[Gllug] SuSE, firewall, BT broadband and IP

Chris Wareham chris.wareham at btinternet.com
Wed Dec 11 00:08:35 UTC 2002 

Anders Odgaard wrote:
> I am trying to get the BT Voyager USB ADSL Modem to work on my SuSE 8.0
> box. I have downloaded the eciadsl package from sourceforge
> (eciadsl.sf.net) and have also studied the info supplied by Mark Adams
> (http://www.thecaretaker.org.uk/drivers/btvoyager/btvoyagerlinux.htm).
> The eciadsl information is very good and I have managed to connect to BT
> broadband over ppp0.
> 

I don't have the Voyager modem, I have the older Alcatel "fish" one, but
if you're having firewall problems the model of modem could be
irrelevant.

> The problem is that the connection is shut down whenever I try do use
> the connection. The /var/log/messages contains the following lines when
> shutting down the connection:
> 
> Dec 10 21:42:09 kontor kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC=
> SRC=61.217.178.241 DST=217.43.14.244 LEN=78 TOS=0x00 PREC=0x00 TTL=112
> ID=41601 PROTO=UDP SPT=1030 DPT=137 LEN=58
> Dec 10 21:42:19 kontor kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC=
> SRC=200.4.108.36 DST=217.43.14.244 LEN=78 TOS=0x00 PREC=0x00 TTL=101
> ID=65186 PROTO=UDP SPT=1110 DPT=137 LEN=58
> Dec 10 21:42:22 kontor pppd[10402]: Modem hangup
> 

What happens if you disable the firewall? To be on the safe side, ensure
nothing is running out of inetd first (or disable it completely), and
check what other daemons are running. Then try pinging the outside world
having made a ppp connection. Then try looking at the network traffic
going through ppp0 on your firewall machine, netcat is your friend here.

If the modem hangs up with the firewall disabled, then it would be
useful to see your ppp.conf (minus any username and password entries of
course).

> My local home network (over eth0) has hosts with IP addresses 127.0.0.1,
> 192.168.1.1 and 192.168.1.2. I have no idea why I used these addresses
> when first setting up the home network.
> 

127.0.0.1 is the loopback and shouldn't be assigned to an external
device (ie. an ethernet device). The 192.168.xxx.xxx block is put aside
for internal networks. These addresses aren't valid on the public
Internet, and make IP masquerading possible - packets to these addresses
don't need to be routed out of the local network (unless you've broken
it down into subnets). The fact that these addresses are invalid out in
the wild also means your firewall can filter them out.

Chris
-- 
the lukewarm lather of lethargy
http://www.btinternet.com/~chris.wareham/


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list