my problem with iptables - I think

I seem to have a problem where iptables is keeping me from doing any kind of
networking. On reboot, eth0 does not receive an IP address from my dhcp
server. If I log on to the box locally, and check the RedHat firewall
(lokkit), it shows that it is on in the default configuration (medium). I
turn it off and bring up the network (ifconfig eth0 IP_address), then the
ifconfig shows packets being received and sent. From other systems, I am
then able to ping the box, however, I can not ssh, telnet, or rsh to it
(yes, I have installed and turned these protocols on).

Any pointers or assistance is greatly appreciated.

(E-Mail Removed)

Overbey wrote:

> I seem to have a problem where iptables is keeping me from doing any kind
> of
> networking. On reboot, eth0 does not receive an IP address from my dhcp
> server. If I log on to the box locally, and check the RedHat firewall
> (lokkit), it shows that it is on in the default configuration (medium). I
> turn it off and bring up the network (ifconfig eth0 IP_address), then the
> ifconfig shows packets being received and sent. From other systems, I am
> then able to ping the box, however, I can not ssh, telnet, or rsh to it
> (yes, I have installed and turned these protocols on).
>
> Any pointers or assistance is greatly appreciated.
>
> (E-Mail Removed)

You might take a look either at the iptables startup script or into the
rules of iptables chains. Just issue "iptables -L" as root and look what
exactly it blocks. It´s hard to tell what the problem might be without any
detailed information :-)

Cheers
Robert

"Overbey" <(E-Mail Removed)> said:
>I seem to have a problem where iptables is keeping me from doing any kind of
>networking. On reboot, eth0 does not receive an IP address from my dhcp
>server. If I log on to the box locally, and check the RedHat firewall
>(lokkit), it shows that it is on in the default configuration (medium).

Ok.

>I turn it off and bring up the network (ifconfig eth0 IP_address), then the
>ifconfig shows packets being received and sent.

Hmm - here you're not getting the address from the DHCP server, but
setting it manually. Try "ifup eth0" to get the same behaviour you'd
have at boot time (so, DHCP if your system is configured for DHCP,
and so on). So, this'd check that your DHCP client software can
interoperate with whatever DHCP server your network has.

>From other systems, I am then able to ping the box, however, I can
>not ssh, telnet, or rsh to it (yes, I have installed and turned these
>protocols on).

Well, if you're having ssh, there might not be a point to have either
of the other two. Anyway, what might be wrong after the manual ifconfig
would be the network mask and default gateway (which will be set by
DHCP, if it works). However, if the ping works but "data" protocols
don't (as you say), then it looks like you still have some firewalls
in place.

Things to check:
- run "netstat -lpt" on the Linux machine to show the listening sockets
and processes associated with them; you should see, among others,
a sshd process listening at "*:ssh"
- what does "iptables -vL" show -- shouldn't give you any rule lines,
and all the policies should be set to "ACCEPT"
- run "tcpdump -i eth0 -vvvX tcp port ssh"
and attempt to connect with ssh from a remote host -- you should get
a packet dump of the traffic on display
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Thanks,
Will try yours suggestions.
The iptables -L does show Accept -- I will post results shortly.
Thanks again
Overbey

