Mailinglist Archive: opensuse (4570 mails)
| < Previous | Next > |
Re: [SLE] SuSE 10.0 masquerade changes?
- From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
- Date: Thu, 17 Nov 2005 04:10:19 +0000 (UTC)
- Message-id: <437C02A6.7090907@xxxxxxxxxxxxx>
On 11/16/2005 11:11 AM, Peter A. Taylor wrote:
>On Tuesday 15 November 2005 19:36, Darryl Gregorash wrote:
>
>>I'm even more confused:
>>
>>>Nov 15 09:05:49 athena kernel: SFW2-FWDint-DROP-DEFLT IN=eth0 OUT=modem0
>>>SRC=192.168.2.20 DST=64.243.71.82 LEN=73 TOS=0x00 PREC=0x00 TTL=127
>>>ID=33119 PROTO=UDP SPT=1027 DPT=53 LEN=53
>>>
>>This is a DNS lookup from "isis" that was just dropped, yet you say your
>>wife is able to resolve hostnames.
>>
>
> "isis" runs Windows XP Home Edition. Perhaps it caches recently used domain
>name data? It also has a modem, which she can't use when I'm online.
>
OK, that might be the reason she can resolve the ISP's ftp server, but
it doesn't explain why her network traffic is being dropped. Note also
that name caching is only temporary, and if your internal network was a
permanent fixture (ie if she had no modem of her own), I am pretty sure
she would be unable to resolve any hostnames.
> Output from SuSE 10.0, online, "iptables -L -n":
Mea culpa; there are actually 3 independent tables in the firewall
(filter, nat and mangle), and the command as I gave it to you only gives
the state of the "filter" table. All the masquerading rules are in the
"nat" table. Perhaps we really need to be looking at the raw rules
anyway, for which there is the "iptables-save" command. Each line of the
output is essentially the parameters of a single "iptables" commandline
as the firewall script created it. Just run "iptables-save" as root,
with no parameters, and post the results. This command outputs all three
of the tables by default.
>On Tuesday 15 November 2005 19:36, Darryl Gregorash wrote:
>
>>I'm even more confused:
>>
>>>Nov 15 09:05:49 athena kernel: SFW2-FWDint-DROP-DEFLT IN=eth0 OUT=modem0
>>>SRC=192.168.2.20 DST=64.243.71.82 LEN=73 TOS=0x00 PREC=0x00 TTL=127
>>>ID=33119 PROTO=UDP SPT=1027 DPT=53 LEN=53
>>>
>>This is a DNS lookup from "isis" that was just dropped, yet you say your
>>wife is able to resolve hostnames.
>>
>
> "isis" runs Windows XP Home Edition. Perhaps it caches recently used domain
>name data? It also has a modem, which she can't use when I'm online.
>
OK, that might be the reason she can resolve the ISP's ftp server, but
it doesn't explain why her network traffic is being dropped. Note also
that name caching is only temporary, and if your internal network was a
permanent fixture (ie if she had no modem of her own), I am pretty sure
she would be unable to resolve any hostnames.
> Output from SuSE 10.0, online, "iptables -L -n":
Mea culpa; there are actually 3 independent tables in the firewall
(filter, nat and mangle), and the command as I gave it to you only gives
the state of the "filter" table. All the masquerading rules are in the
"nat" table. Perhaps we really need to be looking at the raw rules
anyway, for which there is the "iptables-save" command. Each line of the
output is essentially the parameters of a single "iptables" commandline
as the firewall script created it. Just run "iptables-save" as root,
with no parameters, and post the results. This command outputs all three
of the tables by default.
| < Previous | Next > |