From: kevin lyda (kevin at domain ie.suberic.net)
Date: Sun 30 Jun 2002 - 18:05:57 IST
On Sun, Jun 30, 2002 at 09:45:17AM -0700, Paul O'Neil wrote:
> I've been up trying to get this piece of cheese to work for what must be
> close to 30 hours. No one has responded. This is what I got now. Everybody
> can ping everybody! I put it some foreword rules in the firewall config and
> setup my vpnd.conf. But I can't ftp from host on one private lan to what is
> the firewall/vpnd/server/ box using the internal nic ip, but i can ping it.
> How do I know I'm really ping it. And I guess there are more rules through
> iptables to allow for different port uses.
to debug problems like this you should do the following things:
log all deny rules. all of them. server and client. if a rule says
reject or deny or whatever, add -l (for ipchains, not sure what you
use for iptables).
use traceroute to see where packets go.
on a quietish network you can watch ifconfig's packet counters.
netstat is useful for both routing tables (-nr) and to see what
connections have come up (-an). the latter tool can catch the
obnoxious problem where the server's ipchains rules allow the packet
in but the client won't let it back in.
kevin
-- kevin at domain suberic.net that a believer is happier than a skeptic is no more to fork()'ed on 37058400 the point than the fact that a drunken man is happier meatspace place: inle than a sober one. the happiness of credulity is a http://suberic.net/~kevin cheap & dangerous quality -- g.b. shaw
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:36 GMT