Coming from Windows paranoia, recently loaded Kubuntu 6.06. Everything was great until I decided I should have a firewall up and running (that old paranoia). Was OK running Firestarter, but decided to try Guarddog (couldn activate properly) and even worse results with KMyFirewall. In so doing, somehow I've totally hosed internet access (iptables messed up??, I haven't a clue). Haven't the faintest idea how to resurrect my internet access without totally reloading Kubuntu. Any ideas?
							
						
					Announcement
				
					Collapse
				
			
		
	
		
			
				No announcement yet.
				
			
				
	
Help! Idiot shot self in foot.
				
					Collapse
				
			
		
	This topic is closed.
				
				
				
				
				X
X
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 You can uninstall those things from adept or synaptic.
 The following commands will reset all your iptables rules:
 
 sudo iptables -t nat -F
 sudo iptables -t nat -x
 sudo iptables -F
 sudo iptables -X
 
 I don't know if the other files leave behind any config files that would reset it on reboot though.
 
 The default install of (k)ubuntu doesn't have any services listening to stuff from the outside world, so you don't have to have a firewall unless you wish to block outgoing stuff too.
 - Top
- Bottom
 
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 Hi, same idiot here, I tried to reset my iptables rules as you described in this thread but after those commands things got much worse.
 Now I've lost completely my internet connection, can't even ping to google, the thing hangs. What can I do? please help!
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 Maybe something else got changed too then. I'll try to help, but I'll need some info:
 
 1. How do you connect to the network? (eg. dialup, ethernet with static IP, ethernet with dhcp, wifi, etc?)
 2. What's the output of:
 sudo /sbin/iptables -L
 3. What's the output of:
 cat /etc/resolv.conf
 4. What's the output of:
 sudo /sbin/ifconfig -a
 5. What's the output of:
 cat /etc/hosts
 
 That should be enough to get started...  
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 Man you're fast! Thanks for trying to help!
 
 1: I connect within ethernet via dhcp
 
 root@SCALEOp:/home/gks# iptables -L
 Chain INPUT (policy ACCEPT)
 target prot opt source destination
 
 Chain FORWARD (policy ACCEPT)
 target prot opt source destination
 
 Chain OUTPUT (policy ACCEPT)
 target prot opt source destination
 root@SCALEOp:/home/gks#
 root@SCALEOp:/home/gks#
 root@SCALEOp:/home/gks# cat /etc/resolv.conf
 search homenet.telecomitalia.it
 nameserver 192.168.1.1
 root@SCALEOp:/home/gks#
 root@SCALEOp:/home/gks#
 root@SCALEOp:/home/gks#
 root@SCALEOp:/home/gks# ifconfig -a
 eth0 Link encap:Ethernet HWaddr 00:0F:EA D:C6:8E D:C6:8E
 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:40 errors:0 dropped:0 overruns:0 frame:0
 TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:5161 (5.0 KiB) TX bytes:15506 (15.1 KiB)
 Interrupt:58 Base address:0xdead
 
 lo Link encap:Local Loopback
 inet addr:127.0.0.1 Mask:255.0.0.0
 UP LOOPBACK RUNNING MTU:16436 Metric:1
 RX packets:3 errors:0 dropped:0 overruns:0 frame:0
 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:172 (172.0 b) TX bytes:172 (172.0 b)
 
 root@SCALEOp:/home/gks# cat /etc/hosts
 127.0.0.1 localhost SCALEOp
 127.0.1.1 SCALEOp
 
 # The following lines are desirable for IPv6 capable hosts
 ::1 ip6-localhost ip6-loopback
 fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 ff02::3 ip6-allhosts
 
 Hope this might help you sort it out
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 OK. All that looks alright - you have a nameserver, have an IP address assigned to the right interface, and have no obvious iptables problems...
 
