# masquerade: nothing works except ping - please help [SOLVED]

## msl75

Hello

I know that this topic repeats very often, but belive me I've spent last month trying to solve this problem.

I have one linux box, named tux, which is connected via dhcp (but it always gets the same IP) to my ISP. I have also on old box with windows, which I want to use only for browsing internet.

The tux has two network interfaces: eth1 - which connects me to the universe and eth0 - which conects me to this old windows box named kml.

The network is configured, both my boxes can ping each other. On tux everything is working OK, but on this old windows box nothing except ping. I am able to ping the tux and everything external what I can from tux. But http, www, https, ftp, ssh (even to tux) is not working.

I've spend last mont on reading tutorials, forums, HOWTOs etc and no success, so I decided to ask You for help. I've also tried with The Gentoo Security Guide, Gentoo Home Router Guide, and with Packet Filtering HOWTO (in Polish), Linux Stateful Firewall & IP Masquerading and uncountable number of posts from this forum (and others sities).

If anybody has idea what is wrong with that, please help me, because after this last month I have to give up. I feel that problem is not in the iptables rules, because: 1) ping from kml is working - so forwadring is working, even for external hosts given by name - so DNS is also working 

2) I have them from my friend, and they are working for him without any problems. My goal is to have working masquerading not to setup a firewall (maybe when masquerading starts working...)

So topology looks like that:

```

+----------------+          +---------------------+        +-intranet----------------------+

|                |   DHCP   |     gentoo-box      |        | up till now one box           |

|   internet     >----------|   tux.homenetwork   |--------| 192.168.0.2 (kml.homenetwork) |

| www.gentoo.org |        eth1                  eth0       |                               |

|                |     192.168.1.3          192.168.0.1    |                               |

+----------------+          +---------------------+        +-------------------------------+

```

tux's ifconfig:

```

tux root # ifconfig

eth0      Link encap:Ethernet  HWaddr 00:80:48:C6:54:80

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:195 errors:2 dropped:0 overruns:0 frame:0

          TX packets:201 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:28541 (27.8 Kb)  TX bytes:54899 (53.6 Kb)

          Interrupt:5 Base address:0xd000

eth1      Link encap:Ethernet  HWaddr 00:50:FC:1E:00:89

          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0

          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:13626 errors:0 dropped:0 overruns:0 frame:0

          TX packets:12710 errors:0 dropped:0 overruns:0 carrier:0

          collisions:1101 txqueuelen:1000

          RX bytes:11233197 (10.7 Mb)  TX bytes:1623511 (1.5 Mb)

          Interrupt:10 Base address:0xd400

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:6 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:300 (300.0 b)  TX bytes:300 (300.0 b)

```

tux's route:

```

tux root # route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.1.0     *               255.255.255.0   U     0      0        0 eth1

192.168.0.0     *               255.255.255.0   U     0      0        0 eth0

loopback        tux.homenetwork 255.0.0.0       UG    0      0        0 lo

default         192.168.1.254   0.0.0.0         UG    0      0        0 eth1

```

my iptables rules:

```

#!/bin/bash

# set chains default policy to ACCEPT

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

#LOOPBACK=lo

#LAN=eth0

#WAN=eth1

#Flush any rules that may still be configured

iptables -F

iptables -t filter -F INPUT

iptables -t filter -F OUTPUT

iptables -t filter -F FORWARD

iptables -t nat -F PREROUTING

iptables -t nat -F POSTROUTING

iptables -t nat -F OUTPUT

# Set the default policies for the chains

iptables -t filter -P INPUT DROP

iptables -t filter -P OUTPUT ACCEPT

iptables -t filter -P FORWARD DROP

iptables -t nat -P PREROUTING ACCEPT

iptables -t nat -P POSTROUTING ACCEPT

iptables -t nat -P OUTPUT ACCEPT

# Set up the firewall rules

iptables -t filter -A INPUT -i lo -j ACCEPT

iptables -t filter -A INPUT -i eth0 -j ACCEPT

iptables -t filter -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Set up the ip forwarding

iptables -t filter -A FORWARD -i eth0 -o eth1 -j ACCEPT

iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Set up ip masquerading

# All packets that are going out to eth1 interface should change the source IP address to the IP of the firewall server

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

