Re: Networking problem

On Saturday, May 14, 2011 03:27:53 PM JD wrote:
On 05/14/11 12:55, Rick Sewill wrote:
On Saturday, May 14, 2011 10:46:51 AM JD wrote:
On 05/14/11 09:17, Rick Sewill wrote:
On Saturday, May 14, 2011 09:27:55 AM JD wrote:
On 05/14/11 08:48, G.Wolfe Woodbury wrote:
On 05/14/2011 09:36 AM, JD wrote:
On my F14, I am running a firewall that accepts specific connection
on specific ports from some machines on the LAN.

However, for one machine I made a general rule to accept all
connections:

-A INPUT -s 192.168.1.60 -j ACCEPT

After restarting the firewall,

I still am unable to ping that machine and it is unable to ping me.
That machine is not running a firewall.

I can ping the router and another machine I have on the LAN.
The machine at 192.168.1.60 can do the same.

What else do I need to do to be able to talk to machine 192.168.1.60
and it to my fedora machine?

Try:

-A INPUT -s 192.168.1.60/32 -j ACCEPT

there needs to be a netmask in the syntax.

Tried it.
Did not change anything :(

Could we see more of the network topology please?

Can you do on both machines:
/bin/netstat -rn

On Fedora Machine:
# /bin/netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
wlan0
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0
virbr0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0
wlan0


On the machine in question (192.168.1.60)
# /sbin/netstat -rn
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif
Expire default 192.168.1.254 UGSc 8 0
en1 127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 4 lo0
169.254 link#6 UCS 0 0 en1
192.168.1 link#6 UCS 2 0 en1
192.168.1.1 0:26:18:6:ef:7 UHLW 0 113 en1
566 192.168.1.60 127.0.0.1 UHS 0 0 lo0
192.168.1.254 0:1d:5a:c8:91:c1 UHLW 15 153 en1
565

Internet6:
Destination Gateway
Flags Netif Expire

::1 link#1

UHL lo0
fe80::%lo0/64 fe80::1%lo0
Uc lo0
fe80::1%lo0 link#1
UHL lo0
ff01::/32 ::1
U lo0
ff02::/32 fe80::1%lo0
UC lo0

/sbin/ifconfig

On Fedora machine:

# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E

inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:174589 (170.4 KiB) TX bytes:418153 (408.3 KiB)
Interrupt:19 Base address:0xd800

eth0:0 Link encap:Ethernet HWaddr 00:03:0D:15:2B:9E

inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
Interrupt:19 Base address:0xd800

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:373719874 (356.4 MiB) TX bytes:373719874 (356.4
MiB)

virbr0 Link encap:Ethernet HWaddr 22:3E:A6:BB:CD:51

inet addr:192.168.122.1 Bcast:192.168.122.255

Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:1617830 (1.5 MiB)

wlan0 Link encap:Ethernet HWaddr 00:34:56:00:03:43

inet6 addr: fe80::234:56ff:fe00:343/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4976669 errors:0 dropped:0 overruns:0 frame:0
TX packets:4947232 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1062494718 (1013.2 MiB) TX bytes:500756007 (477.5
MiB)

wlan0:0 Link encap:Ethernet HWaddr 00:34:56:00:03:43

inet addr:192.168.1.108 Bcast:192.168.1.255
Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1

On 192.168.1.60:
# /sbin/ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:11:24:7e:2d:c8
media: autoselect (none) status: inactive
supported media: none autoselect 10baseT/UTP<half-duplex>

10baseT/UTP<full-duplex> 10baseT/UTP<full-duplex,flow-control>
10baseT/UTP<full-duplex,hw-loopback> 100baseTX<half-duplex> 100baseTX
<full-duplex> 100baseTX<full-duplex,flow-control> 100baseTX
<full-duplex,hw-loopback> 1000baseT<full-duplex> 1000baseT
<full-duplex,flow-control> 1000baseT<full-duplex,hw-loopback>
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078

lladdr 00:11:24:ff:fe:7e:2d:c8
media: autoselect<full-duplex> status: inactive
supported media: autoselect<full-duplex>

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

inet 192.168.1.70 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:11:24:92:bc:e0
media: autoselect status: active
supported media: autoselect

If you don't mind, it might be easiest to copy your filewall
rules so we can see them. As root,
/sbin/iptables -L -v

Sorry. I cannot expose my FW settings to a public list because
they might contain weaknesses that someone could exploit.

