[Wylug-help] Linux gateway not a gatewat
Christopher McLean
C.J.McLean at leeds.ac.uk
Thu Nov 10 10:20:37 UTC 2011
<original inadvertently sent direct to Gary>
So people can get from the outside to the inside via the gateway, but not the other way around?
Is it for all traffic on all protocols?
Try:
On the gateway: tcpdump -i any
On a client inside: telnet google.com 80
And watch what is happening with the packets on the gateway...
| -----Original Message-----
| From: wylug-help-bounces at wylug.org.uk [mailto:wylug-help-
| bounces at wylug.org.uk] On Behalf Of Gary Stainburn
| Sent: 10 November 2011 10:15
| To: wylug-help at wylug.org.uk
| Subject: [Wylug-help] Linux gateway not a gatewat
|
| Hi folks.
|
| A linux VPN router I set up a couple of weeks back has stopped
| forwarding
| traffic.
|
| It can still access the internet and the remote end of the VPN itself,
| but
| computers behind it can't. I've even turned the iptables off and it
| doesn't
| seem to make any difference. ip_forwarding is still turned on, and the
| computers behind the gateway can still access it okay.
|
| Can anyone suggest what to try next.
|
| [gateway]
| [root at gate ~]# ifconfig
| eth0 Link encap:Ethernet HWaddr 00:08:02:42:33:ED
| inet addr:192.168.7.12 Bcast:192.168.7.255
| Mask:255.255.255.0
| inet6 addr: fe80::208:2ff:fe42:33ed/64 Scope:Link
| UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
| RX packets:29626 errors:0 dropped:0 overruns:0 frame:0
| TX packets:21500 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:1000
| RX bytes:9736795 (9.2 MiB) TX bytes:2638807 (2.5 MiB)
|
| eth1 Link encap:Ethernet HWaddr 00:0D:88:27:9A:1F
| inet addr:10.10.1.1 Bcast:10.10.1.255 Mask:255.255.255.0
| inet6 addr: fe80::20d:88ff:fe27:9a1f/64 Scope:Link
| UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
| RX packets:135026 errors:0 dropped:0 overruns:0 frame:0
| TX packets:185651 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:1000
| RX bytes:9587356 (9.1 MiB) TX bytes:22807867 (21.7 MiB)
| Interrupt:16 Base address:0xc000
|
| lo Link encap:Local Loopback
| inet addr:127.0.0.1 Mask:255.0.0.0
| inet6 addr: ::1/128 Scope:Host
| UP LOOPBACK RUNNING MTU:16436 Metric:1
| RX packets:49652 errors:0 dropped:0 overruns:0 frame:0
| TX packets:49652 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:0
| RX bytes:94914670 (90.5 MiB) TX bytes:94914670 (90.5 MiB)
|
| ppp0 Link encap:Point-to-Point Protocol
| inet addr:192.168.128.2 P-t-P:192.168.128.1
| Mask:255.255.255.255
| UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
| RX packets:10513 errors:0 dropped:0 overruns:0 frame:0
| TX packets:11835 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:3
| RX bytes:2019104 (1.9 MiB) TX bytes:910555 (889.2 KiB)
|
| [root at gate ~]# route -n
| Kernel IP routing table
| Destination Gateway Genmask Flags Metric Ref Use
| Iface
| 80.40.145.67 192.168.128.1 255.255.255.255 UGH 0 0 0
| ppp0
| 192.168.128.1 0.0.0.0 255.255.255.255 UH 0 0 0
| ppp0
| 80.40.144.67 192.168.128.1 255.255.255.255 UGH 0 0 0
| ppp0
| 192.168.7.0 0.0.0.0 255.255.255.0 U 0 0 0
| eth0
| 10.10.1.0 0.0.0.0 255.255.255.0 U 0 0 0
| eth1
| 10.2.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 172.24.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 10.1.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 172.30.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 10.7.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 10.5.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 136.9.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 10.8.0.0 192.168.128.1 255.255.0.0 UG 0 0 0
| ppp0
| 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0
| eth0
| 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0
| eth1
| 0.0.0.0 192.168.7.11 0.0.0.0 UG 0 0 0
| eth0
| [root at gate ~]# iptables -L
| Chain INPUT (policy ACCEPT)
| target prot opt source destination
|
| Chain FORWARD (policy ACCEPT)
| target prot opt source destination
|
| Chain OUTPUT (policy ACCEPT)
| target prot opt source destination
| [root at gate ~]# ping eddie
| PING eddie.ringways.co.uk (10.1.1.115) 56(84) bytes of data.