```

my second iptables rules, which also doesn't work (I mean the effect is the same):

```

#!/bin/bash

#

EXTNET="192.168.1.0/24"

INTNET="192.168.0.0/24"

UNIVERSE="0.0.0.0/0"

EXTIP="192.168.1.3"

INTIP="192.168.0.1"

EXTIF=eth1

INTIF=eth0

IPTABLES=/sbin/iptables

# CRITICAL

# enable IP forwarding by kernel

#echo "1" > /proc/sys/net/ipv4/ip_forward

# clearing any existing rules and setting default policy.

$IPTABLES -P INPUT ACCEPT

$IPTABLES -F INPUT

$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -F OUTPUT

$IPTABLES -P FORWARD DROP

$IPTABLES -F FORWARD

$IPTABLES -t nat -F

#

# Delete all User-specified chains

$IPTABLES -X

#

# Reset all IPTABLES counters

$IPTABLES -Z

# Allow any related traffic coming back to the MASQ server in

$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT

# default FORWARD rules

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

# enable SNAT (MASQUERADE) on $EXTIF (strict form)

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP

```

my kernel (2.6.7r11) settings:

```

[*] Network packet filtering (replaces ipchains)  --->

...

  ? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?

  ? ?                               <*> Connection tracking (required for masq/NAT)                                          ? ?

  ? ?                               <*>   FTP protocol support                                                               ? ?

  ? ?                               < >   IRC protocol support                                                               ? ?

  ? ?                               < >   TFTP protocol support                                                              ? ?

  ? ?                               < >   Amanda backup protocol support                                                     ? ?

  ? ?                               <*> Userspace queueing via NETLINK                                                       ? ?

  ? ?                               <*> IP tables support (required for filtering/masq/NAT)                                  ? ?

  ? ?                               <*>   limit match support                                                                ? ?

  ? ?                               <*>   IP range match support                                                             ? ?

  ? ?                               <*>   MAC address match support                                                          ? ?

  ? ?                               <*>   Packet type match support                                                          ? ?

  ? ?                               <*>   netfilter MARK match support                                                       ? ?

  ? ?                               <*>   Multiple port match support                                                        ? ?

  ? ?                               <*>   TOS match support                                                                  ? ?

  ? ?                               <*>   recent match support                                                               ? ?

  ? ?                               <*>   ECN match support                                                                  ? ?

  ? ?                               <*>   DSCP match support                                                                 ? ?

  ? ?                               <*>   AH/ESP match support                                                               ? ?

  ? ?                               <*>   LENGTH match support                                                               ? ?

  ? ?                               <*>   TTL match support                                                                  ? ?

  ? ?                               <*>   tcpmss match support                                                               ? ?

  ? ?                               <*>   Helper match support                                                               ? ?

  ? ?                               <*>   Connection state match support                                                     ? ?

  ? ?                               <*>   Connection tracking match support                                                  ? ?

  ? ?                               <*>   Owner match support                                                                ? ?

  ? ?                               <*>   Packet filtering                                                                   ? ?

  ? ?                               <*>     REJECT target support                                                            ? ?

  ? ?                               <*>   Full NAT                                                                           ? ?

  ? ?                               <*> MASQUERADE target support                                                            ? ?

  ? ?                               <*> REDIRECT target support                                                              ? ?

  ? ?                               <*> NETMAP target support                                                                ? ?

  ? ?                               <*> SAME target support                                                                  ? ?

  ? ?                               [ ] NAT of local connections (READ HELP)                                                 ? ?

  ? ?                               < > Basic SNMP-ALG support (EXPERIMENTAL)                                                ? ?

  ? ?                               <*> Packet mangling                                                                      ? ?

  ? ?                               <*>   TOS target support                                                                 ? ?

  ? ?                               <*>   ECN target support                                                                 ? ?

  ? ?                               <*>   DSCP target support                                                                ? ?

  ? ?                               <*>   MARK target support                                                                ? ?

  ? ?                               <*>   CLASSIFY target support                                                            ? ?

  ? ?                               <*> LOG target support                                                                   ? ?

  ? ?                               <*> ULOG target support                                                                  ? ?

  ? ?                               <*> TCPMSS target support                                                                ? ?

  ? ?                               <*> ARP tables support                                                                   ? ?

  ? ?                               <*>   ARP packet filtering                                                               ? ?

  ? ?                               <*>   ARP payload mangling                                                               ? ?

  ? ?                               < > raw table support (required for NOTRACK/TRACE)                                       ? ?