"Juha Laiho" <(E-Mail Removed)> wrote in message
news:bq5m7s$1fu$(E-Mail Removed)-int...
> "Overbey" <(E-Mail Removed)> said:
> >I seem to have a problem where iptables is keeping me from doing any kind
of
> >networking. On reboot, eth0 does not receive an IP address from my dhcp
> >server. If I log on to the box locally, and check the RedHat firewall
> >(lokkit), it shows that it is on in the default configuration (medium).
>
> Ok.
>
> >I turn it off and bring up the network (ifconfig eth0 IP_address), then
the
> >ifconfig shows packets being received and sent.
>
> Hmm - here you're not getting the address from the DHCP server, but
> setting it manually. Try "ifup eth0" to get the same behaviour you'd
> have at boot time (so, DHCP if your system is configured for DHCP,
> and so on). So, this'd check that your DHCP client software can
> interoperate with whatever DHCP server your network has.
>
> >From other systems, I am then able to ping the box, however, I can
> >not ssh, telnet, or rsh to it (yes, I have installed and turned these
> >protocols on).
>
> Well, if you're having ssh, there might not be a point to have either
> of the other two. Anyway, what might be wrong after the manual ifconfig
> would be the network mask and default gateway (which will be set by
> DHCP, if it works). However, if the ping works but "data" protocols
> don't (as you say), then it looks like you still have some firewalls
> in place.
>
> Things to check:
> - run "netstat -lpt" on the Linux machine to show the listening sockets
> and processes associated with them; you should see, among others,
> a sshd process listening at "*:ssh"
> - what does "iptables -vL" show -- shouldn't give you any rule lines,
> and all the policies should be set to "ACCEPT"
> - run "tcpdump -i eth0 -vvvX tcp port ssh"
> and attempt to connect with ssh from a remote host -- you should get
> a packet dump of the traffic on display
> --
> Wolf a.k.a. Juha Laiho Espoo, Finland
> (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
> PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
> "...cancel my subscription to the resurrection!" (Jim Morrison)

Thanks for the assistance,
I believe I fixed my issue. Some kind of configuration with iptables. Once
I got that straight, everything appears to work. The other issue is mine --
trying to use a heavy OS on a lite machine, ergo the machine does not have
enough memory or processor speed to do what I want.
thanks again
Overbey


"Overbey" <(E-Mail Removed)> wrote in message
news:aeKxb.55747$(E-Mail Removed) et...
> Thanks,
> Will try yours suggestions.
> The iptables -L does show Accept -- I will post results shortly.
> Thanks again
> Overbey
>
> "Juha Laiho" <(E-Mail Removed)> wrote in message
> news:bq5m7s$1fu$(E-Mail Removed)-int...
> > "Overbey" <(E-Mail Removed)> said:
> > >I seem to have a problem where iptables is keeping me from doing any
kind
> of
> > >networking. On reboot, eth0 does not receive an IP address from my
dhcp
> > >server. If I log on to the box locally, and check the RedHat firewall
> > >(lokkit), it shows that it is on in the default configuration (medium).
> >
> > Ok.
> >
> > >I turn it off and bring up the network (ifconfig eth0 IP_address), then
> the
> > >ifconfig shows packets being received and sent.
> >
> > Hmm - here you're not getting the address from the DHCP server, but
> > setting it manually. Try "ifup eth0" to get the same behaviour you'd
> > have at boot time (so, DHCP if your system is configured for DHCP,
> > and so on). So, this'd check that your DHCP client software can
> > interoperate with whatever DHCP server your network has.
> >
> > >From other systems, I am then able to ping the box, however, I can
> > >not ssh, telnet, or rsh to it (yes, I have installed and turned these
> > >protocols on).
> >
> > Well, if you're having ssh, there might not be a point to have either
> > of the other two. Anyway, what might be wrong after the manual ifconfig
> > would be the network mask and default gateway (which will be set by
> > DHCP, if it works). However, if the ping works but "data" protocols
> > don't (as you say), then it looks like you still have some firewalls
> > in place.
> >
> > Things to check:
> > - run "netstat -lpt" on the Linux machine to show the listening sockets
> > and processes associated with them; you should see, among others,
> > a sshd process listening at "*:ssh"
> > - what does "iptables -vL" show -- shouldn't give you any rule lines,
> > and all the policies should be set to "ACCEPT"
> > - run "tcpdump -i eth0 -vvvX tcp port ssh"
> > and attempt to connect with ssh from a remote host -- you should get
> > a packet dump of the traffic on display
> > --
> > Wolf a.k.a. Juha Laiho Espoo, Finland
> > (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
> > PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
> > "...cancel my subscription to the resurrection!" (Jim Morrison)
>
>