eth1 receives, no transmit.

[hawaiiman]

I have 10.04 running on a school server. Things worked fine for 6 months, then eth1 stopped working so LAN has no web access. eth0 is dhcp from adsl router with range limited to 192.168.1.10. eth1 is static at 10.10.0.1 255.255.255.0 . I have made a couple of attempts to add network firewall, and suspect that ip tables rules have gotten messed up. I purged cherokee/apache and webmin. When the server initially starts, eth1 will receive ok and transmit a little, but then quickly shuts down transmit of packets. LAN hosts (windows) ipconfig /all lists no gateway and a 169...... ip number instead of 10.10.0.10-10.10.0.150.

[Kujua]

Can you flush all iptables rules and see if that works? If it does then we can check what's wrong with your firewall.

Code:

iptables -F
iptables -F -t nat

[hawaiiman]

Good idea. FYI eth0 is working both ways. I have another project I'm doing to stream a live webcam feed from my laptop to our website. I have added a rule forwarding to eth0 this was required to get our LAN on eth1 10.10.0.1 to access the internet. I'm at home right now. nearly bedtime here (GMT +7 hours). I'll get on the server tomorrow. In the mean time what is the next step after flushing so I can report back with some results?

[Kujua]

If you are sure that the problem is caused by the firewall rules, post them here so that everyone can have a look:

Code:

iptables -L -nv
iptables -L -nv -t nat

If you have other working firewall rules which you don't want to loose, take a backup before you flush the rules:

Code:

iptables-save > rules

To restore the saved rules:

Code:

iptables-restore < rules

And after flushing the rules remember to add some required rules back. Otherwise internet access from LAN will fail. I forgot to mention this in my earlier post.

Code:

#flushing the existing rules
iptables -F
iptables -F -t nat

#Allow packets from eth1 destined to the server. Required for DHCP.
iptables -A INPUT -i eth1 -j ACCEPT

#Allow forwarding
iptables -A FORWARD -j ACCEPT

#Add the NAT rule
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

With these rules in place you should be able to ping an IP address on the internet from a machine on LAN behind your server:

Code:

ping 8.8.8.8

If that is working, then we can discuss building your firewall.

[hawaiiman]

Thanks very much. Yes, the rules you listed are there, currently. Obviously, I am not qualified to be a net-admin, but I'm all the school has at this point. Our biggest issues, now that the network is fairly reliable, is control of student access. At first I thought a firewall was the answer. After a long process of formatting public clients, and installing fresh OS, I've discovered Deep Freeze. I think it will go a long way towards cleaning things up. I also am looking at Apache/Cherokee mostly for traffic management. A lightweight firewall is certainly important too. Just trying to give a broader view, as it seems that there are compatibility issues between certain packages. I'l be at school in a few hours and do as you suggest, then post results.

[Kujua]

Use UFW to setup firewall if you are not well-versed in iptables. Or GUFW if you need a GUI.

[hawaiiman]

done, and re-boot, but no change. BTW I also added eth3 which is currently named as the LAN interface in interfaces. I also entered

iptables -A INPUT -i eth3 -j ACCEPT
I am actively receiving packets on eth3 from client, but after initial 14.1 bytes nothing is being transmitted. client is not getting ip

[hawaiiman]

As our no-ip service also stopped, I did a port check on "can you see me" shows port 80 and 22 not open, although both are forwarded for tcp/udp in router

[Kujua]

Can you post your firewall rules here?

done, and re-boot, but no change.

Try without rebooting after you make changes to firewall rules as per previous posts. Because the rules will not be saved automatically.

[hawaiiman]

As our no-ip service also stopped, I did a port check on "can you see me" shows port 80 and 22 not open, although both are forwarded for tcp/udp in router