Lost all network connectivity after clean FC3 install

Paul Howarth paul at city-fan.org
Thu Dec 9 18:07:53 UTC 2004 

Salvatore Indiogine wrote:
>  --- Paul Howarth <paul at city-fan.org> ha scritto: 
> 
>>>>$ dig @68.112.12.36 www.cnn.com
>>>
>>>
>>>connection timed out; no servers could be reached
>>
>>If this works on the machine connected to the cable
>>modem then it suggests 
> 
> 
> This is actually on the client PC (FC1
> eth0=192.168.0.50/255.255.255.0 GW=192.168.0.1)
> connected with a crossover cable to the eth1 of the
> FC3 PC connected to the cable modem.
> 
> On 192.168.0.1 I get:
> 
> dig @68.112.12.36 www.cnn.com
> 
> ; <<>> DiG 9.2.4 <<>> @68.112.12.36 www.cnn.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
> 53693
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4,
> ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;www.cnn.com.                   IN      A
> 
> ;; ANSWER SECTION:
> www.cnn.com.            88      IN      CNAME  cnn.com.
> cnn.com.                88      IN      A      64.236.16.116
> cnn.com.                88      IN      A      64.236.24.4
> cnn.com.                88      IN      A      64.236.24.12
> cnn.com.                88      IN      A      64.236.24.20
> cnn.com.                88      IN      A      64.236.24.28
> cnn.com.                88      IN      A      64.236.16.20
> cnn.com.                88      IN      A      64.236.16.52
> cnn.com.                88      IN      A      64.236.16.84
> 
> ;; AUTHORITY SECTION:
> cnn.com.                452     IN      NS     twdns-01.ns.aol.com.
> cnn.com.                452     IN      NS     twdns-02.ns.aol.com.
> cnn.com.                452     IN      NS     twdns-03.ns.aol.com.
> cnn.com.                452     IN      NS     twdns-04.ns.aol.com.
> 
> ;; Query time: 73 msec
> ;; SERVER: 68.112.12.36#53(68.112.12.36)
> ;; WHEN: Thu Dec  9 11:25:29 2004
> ;; MSG SIZE  rcvd: 270

That looks OK, which again points the finger at the packet forwarding.

>>that your packet forwarding rules are broken. What's
>>the output of:
>>
>># iptables -n -L
>>
>>on the machine connected to the cable modem?
> 
> iptables -n -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpts:6881:6889
> RH-Firewall-1-INPUT  all  --  0.0.0.0/0           0.0.0.0/0
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  0.0.0.0/0           0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0       icmp type 255
> ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     udp  --  0.0.0.0/0            224.0.0.251     udp dpt:5353
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0       udp dpt:631
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0       state RELATED,ESTABLISHED
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0       state NEW tcp dpt:22
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0       reject-with icmp-host-prohibited

Interesting; the first rule in the RH-Firewall-1-INPUT chain would appear to 
be accepting any packet, thus rendering the remaining rules irrelevant. 
However, I'm not an iptables expert and I don't use Red Hat's firewall 
utility, so maybe I'm misinterpreting that.

What do you get from:

# iptables -L -n -t nat

Paul.

More information about the fedora-list mailing list