From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GFBYJ-0000oY-5U for garchives@archives.gentoo.org; Mon, 21 Aug 2006 15:18:59 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k7LFFCmT007075; Mon, 21 Aug 2006 15:15:12 GMT Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k7LFBccN023302 for ; Mon, 21 Aug 2006 15:11:38 GMT Received: by nf-out-0910.google.com with SMTP id m19so2239418nfc for ; Mon, 21 Aug 2006 08:11:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=aR/CLI0v5QEvpYiHeLxO34sIz9Zn3wKHt0zJQcyX7f1gfxAxTg/4JfarukfevnMqZTu8hmExBZj9l6tYk/yTTLiRZ4yDHMoJaNcxfqfh8J3jd//NE1WdF1PW92/Io4Ho80euskL7t1J8wSvEhg153rURUc0aywww2GxeqYVKE0U= Received: by 10.49.21.8 with SMTP id y8mr7833199nfi; Mon, 21 Aug 2006 08:11:38 -0700 (PDT) Received: by 10.78.173.3 with HTTP; Mon, 21 Aug 2006 08:11:37 -0700 (PDT) Message-ID: <5cd9791d0608210811j6d36994fj50d73320e7e891f0@mail.gmail.com> Date: Mon, 21 Aug 2006 23:11:37 +0800 From: "fei huang" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] the user mode linux can't access network.. In-Reply-To: <200608211659.35207.shrdlu@unlimitedmail.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_277_26237666.1156173097988" References: <5cd9791d0608202338u56e4f4d5n776c7a802e9c2aa@mail.gmail.com> <5cd9791d0608210337m72ddf43eue8cdd3ae5b00b5c4@mail.gmail.com> <5cd9791d0608210722q2d2be655j31b2868a7f88b203@mail.gmail.com> <200608211659.35207.shrdlu@unlimitedmail.org> X-Archives-Salt: 854c7707-7106-4b75-88b3-c64c73aae279 X-Archives-Hash: 5924c09254b5517ffac06124c96fa091 ------=_Part_277_26237666.1156173097988 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline On 8/21/06, Etaoin Shrdlu wrote: > > On Monday 21 August 2006 16:22, fei huang wrote: > > > still no luck... I tried to build everything in kernel, and later > > build additional iptable_filter as module, add iptable to my default > > run level,, neither of them works.. > > I'd try first with iptables filters *disabled*, to make sure it's not a > firewall issue. Once it works, enable packet filtering (if you need it). > But until you are sure it works, make sure nothing prevents traffic > flow, so disable iptables filters. mm, I disabled it from auto loading. > I found there is a warning message after emerge iptables says: ip > > forwarding is not included in iptables any more. what does it mean? is > > that related with the issue? > > It means that, if you want ip forwarding, you have to enable it manually > using the command > > echo 1 > /proc/sys/net/ipv4/ip_forward > > To verify that forwarding is working, simply do > > cat /proc/sys/net/ipv4/ip_forward > > and it should print "1". > Keep in mind that if you reboot, you have to re-enable forwarding if you > want it again. gentoo might do that trick for me, everytime I check that value, it shows 1. Finally, run a network analyzer like wireshark and see for yourself > what's happening. I'd look at ARP packets first: make sure ARP is > working correctly. > -- > gentoo-user@gentoo.org mailing list uh, that's a good idea, I'll emege wireshark and see what's happening, the most annoying thing is that there's no log for troubleshooting, I wonder why iptable never write anything to syslog? that's wierd. regards daniel ------=_Part_277_26237666.1156173097988 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline

On 8/21/06, Etaoin Shrdlu <shrdlu@unlimitedmail.org> wrote:
On Monday 21 August 2006 16:22, fei huang wrote:

> still no luck... I tried to build everything in kernel, and later
> build additional iptable_filter as module, add iptable to my default
> run level,, neither of them works..

I'd try first with iptables filters *disabled*, to make sure it's not a
firewall issue. Once it works, enable packet filtering (if you need it).
But until you are sure it works, make sure nothing prevents traffic
flow, so disable iptables filters.

mm, I  disabled it from  auto  loading.

> I found there is a warning message after emerge iptables says: ip
> forwarding is not included in iptables any more. what does it mean? is
> that related with the issue?

It means that, if you want ip forwarding, you have to enable it manually
using the command

echo 1 > /proc/sys/net/ipv4/ip_forward

To verify that forwarding is working, simply do

cat /proc/sys/net/ipv4/ip_forward

and it should print "1".
Keep in mind that if you reboot, you have to re-enable forwarding if you
want it again.

gentoo might do that trick for me, everytime I  check  that value, it shows 1.

Finally, run a network analyzer like wireshark and see for yourself
what's happening. I'd look at ARP packets first: make sure ARP is
working correctly.
--
gentoo-user@gentoo.org mailing list

uh, that's a good idea, I'll emege wireshark and see what's happening, the most annoying thing is that there's no log for troubleshooting, I wonder why iptable never write anything to syslog?  that's wierd.


regards

daniel
------=_Part_277_26237666.1156173097988-- -- gentoo-user@gentoo.org mailing list