 Next step, lets try these three commands:
 /sbin/route -n
 sudo /sbin/iptables -t nat -L
 ping 192.168.1.1
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 root@SCALEOp:/home/gks# route -n
 Kernel IP routing table
 Destination Gateway Genmask Flags Metric Ref Use Iface
 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
 root@SCALEOp:/home/gks# iptables -t nat -L
 Chain PREROUTING (policy ACCEPT)
 target prot opt source destination
 
 Chain POSTROUTING (policy ACCEPT)
 target prot opt source destination
 
 Chain OUTPUT (policy ACCEPT)
 target prot opt source destination
 root@SCALEOp:/home/gks#
 root@SCALEOp:/home/gks# ping 192.168.1.1
 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=1.62 ms
 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.612 ms
 64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.631 ms
 64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.645 ms
 64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.652 ms
 64 bytes from 192.168.1.1: icmp_seq=6 ttl=64 time=0.618 ms
 
 --- 192.168.1.1 ping statistics ---
 6 packets transmitted, 6 received, 0% packet loss, time 5000ms
 rtt min/avg/max/mdev = 0.612/0.797/1.629/0.373 ms
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 Heh. You're sure this isn't working, right? 
 
 You seem to have all your routes set OK, and can reach your nameserver/gateway just fine.
 
 Try:
 ping kubuntuforums.net
 if that fails, try
 ping 66.135.37.25
 (which is the same machine, in case it's a nameserver problem you have).
 
 You can also try
 tracepath kubuntuforums.net
 if those commands don't seem to work, to see where your net access stops.
 
 Try opening a page in konqueror too, and making sure you're not looking at a cached copy (F5 or click the reload icon). If that's not working, maybe you have a proxy problem.
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 Yes, it's not working and it is strange cause it worked perfectly 1hour ago and after i messed up with the iptables it won't work anymore.
 
 None of these command works (ping, tracepath,konqueror), it just stays idle....I don't understand!
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 When you try to ping kubuntuforums.net, do you get the first line:
 PING kubuntuforums.net (66.135.37.25) 56(84) bytes of data.
 ?
 If you did, it would show that your name server is resolving OK.
 The tracepath command might take a while, since it tries to resolve the names of each step between you and the target.
 
 It's possible you have a firewall problem on your 192.168.1.1 machine that is blocking traffic from this machine, but you don't seem to have any network problem on this machine - the network is all set up, and appears to be working (since ping 192.168.1.1 works). The only thing I can think of that isn't ruled out yet is the name resolution.
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 Well, as far as I can tell, it's name lookup that's causing your problems. ping is appearing to freeze because it's taking a long time to look up the name.
 
 Try:
 
 dig @192.168.1.1 kubuntuforums.net
 
 (It will probably take a while, the timeout is probably a minute or more.)
 
 Is 192.168.1.1 another of your own linux machines? or an embedded router? Do you have a /etc/resolv.conf on that machine?
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 The dig won't work either:
 ; <<>> DiG 9.3.2 <<>> @192.168.1.1 kubuntuforums.net
 ; (1 server found)
 ;; global options: printcmd
 ;; connection timed out; no servers could be reached
 
 I did something clever I think, I run the ubuntu live cd (net used to work) and it seems that it doesn't any more. Right now I have internet only under windows and don't ask me why...
 
 192.168.1.1 is my router (no firewall)
 No other machines...
 
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 In windows, do you have the same ip address and nameserver configured? I'm afraid I forget how to get the nameserver windows is using...
 
 What I'm thinking is that either your router allocates a different IP, and then won't permit that IP to use the DNS, or that you've got a different nameserver configured in windows, rather than picking it up off the DHCP info, so windows is using that instead.
 - Top
- Bottom
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Re: Help! Idiot shot self in foot.
 
 Yes, windows settings are identical, same nameserver, ip address.
 
 I just don't believe it's a coincidence that my connection broke up exactly when i was messing with the iptables......ahh, it's driving me nuts!
 - Top
- Bottom
 Comment
Users Viewing This Topic
				
					Collapse
				
			
		
	There are 0 users viewing this topic.




Comment