```

services run on tux (configured according to: http://gentoo-wiki.com/HOWTO_setup_a_home-server):

```

tux linux # rc-status

Runlevel: default

  gpm                                                                                                                  [ started ]

  xfs                                                                                                                  [ started ]

  sshd                                                                                                                 [ started ]

  local                                                                                                                [ started ]

  squid                                                                                                                [ started ]

  dnsmasq                                                                                                              [ started ]

  vixie-cron                                                                                                           [ started ]

  iptables                                                                                                             [ started ]

  syslog-ng                                                                                                            [ started ]

  domainname                                                                                                           [ started ]

  net.eth0                                                                                                             [ started ]

  net.eth1                                                                                                             [ started ]

  netmount                                                                                                             [ started ]

  numlock                                                                                                              [ started ]

```

enabled forwarding:

```

tux linux # more /proc/sys/net/ipv4/conf/all/forwarding

1

tux linux # more /proc/sys/net/ipv4/ip_forward

1

tux linux # more /proc/sys/net/ipv4/ip_dynaddr

1

```

DNS setting on tux:

tux etc # more resolv.conf

nameserver 192.168.1.254

Network settings on kml:

IP: 192.168.0.2

Gateway: 192.168.0.1

Subnet mask: 255.255.255.0

Default router: 192.168.0.1

WINS: disabled

DNS servers: 192.168.0.1 (tux), 192.168.1.254

Proxy in browser on kml is set to:

192.168.0.1:3128

Regards

MaciekLast edited by msl75 on Mon Sep 27, 2004 8:20 am; edited 1 time in total

----------

## nielchiano

looks like a big problem...

since Ping is working; you have IP conectivity; but aparently everything above doesn't work...

First try this:

on the windows machine open a telnet session (start|run|telnet). Win 9x/ME: Open new session (in the menu) to www.gentoo.org; port 80

 Win NT/2000/XP: type open www.gentoo.org 80

As soon as the connection gets up (IF it gets up, you'll notice) type

```
GET /
```

 followed by RETURN twice.

Do the same, but to tux instead of gentoo and port 22 instead of 80 (connect to the SSH daemon); Here you don't have to type the GET thing, you'll see if the server answers

Tell me if this works; if not, what error is given

----------

## msl75

Hi

First of all thank You for Your answer and help. Please find below the results of your commands.

 *nielchiano wrote:*   

> 
> 
> First try this:
> 
> on the windows machine open a telnet session (start|run|telnet). Win 9x/ME: Open new session (in the menu) to www.gentoo.org; port 80
> ...

 

1. Start --> Run --> Telnet

Open connection to www.gentoo.org, port 80

Telnet started, after "Open connection" nothing happened, no message, no error, no connection, nothing (looks like handed, but it wasn't - I can "cancel" connection, or start new. So it is not working.

In next try I've got message box: "Connection failed. Hostname www.gentoo.org, OK"

 *nielchiano wrote:*   

> Do the same, but to tux instead of gentoo and port 22 instead of 80 (connect to the SSH daemon); Here you don't have to type the GET thing, you'll see if the server answers
> 
> 

 

2. Start --> Run --> Telnet

Open connection to tux, port 22

I got message in telent window:

"SSH-2.0-OpenSSH_3.8.1p1"

after few minutes next one

"Protocol mismatch"

and error message box:

"Connection with server broken, OK"

 :Sad: 

Regards

Maciek

----------

## nielchiano

ok, according to these results, you should be able to connect from your windows to the SSH server from tux (that was the response you saw)

Now try that with an SSH client (e.g. Putty). Does it work, why not?

Still don't know if it's windows 9x or 2000+ (to analyse the first behaviour)

----------

## msl75

Hi

Thank You for help.

 *nielchiano wrote:*   

> ok, according to these results, you should be able to connect from your windows to the SSH server from tux (that was the response you saw)
> 
> Now try that with an SSH client (e.g. Putty). Does it work, why not?
> 
> 

 

Unfortunaltely SSH from kml to tux doesn't work. I tried with Putty of course, and it simply does nothing, I mean it opens its black window and does nothig, I mean no prompt for login. When I close it - it asks if close current session. I tried also with other programs, for example ssh95 - it displays message "wrong version" when I try to connect to tux (as I wrote in my first post: ssh not works)

 *nielchiano wrote:*   

> 
> 
> Still don't know if it's windows 9x or 2000+ (to analyse the first behaviour)

 

Sorry for that, I forgot to write this: it is windows 95, and there is no possiblity to upgrade it even to 98 - too small HDD etc. I tried to install gentoo on it, but LiveCD booting hangs during recognizing HDD  :Sad: 

Regards

Maciek

----------

## nielchiano

 *msl75 wrote:*   

> it displays message "wrong version" when I try to connect to tux

 

That means it DOES work; how else would he know it's the wrong version?

