* [gentoo-user] Curious ping problem with no FW
@ 2008-07-14 17:31 Harry Putnam
2008-07-19 19:16 ` [gentoo-user] " Miernik
2008-07-20 15:58 ` [gentoo-user] " Mick
0 siblings, 2 replies; 5+ messages in thread
From: Harry Putnam @ 2008-07-14 17:31 UTC (permalink / raw
To: gentoo-user
I've had a problem with being able to ping out to the internet from my
gentoo box, while at the same time I'm able to ping outbound from
several windows boxes on same home lan.
I don't run a firewall at all from linux but do have a Netgear
switch/router/Firewall upstream between me and the internet cable
modem.
Output of iptables -L:
reader > sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
What I'm asking for here is advice about where to start debugging
this.
I can ping anything on my home lan, but nothing on the internet.
Not even my IP's nameservers.
And as mentioned, at the same time I'm able to ping from any of
several windows boxes out to the internet.
My router/fw can be set to deny specific machines outbound traffic but
that is not done in this case. So the solution must reside somewhere
in my gentoo install.
What things should I be checking.
A ping attempt like this:
ping ftp.ucsb.edu
PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data.
Just never moves any further, but you can see it has resolved the
alpha address to numeric forum so must have contacted and received
info from the nameserver.
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-user] Re: Curious ping problem with no FW
2008-07-14 17:31 [gentoo-user] Curious ping problem with no FW Harry Putnam
@ 2008-07-19 19:16 ` Miernik
2008-07-20 15:58 ` [gentoo-user] " Mick
1 sibling, 0 replies; 5+ messages in thread
From: Miernik @ 2008-07-19 19:16 UTC (permalink / raw
To: gentoo-user
Harry Putnam <reader@newsguy.com> wrote:
> What I'm asking for here is advice about where to start debugging
> this.
How about running tcpdump on your outgoing ethernet interface while
running ping?
--
Miernik
http://miernik.name/
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Curious ping problem with no FW
2008-07-14 17:31 [gentoo-user] Curious ping problem with no FW Harry Putnam
2008-07-19 19:16 ` [gentoo-user] " Miernik
@ 2008-07-20 15:58 ` Mick
2008-07-22 15:16 ` [gentoo-user] " Harry Putnam
1 sibling, 1 reply; 5+ messages in thread
From: Mick @ 2008-07-20 15:58 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1596 bytes --]
On Monday 14 July 2008, Harry Putnam wrote:
> I've had a problem with being able to ping out to the internet from my
> gentoo box, while at the same time I'm able to ping outbound from
> several windows boxes on same home lan.
>
> I don't run a firewall at all from linux but do have a Netgear
> switch/router/Firewall upstream between me and the internet cable
> modem.
[snip..]
> My router/fw can be set to deny specific machines outbound traffic but
> that is not done in this case. So the solution must reside somewhere
> in my gentoo install.
It may be worth checking your router's firewall rules once more. Is the
gentoo box connected to the router in the same fashion as the MSWindows
boxen, or is it in some funny DMZ set up?
What do the firewall logs show?
> What things should I be checking.
If as you say you have no firewall on the Gentoo box then you ought to have a
quick look at your kernel. Use sysclt:
/sbin/sysctl -a
and look at your settings probably for net.ipv4.icmp_* or your specific NIC.
> A ping attempt like this:
>
> ping ftp.ucsb.edu
> PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data.
>
> Just never moves any further, but you can see it has resolved the
> alpha address to numeric forum so must have contacted and received
> info from the nameserver.
Or from your router if it acts as a caching DNS resolver?
