[SLL] Good Netfilter/BIND stumper
Brad Willson
bwil150n at u.washington.edu
Wed Jan 2 01:54:20 PST 2008
Hello all,
Background: two machines in HA/LB configuration using heartbeat,
ldirectord, ipvsadm, and an iptables firewall. The configuration files
were hijacked from a working installation wherein this condition does
not exist...
The problem: I can ping from outside the firewalls to any machine behind
them however pings from inside fail with 100% packet loss to systems
outside the intranet, (i.e. ping google.com).
The only rules governing icmp read as follows:
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT (at the beginning of
the chain)
-A INPUT -j REJECT --reject-with icmp-host-prohibited (at the end of the
chain followed by COMMIT)
I have cross-referenced all the normal files; /etc/hosts,
/etc/resolv.conf, /etc/nsswitch.conf, etc. to known working
configurations. Aside from dig, host, nslookup, nmap, and tcpdump; what
other tools might help me? Obviously I've missed something so I'm
asking for help, please.
Thank you!!!
--
Brad Willson, Sr. Computer Specialist
UW GeneTests, UW Box: 358735
EM: bwil150n at u.washington.edu
W: 206.221.4674, C: 425.891.2732
http://www.genetests.org
More information about the linux-list
mailing list