I don't mean that you can SSH; I just mean that the SSH-connection (layer 4) works.

The first: You can't "see" if the connection is up by a window; you'll see a black cursor (block) blinking, that's when the connection is up. Try it again, watch for it. Then type the 

```
GET /[RETURN][RETURN]
```

Try again to connect with putty, just wait till he shows something (leave it on for an hour or so)

PS: more than an hour isn't needed, but you can always try

----------

## msl75

Hi

 *nielchiano wrote:*   

> 
> 
> That means it DOES work; how else would he know it's the wrong version?
> 
> I don't mean that you can SSH; I just mean that the SSH-connection (layer 4) works.
> ...

 

I agree with You. I feel the same. This ssh95 is very old application and it tries to connect using ssh1.0, but the sshd on tux expects ssh2.0, that's why this connection is refused with "wrong version" message.

I did what You suggested and...

 *nielchiano wrote:*   

> 
> 
> Try again to connect with putty, just wait till he shows something (leave it on for an hour or so)
> 
> 

 

I started Putty, black console has opened with green rectangle cursor (not blinking) in top left corner. I used to wait about 30 minutes and I got message box from Putty: "Putty Fatal error. Network error: Connection reset by peer, OK" When I clicked "OK", Putty got "inactive" label in titlebar.

 :Shocked: 

Maciek

----------

## nielchiano

 *msl75 wrote:*   

> Connection reset by peer

 

ahah, so there was a connection to reset! That means that the connection is established!

Still, it doesn't work... strange; I think there is nothing left than using a packet sniffer...

```
emerge tcpdump
```

on tux; then run (as root):

```
tcpdump -i eth0 -v host 1.2.3.4
```

 change 1.2.3.4 to the ip of your win machine and eth0 to the ethernet segment that host is on.

If that command is running, try to establish the putty connection; don't wait 30 minutes, just 5secs is OK then close putty and stop the packet dump (CRTL+C will do)

paste the results of tcpdump here (yes, typing them over is also OK, but don't make mistakes)

PS: if you run 

```
tcpdump -i eth0 -v host 1.2.3.4 | tee file.name
```

 the output will automaticaly be saves to file.name too!

