Ping and LAN Problem
NoOp
glgxg at sbcglobal.net
Wed Aug 15 19:41:00 UTC 2007
On 08/14/2007 08:14 PM, das ??? wrote:
> On Tue, 2007-08-14 at 11:20 -0700, NoOp wrote:
>
> Dear NoOp
>
> Here is the output, one by one:
>
> <<<
> root at mahammad:/home/dd# iptables -L OUTBOUND
> iptables: No chain/target/match by that name
> root at mahammad:/home/dd# iptables -L INPUT
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT 0 -- anywhere anywhere
> LOG 0 -- 127.0.0.0/8 anywhere LOG level
> warning
> DROP 0 -- 127.0.0.0/8 anywhere
> ACCEPT 0 -- anywhere 255.255.255.255
> ACCEPT 0 -- 192.168.0.0/24 anywhere
> ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
> LOG 0 -- 192.168.0.0/24 anywhere LOG level
> warning
> DROP 0 -- 192.168.0.0/24 anywhere
> ACCEPT 0 -- anywhere 255.255.255.255
> ACCEPT 0 -- anywhere mahammad
> ACCEPT 0 -- anywhere 192.168.1.255
> DROP 0 -- anywhere ALL-SYSTEMS.MCAST.NET
> LOG 0 -- anywhere anywhere LOG level
> warning
> DROP 0 -- anywhere anywhere
> root at mahammad:/home/dd# iptables -L OUTPUT
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> ACCEPT 0 -- anywhere anywhere
> ACCEPT 0 -- anywhere 255.255.255.255
> ACCEPT 0 -- anywhere 192.168.0.0/24
> ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
> LOG 0 -- anywhere 192.168.0.0/24 LOG level
> warning
> DROP 0 -- anywhere 192.168.0.0/24
> ACCEPT 0 -- anywhere 255.255.255.255
> ACCEPT 0 -- mahammad anywhere
> ACCEPT 0 -- 192.168.1.255 anywhere
> DROP 0 -- anywhere ALL-SYSTEMS.MCAST.NET
> LOG 0 -- anywhere anywhere LOG level
> warning
> DROP 0 -- anywhere anywhere
>>>>
>
> And see, this firewall is something that was done by the OS
> automatically, maybe because I am using ipmasq. I never did anything
> about ip-tables. I know absolutely nothing about networking. What I did
> was what you can call horse's doings. I read from the router-howto that
> I have to fix the router ip as 192.168.1.1, and the router connecting
> LAN card's ip as something over 192.168.1.30, and hence I fixed it as
> 192.168.1.40, then made the 192.168.1.1 as the gateway for this eth2,
> with adding this 192.168.1.1 in the /etc/resolv.conf. Then for
> connecting with my laptop, I fixed the laptop's LAN as 192.168.0.2, and
> the laptop connecting LAN of the desktop as 192.168.0.1. Then added this
> 192.168.0.1 in the resolv.conf of the laptop and made the gateway for
> the laptop as 192.168.0.1, setting 255.255.255.0 as the netmask for both
> of them. I did not supply the broadcast, like once I had to do in
> gentoo. This was fixed by Ubuntu itself. And then I installed ssh on
> both the machines, and ipmasq on the desktop such that it can supply the
> ip-s to the laptop. And everything is working as expected, without ever
> understanding what is happening where. Ubuntu is simpler in that sense,
> when I used SuSE I had to run a squid on the desktop to do it. Now,
> ipmasq is doing that. But, here is the problem, with becoming simpler
> maybe it has become a bit non-transparent. Like the broadcast thing, and
> the netmask reported by the machine. Who knows how it is working?
>
> I think I must try to become a bit networking-literate. I started
> reading Kirch. But it was taking so much time. After all my works and
> engagements, being a teacher and writer by profession, it is a bit
> difficult for me. I will read the netmasq howto that you have sent the
> link. Can you suggest me one or two simple documents like that that will
> help me in understanding how the network things operate in Ubuntu?
>
> Thank you NoOp for all the trouble you are taking.
> ---
> das
>
>
Unfortunately I'm not familiar with ipmasq so I can't help much there.
I've just installed it on one of my test machines (based on this thread)
to get a feel for how it works. Hopefully someone with ipmasq experience
will step in and advise.
However, I'd recommend that you install webmin (see:
http://www.webmin.com/); that will allow you to view your network
settings easily, including setting iptables rules, etc. Check the webmin
thread for cautions etc., but I've found webmin to be an excellent
learning tool.
Additional info for netfilter(s) that has easy to understand info is here:
http://www.netfilter.org/
http://www.netfilter.org/documentation/index.html#documentation-faq
One other thing that you might want to consider; use Firestarter for
your firewall and connection sharing instead of ipmasq. Firestarter
gives you a nice graphical interface and instructions:
http://www.fs-security.com/
http://www.fs-security.com/docs/connection-sharing.php
and it's also in the repos, so to install:
sudo apt-get install firestarter
Gary
More information about the ubuntu-users
mailing list