1. "ifconfig -a" will give you the actual configuration of your interfaces
If your eth0 (or whatever interface are you using) interface
configuration is not correct, you must correct this using also, ifconfig:
ifconfig eth0 <your_ip_addr> netmask <your_network_mask>
In your previous mail, I read that you are using a mask of
"255.255.255.255" I suspect that this mask is incorrect.
Ask your ISP to tell you the correct mask.
If they don't tell you the correct netmask, then use a netmask that
makes that your eth0 interface and your router are both in the same ip
network. If you don't know AND don't find the info on how to calculate
this, tell me and I will say you the mask.
Also, if you want to get your interface configuration via dhcp, you can
issue the command:
2. You must hace a default route pointing to your router.
"netstat -nr" will give you your actual routing table.
You must have an entry with destination "0.0.0.0" like:
Destination Gateway Genmask Flags MSS Window irtt
0.0.0.0 <your_router_ip> 0.0.0.0 UG 0
0 0 eth0
You can manipulate (add, remove, ...) your routing table using the
3. It is very probable that there is a firewall rule (shorewall is a
firewall) that is blocking your traffic (most firewalls default action
is to "drop" the packets).
You can check your actual rules with "iptables -vnL", it will produce an
output showing you what are the actual rules for your INPUT, OUTPUT and
Only to do a test, you can "flush" all your chains in order to determine
if this is the problem or not.
You can flush your iptables chains with the following:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat
I suggest to you that first, you check step (3).
Hope this helps.
Andrei Popescu wrote:
>On Wed, 25 Jan 2006 17:57:45 -0800
>"Brian Street" <email@example.com> wrote:
>>I'm faced with an issue that I don't understand; I hope someone can help me.
>>I have a dedicated server at 1and1.com that will be our company's new web
>>and mail server running Debian 3.1.
>>I have installed Postfix, Dovecot, and Apache2 to name a few, and everything
>>was working as expected and so I decided to try to install Shorewall and was
>>unable to connect to the box via the internet (at least I still have console
>>access) after following a how-to for a stand-alone firewall.
>>So, I decided I would remove the package and try something else instead.
>Did you remove or purge the package?
>>Now, when I reboot the server I am unable to connect to the server from the
>>internet, or to the internet from the server. My eth0 interface does not get
>>configured with it's IP address (220.127.116.11).
>>I tried rebooting, and restarting /etc/init.d/networking to no avail.
>>What the heck went wrong that I can't bring up my interface now?
>>auto lo eth0
>>iface lo inet loopback
>>iface eth0 inet dhcp
>>DHCP? Wtf? On a dedicated server? Shouldn't it be a static IP address?
>>1and1 Support said, yes, I had a static IP address. But that's as far as
>>they will help since I have a dedicated server. They said I am configuring
>>my interface wrong and they won't help, but that it works just fine when set
>>to dhcp....except in this case.
>>I tried to change the last line to the following (information provided by
>>1and1 tech support):
>>Iface eth0 inet static
>> address 18.104.22.168
>> netmask 255.255.255.255
> ^^^ are you sure?
>> gateway 10.255.255.1
>>I presume I should also add:
>> network 22.214.171.124
>> broadcast 126.96.36.199
>>but they haven't volunteered that information when asked.
>>I must be overlooking something, but I can't figure out what it is.
>>Thanks in advance for any help provided.
>You should first try to clear the firewall rules shorewall might have set.