----------

## msl75

Hi

I did exactly what You've suggested. Here are the results:

```

tux root # tcpdump -i eth0 -v host 192.168.0.2

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes

23:59:06.659912 arp who-has 192.168.0.1 tell kml.homenetwork

23:59:06.670608 arp reply 192.168.0.1 is-at 00:80:48:c6:54:80

23:59:06.660174 IP (tos 0x0, ttl  32, id 5120, offset 0, flags [DF], length: 44) kml.homenetwork.1029 > 192.168.0.1.ssh: S [tcp sum ok] 1072353:1072353(0) win 8192 <mss 1460>

23:59:06.660338 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], length: 44) 192.168.0.1.ssh > kml.homenetwork.1029: S [tcp sum ok] 1145299607:1145299607(0) ack 1072354 win 5840 <mss 1460>

23:59:06.660741 IP (tos 0x0, ttl  32, id 5376, offset 0, flags [DF], length: 40) kml.homenetwork.1029 > 192.168.0.1.ssh: . [tcp sum ok] ack 1 win 8760

23:59:06.669631 IP (tos 0x0, ttl  64, id 17563, offset 0, flags [DF], length: 64) 192.168.0.1.ssh > kml.homenetwork.1029: P 1:25(24) ack 1 win 5840

23:59:06.722008 IP (tos 0x0, ttl  32, id 5632, offset 0, flags [DF], length: 67) kml.homenetwork.1029 > 192.168.0.1.ssh: P 1:28(27) ack 25 win 8736

23:59:06.722459 IP (tos 0x0, ttl  64, id 17564, offset 0, flags [DF], length: 40) 192.168.0.1.ssh > kml.homenetwork.1029: . [tcp sum ok] ack 28 win 5840

23:59:06.774798 IP (tos 0x0, ttl  64, id 17565, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:07.030207 IP (tos 0x0, ttl  64, id 17566, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:07.536129 IP (tos 0x0, ttl  64, id 17567, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:08.547977 IP (tos 0x0, ttl  64, id 17568, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:10.571668 IP (tos 0x0, ttl  64, id 17569, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:14.619054 IP (tos 0x0, ttl  64, id 17570, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:22.713826 IP (tos 0x0, ttl  64, id 17571, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:38.903362 IP (tos 0x0, ttl  64, id 17572, offset 0, flags [DF], length: 648) 192.168.0.1.ssh > kml.homenetwork.1029: P 25:633(608) ack 28 win 5840

23:59:39.936759 IP (tos 0x0, ttl  32, id 5888, offset 0, flags [DF], length: 40) kml.homenetwork.1029 > 192.168.0.1.ssh: F [tcp sum ok] 28:28(0) ack 25 win 8736

23:59:39.938988 IP (tos 0x0, ttl  64, id 17573, offset 0, flags [DF], length: 40) 192.168.0.1.ssh > kml.homenetwork.1029: F [tcp sum ok] 633:633(0) ack 29 win 5840

23:59:39.939353 IP (tos 0x0, ttl  32, id 6144, offset 0, flags [DF], length: 40) kml.homenetwork.1029 > 192.168.0.1.ssh: . [tcp sum ok] ack 25 win 8736

19 packets captured

19 packets received by filter

0 packets dropped by kernel

```

Regards

Maciek

----------

## nielchiano

hmm..... verrry strange;

the connection is established fine (first 5 packets; first 8 lines)

Next tux sends a packet to kml; kml ack's that and sends some data back; tux ack's that.

Then (the middle chunk) tux tries to send a packet to kml, but kml apparantly doesn't receive it... (or doesn't answer...)

It shouldn't be a firewall rule, since the connection came up, 2 packets where exchanged, but then fails.

The connection treardown succeeds again...

Just to check: you don't have anything else than plain iptables-rules? no dynamic rulesets?

You might try to do the same (packet sniffing) on the windows machine; or, even better, on an independent machine on the same ethernet segment (NOT SWITCHED, USE A HUB).

For windows machines, use ethereal (google for download). It won't print out the same way tcpdump does, but will capture the complete packets and allows you to save it. You can then take that file to tux and run

```
tcpdump -r file.name.of.windows.dump -v host 192.168.0.1
```

 This will do the same, as last post, but use the file as input.

To be clear: you need to get ethereal to capture packets, then try to setup the connection, then stop ethereal. The tcpdump afterwards is to get a descent output

----------

## nielchiano

another thing you might try: bring eth1 down 

```
ifconfig eth1 down
```

 remove all firewalling (ipconfig -F, -Z, -X and -P ACCEPT on all tables/chains)

```
iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -t mangle -F

iptables -t mangle -Z

iptables -t mangle -X 

iptables -t nat -F

iptables -t nat -Z

iptables -t nat -X

iptables -t filter -F

iptables -t filter -Z

iptables -t filter -X
```

try to reconnect ssh (kml to tux) tell me if that works

----------

## Ben2040

Hi

I don't mean to sound "Well DUH!" but have you checked the physical hardware/links?

I had a pretty similar problem and it was a broken network card - to test you could just leave ping running for a while, and check that you get 0% packet loss.

Ben

----------

## nielchiano

 *Ben2040 wrote:*   

> have you checked the physical hardware/links?

 

Could be, but I think it's unlikely, since the 2 ARP requests came through fine, the connection is set up immediately (no retries), packets are sent, no retries; then suddenly 8 retries for a packet

The connection teardown was also succesful immediately.

But it's worth checking

```
ping -c1000 ip.of.other.host
```

will ping 1000 times and give statistics at the end (if you're impatient, take 100)

----------

## msl75

Hi

1. ethereal - I downloaded it, installed, but it doesn't want to run on windows95 - I am looking for version which run on win95. When I find something I let You know.

2. bring eth1 down and remove all firewalling.

I did what You suggested. I lost connection to internet from tux, but I were still able to ping kml from tux and tux from kml.