If you are concerned with security and sharing your public IP address,
may I suggest changing the public IP address ranges to something else,
like xxx.xxx.xxx.0, yyy.yyy.yyy.0, etc, in the output.

Actually, I have no public IP addresses in the rules.

Another question...if you have multiple ethernet devices,
which device is 192.168.1.60 connected to?

en1 (this is a Powerbook g4 running OS X 10.5.8).

Both Fedora and the Powerbook can ping the default gateway,
192.168.254.1 ?

The Powerbook entries confuse me.
According to the Powerbook netstat -rn, I would expect an interface,
192.168.1.60/some mask

When I look at the Powerbook ifconfig, I see
en1: ... inet 192.168.1.70 netmask 0xffffff00 ...
I expected this entry to read inet 192.168.1.60 netmask 0xffffff00

Can I suggest, for a test, change the iptables filters to allow any
incoming packet from 192.168.1.0/24, and then, try to ping from
the Powerbook. Also, you might wish to check the ARP table on
Fedora to see what IP address/Mac address entries it knows about.
As root, try /sbin/arp -a
I am interested to know, after the attempted ping from the Powerbook,
what IP address/Mac entry is found, if any, in the Fedora.

I added the rule
-A INPUT -s 192.168.1.0/24 -j ACCEPT
and retried.
Same thing.
both machines can ping the GW, and they can ping a third machine I have
on the LAN.
But they cannot ping each other.
I also brought the fedora firewall down, and retried to ping Fedora
from Powerbook. No go!!

Interesting. Let me recap so I understand.
1) Only wireless links are active on the Fedora and the Powerbook.
2) the Powerbook wifi is interface en1; the Fedora wifi is wlan0 (wlan0:0)
3) both the Fedora and Powerbook can ping the gateway through the wifi.
4) From the above, a third machine is "on the LAN".
I get this idea because of the phrase above, "they can ping a third
machine I have on the LAN." This LAN is a wired, ethernet network,
connected to the gateway.

I need someone to chime in to help me understand wifi bridging better.
This setup sounds like wifi bridge mode as opposed to wifi ad-hoc mode.

Question: in wifi bridging, does the packet from the Powerbook,
which is destined for the Fedora, go through the gateway,
or can the packet still go directly from the Powerbook to the Fedora?

If the answer is the former, I would ask why the gateway doesn't
relay the packet to the Fedora. if the answer is the latter,
I would assume we should see entries in the ARP tables, in both machines,
for the other device in question, and would ask what are the ARP entries
in both the Fedora and the Powerbook.

Could you tell us the make/model of the gateway please.
I read, on the Internet, different wifi gateways have different capabilities.



--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Relevant Pages

  • Re: Networking problem
    ... I still am unable to ping that machine and it is unable to ping me. ... I can ping the router and another machine I have on the LAN. ... Both Fedora and the Powerbook can ping the default gateway, ... The Powerbook entries confuse me. ...
    (Fedora)
  • Re: Networking problem
    ... I still am unable to ping that machine and it is unable to ping me. ... UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ... Both Fedora and the Powerbook can ping the default gateway, ... The Powerbook entries confuse me. ...
    (Fedora)
  • Re: Networking problem
    ... Powerbook can ping M1 and wireless router. ... Fedora and Powerbook can not ping each other. ... Here we do not know everything about Fedora's and Powerbooki's interfaces ...
    (Fedora)
  • Re: Networking problem
    ... to let you ping any client on the lan. ... The gateway can ping both the powerbook and the fedora pc. ...
    (Fedora)
  • Re: Networking problem
    ... to let you ping any client on the lan. ... The gateway can ping both the powerbook and the fedora pc. ... Can you add a "special" static route between the 2 specifying the router ...
    (Fedora)