Jump to content

can ping but none can ping me - different subnets


Guest turnbui
 Share

Recommended Posts

Guest turnbui

Hello everyone.

 

I have enabled pings to my Linux machine in Mandrake Control Centre. I don't have any Firewall in place and I used Chris Streets' How to turn your firewall off - just to be sure. BTW - Excellent site.

I also enabled Pings in the Router though I suspect that only checks pings coming in from Internet and not local LANs - though I'm not certain of this.

 

My setup is as follows [probably illegal though and thus my problem??] :-

 

Internet connection comes into a

D-Link D504T 4 port router. 3 ports are used by other people in the house who rightly don't want my Linux box in their way. I have my Linux machine connected via eth1 to 1 port of this DHCP router which uses subnet 192.168.1.0/24.

The other NIC I have connected to an XP machine using STATIC IP using subnet 192.168.3.1 and the XP machine is set to 192.168.3.2.

After a boot I do the following:- [to be automated when it all works] and the IWPCS.co.uk site educated me with this

 

ifconfig eth0 down

ifconfig eth0 192.168.3.1

ifconfig eth0 up

iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

 

after the 3rd iptables command I can browse Internet and ping all the other machines from both Linux & my XP machine.

I can ping my XP from my Linux BUT I cannot ping my XP box from any of the other XP machines Can anyone throw some light on this please?

The other peoples' XP boxes do have ZoneAlarm firewall [ONLY] but we allowed the full range of both subnets.

 

I want to go on to use Samba with a WINS server as Chris advised but I can't do this if I can't ping my XP machine from the other peoples' computers.

 

ANY help / advice would be very much appreciated. Handfulls of my hair are missing already!!

 

Following are the outputs that IWPCS site recomended to provide:

 

[root@ian ian]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:50:04:0D:0E:30

inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0

inet6 addr: fe80::250:4ff:fe0d:e30/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:4025 errors:0 dropped:0 overruns:0 frame:0

TX packets:3718 errors:0 dropped:0 overruns:0 carrier:0

collisions:58 txqueuelen:1000

RX bytes:565950 (552.6 Kb) TX bytes:2030861 (1.9 Mb)

Interrupt:11 Base address:0xdc00

 

eth1 Link encap:Ethernet HWaddr 00:02:E3:21:3E:19

inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::202:e3ff:fe21:3e19/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:5759 errors:0 dropped:0 overruns:0 frame:0

TX packets:4762 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:2476114 (2.3 Mb) TX bytes:713029 (696.3 Kb)

Interrupt:10 Base address:0x8000

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:239 errors:0 dropped:0 overruns:0 frame:0

TX packets:239 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:18849 (18.4 Kb) TX bytes:18849 (18.4 Kb)

 

[root@ian ian]# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1

 

 

[root@ian ian]# iptables -nvL

Chain INPUT (policy ACCEPT 3055 packets, 418K bytes)

pkts bytes target prot opt in out source destination

 

Chain FORWARD (policy ACCEPT 5834 packets, 2079K bytes)

pkts bytes target prot opt in out source destination

367 290K ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

373 79083 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0

 

Chain OUTPUT (policy ACCEPT 1853 packets, 430K bytes)

pkts bytes target prot opt in out source destination

 

 

 

[root@ian ian]# iptables -nvL -t nat

Chain PREROUTING (policy ACCEPT 483 packets, 35509 bytes)

pkts bytes target prot opt in out source destination

 

Chain POSTROUTING (policy ACCEPT 56 packets, 7256 bytes)

pkts bytes target prot opt in out source destination

37 1952 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0

 

Chain OUTPUT (policy ACCEPT 95 packets, 14308 bytes)

pkts bytes target prot opt in out source destinatio

Link to comment
Share on other sites

Hi Ian

 

This is a Windows question :)

 

You will need to add the route to the XP box to the routing tables of the other XP machines.

 

It goes something like

route -p add 192.168.3.0 mask 255.255.255.0 192.168.1.3

 

The -p makes it persistant.

 

route print displays the routing table

 

Chris

Link to comment
Share on other sites

Guest turnbui

Yee-Hah. Magic Chris - worked like a charm. Can ping without problem. Totally thanks.

And now:-

Now for the shares.

As an aside and fyi [its probably Windows again!?]. The other XP's can get as far as my Linux. They can see my XP in "View Workgroup computers" but can't get in to see the shares. My XP can see their machines but can't get into see the shares.

My Linux however, is all seeing. I'm using Samba with wins support = yes and I've turned off the XP's ZoneAlarm.....

 

But that's another story to investigate.

At least now I can ping I've got a fighting chance. Nice one.

 

Cheers Chris

Ian T.

 

PS. Do I mark this thread as Solved somehow. I don't see where I could do this.

Link to comment
Share on other sites

Guest turnbui

Chris in case yu don't come back to this I'll send you a draft of the wip HOW-TO on how we managed to get this 2 subnet working. Please trash it if you can't use it.

 

Thanks for taking the time to steer me in the right direction

 

Ian T

iptables_ian.txt

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...