But when I tried connect via ssh using Putty I got immadiately following message box: "Putty Error. Unable to open connection to tux.homenetwork. Host does not exist. OK".   :Shocked:  So tcpdump run on tux didn't catch anything. Please note, that ping from kml to tux was working all the time.

3. check physical hardware/links

That was a thing what I did first. I inserted to kml network card which is 100% woking (for my friend). But when I'am pinging tux from kml sometimes I didn't get 0% packet loss - a few packet was lost. I will put here for some time a stats for 1000 packets. But, as nielchiano said, there is some transfer between tux and kml, ping is working, so it is not a network cards problem, I guess.

Regards

Maciek

----------

## nielchiano

 *msl75 wrote:*   

> 2. bring eth1 down and remove all firewalling.
> 
> I did what You suggested. I lost connection to internet from tux, but I were still able to ping kml from tux and tux from kml.
> 
> But when I tried connect via ssh using Putty I got immadiately following message box: "Putty Error. Unable to open connection to tux.homenetwork. Host does not exist. OK".   So tcpdump run on tux didn't catch anything. Please note, that ping from kml to tux was working all the time.

 

try to connect using IP addresses instead of hostnames; you might have already tried this.

----------

## msl75

Hi

I tell You what. This is strange. I couldn't get eth1 up, so I rebooted tux. Now I have eth1 up and access to internet, but I can't still connect to tux from kml via Putty (like it was earlier) I still get strange messages. When I give tux by name I got that "host doesn't exist" and when I give tux by IP: 192.168.0.1 I got message "Putty error. Unable to open connection to 192.168.0.1. Network error: Socet type not supported. OK" No idea what it is. Ping is still working.

I have found ethereal version which runs for me on windows95, so I am ready to catch some packets, but putty doesn't want to find tux anymore.  :Sad: 

I checked if I have any dynamic rulesets or something like that - the answer is no, I don't have. Only these plain rules, what I've send in my first post.

Regards

Maciek

----------

## nielchiano

 *msl75 wrote:*   

> Network error: Socket type not supported

 

this is scary.... looks like something is realy wrong with your windows machine...

can you try another machine?

----------

## msl75

Hi

 *nielchiano wrote:*   

> this is scary.... looks like something is realy wrong with your windows machine...
> 
> can you try another machine?

 

Unfortunately not. But I have one free HDD and I can try to install something on it... Let's see... windows98 will be OK?

This is strange. About year ago I used this kml machine, because I didn't have tux yet. And I used with it this card which connects me nowadays with ISP, and it really used to work.  :Sad:  No idea what has happened. The only one thing what I've changed in kml was replacing that card with another one.

Regards

Maciek

----------

## nielchiano

cards shouln't matter; but if a regular TCP/IP socket isn't found anymore, I guess your Winsock is f*cked up.

Try switching the hard drives, install a quick Stage3 onto the the "winbox" and check out what you can do from there.

If that works, try a windows (98 will do, but doesn't matter)

----------

## msl75

Hi

 *nielchiano wrote:*   

> cards shouln't matter; but if a regular TCP/IP socket isn't found anymore, I guess your Winsock is f*cked up.
> 
> Try switching the hard drives, install a quick Stage3 onto the the "winbox" and check out what you can do from there.
> 
> If that works, try a windows (98 will do, but doesn't matter)

 

I tried install gentoo on this box week ago - it fails during booting from LiveCD 2004.2, on recognizing HDD.  :Sad:  In other case I will have gentoo installed on it. But this is really old machine, so I guess it is too old for gentoo.

I try first with windows98 - will see and let You know.

Regards

Maciek

----------

## msl75

Hello.

I would like to inform You that finally I've solved this problem (yesterday).

Because there were suggestions that cable, or/and NICs can be corrupted I've checked my cable at work - it was OK, so I supposed, that something is wrong with my cards. I borrowed two card from my friend, installed them and it starts working. The problem was, that one of those cards was ISA card (and I have had problems with PCI cards), but I decided to buy 2 new NICs (PCI). After installation nothing worked like previously. I gave up for a few days, and I've googled at this time. The result was, that I upgraded bios on this klm machine, but it didn't help, so I decided to install some drivers (I've found them on my system board manufacturer's web page) for chipset and for something else what I really have no idea what they were for (but I didn't have nothing to loose), and it helped. Everything started working.

Thank You for your time & help.

Regards

Maciek

----------

