On Sun, Jun 30, 2002 at 09:45:17AM -0700, Paul O'Neil wrote:
> I've been up trying to get this piece of cheese to work for what must be
> close to 30 hours. No one has responded. This is what I got now. Everybody
> can ping everybody! I put it some foreword rules in the firewall config and
> setup my vpnd.conf. But I can't ftp from host on one private lan to what is
> the firewall/vpnd/server/ box using the internal nic ip, but i can ping it.
> How do I know I'm really ping it. And I guess there are more rules through
> iptables to allow for different port uses.
to debug problems like this you should do the following things:
log all deny rules. all of them. server and client. if a rule says
reject or deny or whatever, add -l (for ipchains, not sure what you
use for iptables).
use traceroute to see where packets go.
on a quietish network you can watch ifconfig's packet counters.
netstat is useful for both routing tables (-nr) and to see what
connections have come up (-an). the latter tool can catch the
obnoxious problem where the server's ipchains rules allow the packet
in but the client won't let it back in.
kevin
--
kevin at suberic.net that a believer is happier than a skeptic is no more to
fork()'ed on 37058400 the point than the fact that a drunken man is happier
meatspace place: inle than a sober one. the happiness of credulity is a
http://suberic.net/~kevin cheap & dangerous quality -- g.b. shaw
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