| 64 bytes from eddie.ringways.co.uk (10.1.1.115): icmp_req=1 ttl=63
| time=68.7
| ms
| 64 bytes from eddie.ringways.co.uk (10.1.1.115): icmp_req=2 ttl=63
| time=68.1
| ms
| ^C
| --- eddie.ringways.co.uk ping statistics ---
| 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
| rtt min/avg/max/mdev = 68.158/68.446/68.734/0.288 ms
| [root at gate ~]#
|
| [client]
| [root at dcomp5 ~]# ifconfig
| eth0 Link encap:Ethernet HWaddr 00:21:70:F2:38:9A
| inet addr:10.10.1.123 Bcast:10.10.255.255 Mask:255.255.0.0
| inet6 addr: fe80::221:70ff:fef2:389a/64 Scope:Link
| UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
| RX packets:197973 errors:0 dropped:0 overruns:0 frame:0
| TX packets:127755 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:1000
| RX bytes:23954046 (22.8 MiB) TX bytes:8987081 (8.5 MiB)
| Interrupt:46
|
| lo Link encap:Local Loopback
| inet addr:127.0.0.1 Mask:255.0.0.0
| inet6 addr: ::1/128 Scope:Host
| UP LOOPBACK RUNNING MTU:16436 Metric:1
| RX packets:11257 errors:0 dropped:0 overruns:0 frame:0
| TX packets:11257 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:0
| RX bytes:1574170 (1.5 MiB) TX bytes:1574170 (1.5 MiB)
|
| wlan0 Link encap:Ethernet HWaddr 00:22:5F:82:03:6C
| inet6 addr: fe80::222:5fff:fe82:36c/64 Scope:Link
| UP BROADCAST MULTICAST MTU:1500 Metric:1
| RX packets:0 errors:0 dropped:0 overruns:0 frame:0
| TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:1000
| RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
| Interrupt:19
|
| [root at dcomp5 ~]# route -n
| Kernel IP routing table
| Destination Gateway Genmask Flags Metric Ref Use
| Iface
| 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0
| eth0
| 0.0.0.0 10.10.1.1 0.0.0.0 UG 0 0 0
| eth0
| [root at dcomp5 ~]# ping -c 1 10.10.1.1
| PING 10.10.1.1 (10.10.1.1) 56(84) bytes of data.
| 64 bytes from 10.10.1.1: icmp_req=1 ttl=64 time=0.299 ms
|
| --- 10.10.1.1 ping statistics ---
| 1 packets transmitted, 1 received, 0% packet loss, time 0ms
| rtt min/avg/max/mdev = 0.299/0.299/0.299/0.000 ms
| [root at dcomp5 ~]# ping -c 1 eddie
| PING eddie.ringways.co.uk (10.1.1.115) 56(84) bytes of data.
|
| --- eddie.ringways.co.uk ping statistics ---
| 1 packets transmitted, 0 received, 100% packet loss, time 0ms
|
| [root at dcomp5 ~]# traceroute eddie
| traceroute to eddie (10.1.1.115), 30 hops max, 60 byte packets
| 1 10.10.1.1 (10.10.1.1) 0.303 ms 0.246 ms 0.199 ms
| 2 * * *
| 3 * * *
| 4 * * *
| 5 * * *
| 6 * * *
| 7 *^C
| [root at dcomp5 ~]#
|
|
| --
| Gary Stainburn
| Group I.T. Manager
| Ringways Garages
| http://www.ringways.co.uk
|
| _______________________________________________
| Wylug-help mailing list
| Wylug-help at wylug.org.uk
| https://mailman.lug.org.uk/mailman/listinfo/wylug-help
More information about the Wylug-help
mailing list