Craig White wrote:
>On Thu, 2005-02-03 at 21:09 -0700, Lee Einer wrote:
>
>
>>Craig White wrote:
>>
>>
>>
>>>On Thu, 2005-02-03 at 20:16 -0700, Lee Einer wrote:
>>>
>>>
>>>
>>>
>>>>Done. Pinged Mepisbox. No packets returned. Mepisbox pings Mandrakebox
>>>>just fine. Stopping iptables at mepisbox returns message
>>>>
>>>> Aborting iptables load: unknown ruleset, "inactive."
>>>>
>>>>I don't know if that is a good thing or a bad thing. It does not get the
>>>>ping going, though.
>>>>
>>>>I have connectivity through both computers to the router, and through
>>>>the router to the internet. The connection for the Mepis laptop is
>>>>wireless- is this at the root of the issue?
>>>>
>>>>
>>>>
>>>>
>>>----
>>>it might very well be...
>>>
>>>The wireless access point - does it have some security setting on it to
>>>prevent wireless users from accessing other parts of the LAN? - does it
>>>put wireless users in a DMZ ?
>>>
>>>Question if you do (on both machines):
>>>#route -n
>>>Kernel IP routing table
>>>Destination Gateway Genmask Flags Metric Ref Use
>>>Iface
>>>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>>>169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
>>>0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
>>>
>>>does they look like above?
>>>
>>>
>>>
>>close. They both have the same gateway address, and both can ping it.
>>Line 2 on Mandrake box has different Iface and Genmask -127.0.0.0 and
>>255.0.0.0 respectively. Mepis box has two lines
>>
>>Destination Gateway Genmask
>>192.168.0.0 0.0.0.0 255.255.255.0 ath0
>>0.0.0.0 192.168.0.1 0.0.0.0 ath0
>>
>>
>>
>-----
>OK - well let's evaluate my assumptions then...
>
>You have something like a Netgear Wireless Router (I think they use the
>192.168.0.0 network) or perhaps one of the newer Qwest supplied
>Actiontec dsl modem/routers with wireless and your Mandrake box connects
>with a cable to one of the LAN ports and the Mepisbox (your laptop)
>connects to this same router via wireless.
>
>With this assumption (brand accuracy not important), then they are both
>'pinging' the same gateway - 192.168.0.1
>
>With this assumption, from the Mepisbox, you should be able to ping
>192.168.0.100 as well as 192.168.0.1 unless there is a firewall on the
>Mandrakebox. If not, then on the Mandrakebox, type 'iptables -L' and
>post the results
>
>With this assumption, from the Mandrakebox, you should be able to ping
>192.168.0.101 as well as 192.168.0.1 unless there is a firewall on the
>Mepisbox. If not, then on the Mepisbox, type 'iptables -L' and post the
>results
>
This is the case. Here is the output of iptables -L from the Mepisbox-
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- mepisbox 192.168.0.255
logaborted tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
nicfilt all -- anywhere anywhere
srcfilt all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
srcfilt all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
s1 all -- anywhere anywhere
Chain f0to1 (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:6881:6889 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-ssn
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:webcache state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:8008 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:8888 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:6969 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:6881:6889 state NEW
ACCEPT udp -- anywhere anywhere udp dpts:6970:7170
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:5999
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state NEW
ACCEPT icmp -- anywhere anywhere icmp echo-reply
logdrop all -- anywhere anywhere
Chain f0to2 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere
Chain f1to0 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6881:6889 state NEW
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:xmpp-client state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6881:6889 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:1863 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:554 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:7070 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT udp -- anywhere anywhere udp dpt:3478
ACCEPT tcp -- anywhere anywhere tcp dpt:kerberos state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:https state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:imaps state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3030 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:rsync state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:gnutella-svc state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8765 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8880 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:0:1023 dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:5190:5193 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpts:5190:5193
ACCEPT udp -- anywhere anywhere udp dpts:33434:33600
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop3s state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:5050 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:telnet state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:5000:5001 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:5000
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:dict state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:1723 state NEW
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:whois state NEW
ACCEPT udp -- anywhere anywhere udp dpt:43
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:nntp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:imap2 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:imap2
ACCEPT udp -- anywhere anywhere udp dpt:4000
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ldap state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:522 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:1503 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:1720 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:1731 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:1024:65535 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpts:1024:65535
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:webcache state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8008 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8888 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6660:6669 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:6969 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop3 state NEW
logdrop all -- anywhere anywhere
Chain f1to2 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere
Chain f2to0 (1 references)
target prot opt source destination
logdrop all -- anywhere anywhere
Chain f2to1 (3 references)
target prot opt source destination
logdrop all -- anywhere anywhere
Chain logaborted (1 references)
target prot opt source destination
logaborted2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
Chain logaborted2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `ABORTED '
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain logdrop (8 references)
target prot opt source destination
logdrop2 all -- anywhere anywhere
Chain logdrop2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
logreject2 all -- anywhere anywhere
Chain logreject2 (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain nicfilt (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain s0 (1 references)
target prot opt source destination
f0to1 all -- anywhere mepisbox
f0to1 all -- anywhere 192.168.0.255
f0to1 all -- anywhere mepisbox
f0to2 all -- anywhere 12.168.0.100
logdrop all -- anywhere anywhere
Chain s1 (1 references)
target prot opt source destination
f1to2 all -- anywhere 12.168.0.100
f1to0 all -- anywhere anywhere
Chain s2 (1 references)
target prot opt source destination
f2to1 all -- anywhere mepisbox
f2to1 all -- anywhere 192.168.0.255
f2to1 all -- anywhere mepisbox
f2to0 all -- anywhere anywhere
Chain srcfilt (2 references)
target prot opt source destination
s2 all -- 12.168.0.100 anywhere
s0 all -- anywhere anywhere
The router is a D-Link DI 624. I will be reviewing the manual later in
the morning also. Hope this isn't one of those cases where RTFM would
have been the correct response.
>
>If I am to look at the manual for your specific wireless AP - (to see if
>there is some setting that might prevent wireless from accessing LAN),
>you should let me know the make & model of your wireless AP so I can
>download the manual from the internet
>
>Craig
>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>To subscribe, unsubscribe, or to change you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
--
Lee Einer
Dos Manos Jewelry
http://www.dosmanosjewelry.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)