Unless you have configured your Gentoo kernel in a way that I am not sure is
possible, my money would go on something being amiss with the router firewall
settings.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-user] Re: Curious ping problem with no FW
2008-07-20 15:58 ` [gentoo-user] " Mick
@ 2008-07-22 15:16 ` Harry Putnam
2008-07-23 21:14 ` Mick
0 siblings, 1 reply; 5+ messages in thread
From: Harry Putnam @ 2008-07-22 15:16 UTC (permalink / raw
To: gentoo-user
Mick <michaelkintzios@gmail.com> writes:
> On Monday 14 July 2008, Harry Putnam wrote:
>> I've had a problem with being able to ping out to the internet from my
>> gentoo box, while at the same time I'm able to ping outbound from
>> several windows boxes on same home lan.
>>
>> I don't run a firewall at all from linux but do have a Netgear
>> switch/router/Firewall upstream between me and the internet cable
>> modem.
> [snip..]
>
>> My router/fw can be set to deny specific machines outbound traffic but
>> that is not done in this case. So the solution must reside somewhere
>> in my gentoo install.
>
> It may be worth checking your router's firewall rules once more. Is the
> gentoo box connected to the router in the same fashion as the MSWindows
> boxen, or is it in some funny DMZ set up?
The section involving blocking has nothing whatever set.
> What do the firewall logs show?
Since there is nothing outgoing set to log, it says nothing.
>> What things should I be checking.
>
> If as you say you have no firewall on the Gentoo box then you ought to have a
> quick look at your kernel. Use sysclt:
>
> /sbin/sysctl -a
Here I see:
sysctl -a|grep 'net.*icmp'
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 250
net.ipv4.icmp_ratemask = 6168
But not sure what any of it means. The first line looks kind of
ominous though.
>> A ping attempt like this:
>>
>> ping ftp.ucsb.edu
>> PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data.
>>
>> Just never moves any further, but you can see it has resolved the
>> alpha address to numeric forum so must have contacted and received
>> info from the nameserver.
>
> Or from your router if it acts as a caching DNS resolver?
I don't think so, at least there is no mention in the documentation of
such a feature.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Re: Curious ping problem with no FW
2008-07-22 15:16 ` [gentoo-user] " Harry Putnam
@ 2008-07-23 21:14 ` Mick
0 siblings, 0 replies; 5+ messages in thread
From: Mick @ 2008-07-23 21:14 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1511 bytes --]
On Tuesday 22 July 2008, Harry Putnam wrote:
> Mick <michaelkintzios@gmail.com> writes:
> > It may be worth checking your router's firewall rules once more. Is the
> > gentoo box connected to the router in the same fashion as the MSWindows
> > boxen, or is it in some funny DMZ set up?
>
> The section involving blocking has nothing whatever set.
OK, but is NATing configured the same way for both Linux & MS Windows
machines?
> > What do the firewall logs show?
>
> Since there is nothing outgoing set to log, it says nothing.
Does your router give you the option to log outgoing packets, or monitor them
in real time?
> Here I see:
> sysctl -a|grep 'net.*icmp'
>
> net.ipv4.icmp_echo_ignore_all = 0
That's how it should be if you want your Linux box to respond to pings.
> net.ipv4.icmp_echo_ignore_broadcasts = 1
> net.ipv4.icmp_ignore_bogus_error_responses = 1
> net.ipv4.icmp_errors_use_inbound_ifaddr = 0
> net.ipv4.icmp_ratelimit = 250
> net.ipv4.icmp_ratemask = 6168
Nothing amiss here either.
Have you tried going back to basics: unplug the MSWindows box from your
router and plug your Linux box in the same port to see if you can ping
internet addresses.
Can you ping the IP address of ftp.ucsb.edu; i.e. 128.111.24.43 (although I
would expect that if your linux had DSN problems you wouldn't be able to
browse from it altogether.
What does traceroute show and how does this compare with traceroute -T?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-07-23 21:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-14 17:31 [gentoo-user] Curious ping problem with no FW Harry Putnam
2008-07-19 19:16 ` [gentoo-user] " Miernik
2008-07-20 15:58 ` [gentoo-user] " Mick
2008-07-22 15:16 ` [gentoo-user] " Harry Putnam
2008-07-23 21:14 ` Mick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox