Ping and LAN Problem

NoOp glgxg at sbcglobal.net
Wed Aug 15 19:41:00 UTC 2007 

On 08/14/2007 08:14 PM, das ??? wrote:
> On Tue, 2007-08-14 at 11:20 -0700, NoOp wrote:

> 
> Dear NoOp
> 
> Here is the output, one by one:
> 
> <<<
> root at mahammad:/home/dd# iptables -L OUTBOUND
> iptables: No chain/target/match by that name
> root at mahammad:/home/dd# iptables -L INPUT
> Chain INPUT (policy DROP)
> target     prot opt source               destination         
> ACCEPT     0    --  anywhere             anywhere            
> LOG        0    --  127.0.0.0/8          anywhere            LOG level
> warning 
> DROP       0    --  127.0.0.0/8          anywhere            
> ACCEPT     0    --  anywhere             255.255.255.255     
> ACCEPT     0    --  192.168.0.0/24       anywhere            
> ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4 
> LOG        0    --  192.168.0.0/24       anywhere            LOG level
> warning 
> DROP       0    --  192.168.0.0/24       anywhere            
> ACCEPT     0    --  anywhere             255.255.255.255     
> ACCEPT     0    --  anywhere             mahammad            
> ACCEPT     0    --  anywhere             192.168.1.255       
> DROP       0    --  anywhere             ALL-SYSTEMS.MCAST.NET 
> LOG        0    --  anywhere             anywhere            LOG level
> warning 
> DROP       0    --  anywhere             anywhere            
> root at mahammad:/home/dd# iptables -L OUTPUT
> Chain OUTPUT (policy DROP)
> target     prot opt source               destination         
> ACCEPT     0    --  anywhere             anywhere            
> ACCEPT     0    --  anywhere             255.255.255.255     
> ACCEPT     0    --  anywhere             192.168.0.0/24      
> ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4 
> LOG        0    --  anywhere             192.168.0.0/24      LOG level
> warning 
> DROP       0    --  anywhere             192.168.0.0/24      
> ACCEPT     0    --  anywhere             255.255.255.255     
> ACCEPT     0    --  mahammad             anywhere            
> ACCEPT     0    --  192.168.1.255        anywhere            
> DROP       0    --  anywhere             ALL-SYSTEMS.MCAST.NET 
> LOG        0    --  anywhere             anywhere            LOG level
> warning 
> DROP       0    --  anywhere             anywhere     
>>>>
> 
> And see, this firewall is something that was done by the OS
> automatically, maybe because I am using ipmasq. I never did anything
> about ip-tables. I know absolutely nothing about networking. What I did
> was what you can call horse's doings. I read from the router-howto that
> I have to fix the router ip as 192.168.1.1, and the router connecting
> LAN card's ip as something over 192.168.1.30, and hence I fixed it as
> 192.168.1.40, then made the 192.168.1.1 as the gateway for this eth2,
> with adding this 192.168.1.1 in the /etc/resolv.conf. Then for
> connecting with my laptop, I fixed the laptop's LAN as 192.168.0.2, and
> the laptop connecting LAN of the desktop as 192.168.0.1. Then added this
> 192.168.0.1 in the resolv.conf of the laptop and made the gateway for
> the laptop as 192.168.0.1, setting 255.255.255.0 as the netmask for both
> of them. I did not supply the broadcast, like once I had to do in
> gentoo. This was fixed by Ubuntu itself. And then I installed ssh on
> both the machines, and ipmasq on the desktop such that it can supply the
> ip-s to the laptop. And everything is working as expected, without ever
> understanding what is happening where. Ubuntu is simpler in that sense,
> when I used SuSE I had to run a squid on the desktop to do it. Now,
> ipmasq is doing that. But, here is the problem, with becoming simpler
> maybe it has become a bit non-transparent. Like the broadcast thing, and
> the netmask reported by the machine. Who knows how it is working?
> 
> I think I must try to become a bit networking-literate. I started
> reading Kirch. But it was taking so much time. After all my works and
> engagements, being a teacher and writer by profession, it is a bit
> difficult for me. I will read the netmasq howto that you have sent the
> link. Can you suggest me one or two simple documents like that that will
> help me in understanding how the network things operate in Ubuntu? 
> 
> Thank you NoOp for all the trouble you are taking. 
> ---
> das
> 
> 

Unfortunately I'm not familiar with ipmasq so I can't help much there.
I've just installed it on one of my test machines (based on this thread)
to get a feel for how it works. Hopefully someone with ipmasq experience
will step in and advise.

However, I'd recommend that you install webmin (see:
http://www.webmin.com/); that will allow you to view your network
settings easily, including setting iptables rules, etc. Check the webmin
thread for cautions etc., but I've found webmin to be an excellent
learning tool.

Additional info for netfilter(s) that has easy to understand info is here:

http://www.netfilter.org/
 http://www.netfilter.org/documentation/index.html#documentation-faq

One other thing that you might want to consider; use Firestarter for
your firewall and connection sharing instead of ipmasq. Firestarter
gives you a nice graphical interface and instructions:

http://www.fs-security.com/
 http://www.fs-security.com/docs/connection-sharing.php

and it's also in the repos, so to install:

sudo apt-get install firestarter

Gary

More information about the ubuntu-users mailing list