[arch-general] iptables not working well?
Javier Vasquez
j.e.vasquez.v at gmail.com
Mon Jul 11 23:24:02 EDT 2011
On Sun, Jul 10, 2011 at 10:22 PM, Javier Vasquez
<j.e.vasquez.v at gmail.com> wrote:
> On Sun, Jul 10, 2011 at 6:25 PM, Damjan Georgievski <gdamjan at gmail.com> wrote:
>> Your config looks ok, but to double check, paste the output of:
>> iptables -L -nv
% sudo iptables -L -nv
Password:
Chain INPUT (policy ACCEPT 1 packets, 446 bytes)
pkts bytes target prot opt in out source
destination
48 4585 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
167 32532 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 60 ACCEPT all -- !ppp0 * 0.0.0.0/0
0.0.0.0/0 state NEW
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
305 185K ACCEPT all -- ppp0 eth0 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
358 117K ACCEPT all -- eth0 ppp0 0.0.0.0/0
0.0.0.0/0
0 0 REJECT all -- ppp0 ppp0 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 254 packets, 23099 bytes)
pkts bytes target prot opt in out source destination
>> iptables -t nat -L -nv
% sudo iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 59 packets, 7366 bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 2 packets, 506 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 74 packets, 4284 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 4 packets, 208 bytes)
pkts bytes target prot opt in out source
destination
127 10936 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
>> to see the exact situation.
>>
>> ...
>>
>> What's the error you are getting. Are you ping-ing by name or by an IP address.
>> Have you tried ping-ing with different packet sizes?
>
> No error at all, just that the browser gets waiting to connect, and
> nevers does it. Pinging is always fine with no specification of
> packet size.
OK, I forgot to answer properly... Yes, I'm using names, not ips...
I didn't try different sizes, but I've done it now...
>From a machine inside the gateway:
% ping -s 1464 www.archlinux.org
PING gudrun.archlinux.org (66.211.214.131): 1464 data bytes
1472 bytes from 66.211.214.131: icmp_seq=0 ttl=52 time=143.214 ms
1472 bytes from 66.211.214.131: icmp_seq=1 ttl=52 time=142.794 ms
1472 bytes from 66.211.214.131: icmp_seq=2 ttl=52 time=142.594 ms
^C--- gudrun.archlinux.org ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 142.594/142.867/143.214/0.258 ms
% ping -s 1465 www.archlinux.org
PING gudrun.archlinux.org (66.211.214.131): 1465 data bytes
^C--- gudrun.archlinux.org ping statistics ---
11 packets transmitted, 0 packets received, 100% packet loss
When the size is 1465, which corresponds to 1473 bytes packets, I get
no answer. But the same happens on the gateway, so this doesn't seem
to be an issue. Not so clear to me, sizes of 0 specified still work,
and from 0 to 1464 ping is OK...
It's weird to me that I can ping the names, but I can't access them
through web browser. And even more weird that some sites are able to
be accessed through the web browser...
I might try later what was suggested about logging...
--
Javier.
More information about the arch-general
mailing list