[gelöst]rp-pppoe und open SuSe 10.2

Remad · 17 Aug. 2008

Hallo Leute,
ich installierte OpenSuSe 10.2 auf einem Rechner. Eth1 ist ans DSL-Modem angeschlossen und eth0 ist mit 192.168.0.1 konfiguriert und an einem Switch angeschlossen. Rp-pppoe 3.10 wurde ins System installiert und funktioniert mit der Einwahl. Der Pingtest zeigt Ergebnisse: Verbunden mit dem Internet.

Nun kommt das große Aber. Der Clientrechner ist mit 192.168.0.2 adressiert. Er bekommt keinen ping zum Linuxrechner und der Linuxrechner ebenfalls keinen ping vom Client, obwohl physikalisch die Verbindungen stehen. Selbst bei der installation wurden beide Netzwerkkarten verwendet und erfolgreich gebraucht.

Normalerweise sollte mit der Installation des RP-PPPOEs alles funktionieren, aber es funktioniert kein Routing. Wie kann ich es lösen oder hatte jemand das gleiche Problem?

Vielen Dank im Vorraus.

framp · 17 Aug. 2008

Kann das sein dass Du extern und intern bei der SuSEFW verwechselt hast und dem Internet trustest und Dich vor dem lokalen Netz schützt? :schockiert: . Wenn ja, ist es die Lösung des Problems .... und Du solltest das schnellstens umstellen :roll:

Remad · 17 Aug. 2008

Das scheint es nicht zu sein.
Selbst die Wiki von dieser Seite geht nicht mal auf die etwas kompliziertere Einstellungen der Firerwall ein. Die rp-pppoe wiki ist veraltet.

framp · 17 Aug. 2008

Deaktiviere doch mal kurz die Firewall und versuche einen Ping. Dann wissen wir ob es an der FW liegt bzw können diese ausschliessen.

Remad · 27 Aug. 2008

Nachdem Austausch einer Netzwerkkarte und aAktivierung per ifconfig, erhalte ich am Linux-Rechner Ping nach außen und ins interne Netzwerk. Das interne Netz kann den Linux-Rechner anpingen. Das Problem ist: Ich erhalte keinen Ping zum DNS-Server (DNS meines ISP) über die Rechner im internen Netzwerk.
Es sieht danach aus, als ob sich die SuSeFirewall und RP-PPPOE-Firewall gegenseitig blockieren. Wie kann ich das aufheben? Was ist zu machen. Dazu gibt es in eurer Wiki kein Tutorial.

MfG
Remad

Remad · 30 Aug. 2008

Hier einige Daten:

Linuxrechner als Router mit DSL-Modem
remad:~ # ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.277 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.339 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.352 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.353 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.356 ms

--- localhost ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4086ms
rtt min/avg/max/mdev = 0.277/0.335/0.356/0.033 ms

remad:~ # ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.277 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.339 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.352 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.353 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.356 ms

--- localhost ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4086ms
rtt min/avg/max/mdev = 0.277/0.335/0.356/0.033 ms

ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.213 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.316 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.356 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.308 ms

--- 127.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.213/0.298/0.356/0.053 ms

ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.181 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.344 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=0.279 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=0.318 ms

--- 192.168.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3029ms
rtt min/avg/max/mdev = 0.181/0.280/0.344/0.064 ms
remad:~ # ping 192.168.0.5
PING 192.168.0.5 (192.168.0.5) 56(84) bytes of data.
64 bytes from 192.168.0.5: icmp_seq=1 ttl=128 time=0.235 ms
64 bytes from 192.168.0.5: icmp_seq=2 ttl=128 time=0.446 ms
64 bytes from 192.168.0.5: icmp_seq=3 ttl=128 time=0.435 ms
64 bytes from 192.168.0.5: icmp_seq=4 ttl=128 time=0.451 ms

--- 192.168.0.5 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.235/0.391/0.451/0.093 ms

remad:~ # ping remad.local PING remad.local (192.168.0.1) 56(84) bytes of data.
64 bytes from remad.local (192.168.0.1): icmp_seq=1 ttl=64 time=0.151 ms
64 bytes from remad.local (192.168.0.1): icmp_seq=2 ttl=64 time=0.326 ms
64 bytes from remad.local (192.168.0.1): icmp_seq=3 ttl=64 time=0.347 ms
64 bytes from remad.local (192.168.0.1): icmp_seq=4 ttl=64 time=0.338 ms
64 bytes from remad.local (192.168.0.1): icmp_seq=5 ttl=64 time=0.350 ms

--- remad.local ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.151/0.302/0.350/0.077 ms

remad:~ # ping 195.135.220.3
PING 195.135.220.3 (195.135.220.3) 56(84) bytes of data.
64 bytes from 195.135.220.3: icmp_seq=1 ttl=54 time=40.4 ms
64 bytes from 195.135.220.3: icmp_seq=2 ttl=54 time=39.8 ms
64 bytes from 195.135.220.3: icmp_seq=3 ttl=54 time=40.2 ms
64 bytes from 195.135.220.3: icmp_seq=4 ttl=54 time=40.1 ms
64 bytes from 195.135.220.3: icmp_seq=5 ttl=54 time=40.0 ms
64 bytes from 195.135.220.3: icmp_seq=6 ttl=54 time=40.4 ms

--- 195.135.220.3 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5105ms
rtt min/avg/max/mdev = 39.857/40.193/40.483/0.318 ms

remad:~ # ping www.suse.de
PING turing.suse.de (195.135.220.3) 56(84) bytes of data.
64 bytes from turing.suse.de (195.135.220.3): icmp_seq=1 ttl=54 time=39.9 ms
64 bytes from turing.suse.de (195.135.220.3): icmp_seq=2 ttl=54 time=40.6 ms
64 bytes from turing.suse.de (195.135.220.3): icmp_seq=3 ttl=54 time=40.4 ms
64 bytes from turing.suse.de (195.135.220.3): icmp_seq=4 ttl=54 time=39.7 ms

--- turing.suse.de ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 39.711/40.188/40.662/0.385 ms

00:09.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139 C+ (rev 10)
00:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139 C+ (rev 10)

remad:~ # ip addr
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:0c:24:df brd ff:ff:ff:ff:ff:ff
inet6 fe80::2e0:4cff:fe0c:24df/64 scope link
valid_lft forever preferred_lft forever
3: eth3: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:0c:25:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth3
inet6 fe80::2e0:4cff:fe0c:254a/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 87.122.169.190 peer 62.214.64.172/32 scope global ppp0

remad:~ # routel main
target gateway source proto scope dev tbl
62.214.64.172 87.122.169.190 kernel link ppp0
192.168.0.0/ 24 192.168.0.1 kernel link eth3
169.254.0.0/ 16 link eth3
127.0.0.0/ 8 link lo
default link ppp0

nameserver 62.72.64.237
nameserver 62.72.64.241

remad:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
input_int 0 -- anywhere anywhere
input_ext 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
forward_int 0 -- anywhere anywhere
forward_ext 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
DROP 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
DROP 0 -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
DROP 0 -- anywhere anywhere

Chain forward_int (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
DROP 0 -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
reject_func 0 -- anywhere anywhere

Chain input_ext (1 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP 0 -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP 0 -- anywhere anywhere

Chain input_int (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere

Chain reject_func (2 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-proto-unreachable

remad:~ # iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

remad:~ # cat /proc/sys/net/ipv4/ip_forward
1

remad:~ # SuSEfirewall2 start
SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: batch committing...
iptables-batch v1.3.6: invalid port/service `192.168.0.255' specified
Try `iptables-batch -h' or 'iptables-batch --help' for more information.
SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
iptables v1.3.6: invalid port/service `192.168.0.255' specified
Try `iptables -h' or 'iptables --help' for more information.
SuSEfirewall2: Firewall rules successfully set

Client-Rechner sind Windoofs:
===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...00 30 1b 41 f0 91 ...... SiS191 1000/100/10 Ethernet Device - Paketplaner-Miniport
===========================================================================
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Anzahl
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.5 192.168.0.5 20
192.168.0.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.5 192.168.0.5 20
224.0.0.0 240.0.0.0 192.168.0.5 192.168.0.5 20
255.255.255.255 255.255.255.255 192.168.0.5 192.168.0.5 1
Standardgateway: 192.168.0.1
===========================================================================
St„ndige Routen:
Keine

Windows-IP-Konfiguration

Hostname. . . . . . . . . . . . . : ShuttleRemySS31T

Primäres DNS-Suffix . . . . . . . :

Knotentyp . . . . . . . . . . . . : Hybrid

IP-Routing aktiviert. . . . . . . : Nein

WINS-Proxy aktiviert. . . . . . . : Nein

Ethernetadapter LAN-Verbindung:

Verbindungsspezifisches DNS-Suffix:

Beschreibung. . . . . . . . . . . : SiS191 1000/100/10 Ethernet Device

Physikalische Adresse . . . . . . : 00-30-1B-41-F0-91

DHCP aktiviert. . . . . . . . . . : Nein

IP-Adresse. . . . . . . . . . . . : 192.168.0.5

Subnetzmaske. . . . . . . . . . . : 255.255.255.0

IP-Adresse. . . . . . . . . . . . : fe80::230:1bff:fe41:f091%4

Standardgateway . . . . . . . . . : 192.168.0.1

DNS-Server. . . . . . . . . . . . : 62.72.64.237

62.72.64.241

192.168.0.1

192.168.0.3

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Tunneladapter Teredo Tunneling Pseudo-Interface:

Verbindungsspezifisches DNS-Suffix:

Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physikalische Adresse . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

DHCP aktiviert. . . . . . . . . . : Nein

IP-Adresse. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Standardgateway . . . . . . . . . :

NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Tunneladapter Automatic Tunneling Pseudo-Interface:

Verbindungsspezifisches DNS-Suffix:

Beschreibung. . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physikalische Adresse . . . . . . : C0-A8-00-05

DHCP aktiviert. . . . . . . . . . : Nein

IP-Adresse. . . . . . . . . . . . : fe80::5efe:192.168.0.5%2

Standardgateway . . . . . . . . . :

DNS-Server. . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Tooltime · 1 Sep. 2008

Ist in der Firewall Masquerading aktiviert? Ist die Linuxvariante von NAT.

Remad · 1 Sep. 2008

IP-Weiterleitung (Masquerading) ist aktiviert.
RP-PPPoe ist genauso auf Masquerading eingestellt (Die Einstellung 2).

Wie ich schon mal schrieb aktiviert RP-PPPoE seine eigenen Firewall-Scripts, also keine von der Distribution openSuSe. Könnte es daran liegen?

Ich vermute schon, weil Yast meldet beim Einstellen der Firewall, dass schon eine andere aktiv sei.

MfG
Remad

framp · 1 Sep. 2008

iptables-batch v1.3.6: invalid port/service `192.168.0.255' specified
Try `iptables-batch -h' or 'iptables-batch --help' for more information.
SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
iptables v1.3.6: invalid port/service `192.168.0.255' specified
Try `iptables -h' or 'iptables --help' for more information.

Da stimmt was nicht. Poste mal die Ausgabe von

Code:

cat /etc/sysconfig/SuSEfirewall2  |  grep -v "^#" | grep -v "^$"

und

Code:

iptables -L -vn

Remad · 1 Sep. 2008

Hallo Framp,
ich werde dir die Angaben posten,
sobald ich nicht mehr in der BS sitze.

Wir kommen dem Problem näher.

Tooltime · 1 Sep. 2008

Remad schrieb:
IP-Weiterleitung (Masquerading) ist aktiviert.
RP-PPPoe ist genauso auf Masquerading eingestellt (Die Einstellung 2).

Wie ich schon mal schrieb aktiviert RP-PPPoE seine eigenen Firewall-Scripts, also keine von der Distribution openSuSe. Könnte es daran liegen?

Ich vermute schon, weil Yast meldet beim Einstellen der Firewall, dass schon eine andere aktiv sei.

MfG
Remad

Es sollte nur eine Firewall laufen und die SuSE-Firewall dürfte besser an das System angepasst sein. Daher rate ich dazu die Firewall von rp-pppoe zu deaktivieren, das ist eigentlich der Standart unter SuSE. Daher habe ich auch den ersten Hinweis auf die Firewall von pppoe ignoriert, man muss sich eigentlich schon Mühe geben um sie zu aktivieren.

Auszug /etc/ppp/pppoe.conf:

# Firewalling: One of NONE, STANDALONE or MASQUERADE
FIREWALL=NONE

Tooltime · 1 Sep. 2008

Was ich noch vergessen habe, benutzt du als Topleveldomäne .local? SuSE verwendet seit 9.1 nicht ohne Grund die Topleveldomäne .site für lokale Netze. Die TLD .local besitzt eine spezielle Bedeutung, daher meine Frage, benutzt du die TLD .local
a)
aus alter Gewohnheit?
b)
weil du eine Namensauflösung per Multicast benutzt?

Remad · 1 Sep. 2008

Erst mal Antwort auf deine Frage. Ich nutze local leider aus Gewohnheit. Das lernte ich so in der Berufsschule. Das wird heute auf site geändert.

Trotzdem muss ich Framp noch aufzeichnen, was bei seiner Syntax geschieht.

Remad · 13 Sep. 2008

Code:

remad:~ # cat /etc/sysconfig/SuSEfirewall2  |  grep -v "^#" | grep -v "^$"
FW_DEV_EXT="eth-id-00:e0:4c:0c:24:df"
FW_DEV_INT="eth-id-00:e0:4c:0c:25:4a"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP="ssh"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT=""
FW_SERVICES_DMZ_TCP="ssh"
FW_SERVICES_DMZ_UDP="bootpc"
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_REJECT_EXT="0/0,tcp,113"
FW_SERVICES_ACCEPT_EXT=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG_LIMIT=""
FW_LOG=""
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT="192.168.0.255"
FW_ALLOW_FW_BROADCAST_INT="192.168.0.255"
FW_ALLOW_FW_BROADCAST_DMZ="192.168.0.255"
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="yes"
FW_IGNORE_FW_BROADCAST_DMZ="yes"
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES=""
FW_REJECT=""
FW_REJECT_INT="yes"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES=""
FW_FORWARD_ALWAYS_INOUT_DEV=""
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_DMZ=""

remad:~ # iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0
  175 13079 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    2   292 input_int  0    --  eth3   *       0.0.0.0/0            0.0.0.0/0
    0     0 input_ext  0    --  eth2   *       0.0.0.0/0            0.0.0.0/0
   21  2764 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
   22  2812 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   144 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    3   144 forward_int  0    --  eth3   *       0.0.0.0/0            0.0.0.0/0
    0     0 forward_ext  0    --  eth2   *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0
  185 20963 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '

Chain forward_ext (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 code 2
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 5
    0     0 ACCEPT     0    --  *      eth2    0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     0    --  eth2   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT-INV '
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain forward_int (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 code 2
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 5
    0     0 ACCEPT     0    --  *      eth2    0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     0    --  eth2   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
    3   144 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT-INV '
    3   144 reject_func  0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain input_ext (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 code 2
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 5
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
    0     0 reject_func  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 state NEW
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV '
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain input_int (1 references)
 pkts bytes target     prot opt in     out     source               destination
    2   292 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject_func (2 references)
 pkts bytes target     prot opt in     out     source               destination
    3   144 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
    0     0 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable

Das zeigt er an. Da fehlen Definitiv die Routing IPs. Von Wo nach Wo, na ja eigentlich klar von 192.168.0.1 zu 192.168.0.2 -192.168.0.254

framp · 14 Sep. 2008

FW_ALLOW_FW_BROADCAST_EXT="192.168.0.255"
FW_ALLOW_FW_BROADCAST_INT="192.168.0.255"
FW_ALLOW_FW_BROADCAST_DMZ="192.168.0.255"

Das ist der Grund für die Fehlermeldung. Das dürfen nur ports stehen und keine IP Adressen. Ich frage mich auch was Du damit bezwecken willst. Ich glaube nicht dass Du das brauchst.

ich installierte OpenSuSe 10.2 auf einem Rechner. Eth1 ist ans DSL-Modem angeschlossen und eth0 ist mit 192.168.0.1 konfiguriert und an einem Switch angeschlosse

aber

2 292 input_int 0 -- eth3 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0

d.h. Du benutzt eth3 für das interne Netz und eth2 für das DSL modem - nicht eth0 und eth1.
Und dann

FW_DEV_EXT="eth-id-00:e0:4c:0c:24:df"
FW_DEV_INT="eth-id-00:e0:4c:0c:25:4a"

Irgendwie passt da was nicht mit den Interfaces.

Rufe doch bitte mal dieses Script auf dem LinuxRouter auf und poste die Ausgabe der LogDatei auf phpfi. Bitte das Script mit dem Parameter -l (kleines l wie long) aufrufen so dass noch weitere Infos gesammelt werden, also

Code:

./collectNWData.sh -l

.
Dann kann man besser sehen was auf der Kiste denn nun konfiguriert ist.

Remad · 14 Sep. 2008

Hallo framp,
komischerweise trug das Script der Firewall
den Broadcast ein.

Die Firewall von pppoe ist deaktiviert,
damit es zu keinem Konflik kommt.

Das Script werde ich dir einabuen
und ausführen. Dann noch mal das
Ergebnis posten.

Bis denne

Remad · 14 Sep. 2008

Code:

collectNWData.sh V0.6.1.4-1
--- Which type of your network connection should be tested?
--- (1) Wired connection
--- What's the type of networktopology?
--- (3) DSL modem <---> LinuxRouter <---> LinuxClient
--- On which host is the script executed?
--- (2) LinuxRouter
!!! CND0230W: IPV6 enabled
!!! CND0310W: Classic network configuration with ifup was detected. Configuration with knetworkmanager is much easier
--- 2 warnings detected
--- Go to http://www.linux-tips-and-tricks.de/CND to get more detailed instructions about the error/warning messages and how to fix the problems
--- If you still don't have success then post the contents of file /root/collectNWData.txt in your favorite Linux forum or post contents on phpfi.com and then post the link to phpfi.com in your favorite forum
==================================================================================================================
==================================================================================================================
*** uname -a
Linux remad 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 i686 i686 i386 GNU/Linux
==================================================================================================================
*** SuSE release
openSUSE 10.2 (i586)
VERSION = 10.2
==================================================================================================================
*** /etc/resolv
nameserver 62.72.64.237
nameserver 62.72.64.241
==================================================================================================================
*** /etc/hosts
127.0.0.1       localhost
192.168.0.1     remad.site
192.168.1.1     remad.site remad
==================================================================================================================
*** route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
62.214.64.172   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth3
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth2
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
==================================================================================================================
*** arp
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.5              ether   00:30:1B:41:F0:91   C                     eth3
==================================================================================================================
*** ifconfig
eth2      Link encap:Ethernet  HWaddr 00:E0:4C:0C:24:DF  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:4cff:fe0c:24df/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:51 errors:0 dropped:0 overruns:0 frame:0
          TX packets:159 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7602 (7.4 Kb)  TX bytes:17975 (17.5 Kb)
          Interrupt:11 Base address:0x2000 
eth3      Link encap:Ethernet  HWaddr 00:E0:4C:0C:25:4A  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:4cff:fe0c:254a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:357 errors:0 dropped:0 overruns:0 frame:0
          TX packets:326 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:109403 (106.8 Kb)  TX bytes:37808 (36.9 Kb)
          Interrupt:5 Base address:0xa000 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5688 (5.5 Kb)  TX bytes:5688 (5.5 Kb)
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:87.122.149.204  P-t-P:62.214.64.172  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:4800 (4.6 Kb)  TX bytes:4742 (4.6 Kb)
==================================================================================================================
*** ping tests
Ping of 195.135.220.3 OK
Ping of www.suse.de OK
==================================================================================================================
*** PCI devices
00:09.0 Ethernet controller [Class 0200]: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ [10ec:8139] (rev 10)
00:0a.0 Ethernet controller [Class 0200]: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ [10ec:8139] (rev 10)
==================================================================================================================
*** USB devices
Bus 001 Device 001: ID 0000:0000  
==================================================================================================================
*** List of loaded modules
| 8139too                 | aamatch_pcre            | ac                      | af_packet                |
| agpgart                 | apparmor                | battery                 | bsd_comp                 |
| button                  | cdrom                   | crc_ccitt               | dm_mod                   |
| edd                     | ext3                    | fan                     | gameport                 |
| i2c_core                | i2c_viapro              | ide_cd                  | ide_core                 |
| ide_disk                | ip6_tables              | ip6t_REJECT             | ip6table_filter          |
| ip6table_mangle         | ip_conntrack            | ip_nat                  | ip_tables                |
| ipt_LOG                 | ipt_MASQUERADE          | ipt_REJECT              | ipt_TCPMSS               |
| iptable_filter          | iptable_mangle          | iptable_nat             | ipv6                     |
| jbd                     | loop                    | lp                      | mbcache                  |
| mii                     | nfnetlink               | parport                 | parport_pc               |
| pci_hotplug             | ppp_async               | ppp_generic             | ppp_synctty              |
| processor               | shpchp                  | slhc                    | snd                      |
| snd_ac97_bus            | snd_ac97_codec          | snd_ens1371             | snd_mixer_oss            |
| snd_page_alloc          | snd_pcm                 | snd_pcm_oss             | snd_rawmidi              |
| snd_seq                 | snd_seq_device          | snd_seq_midi            | snd_seq_midi_event       |
| snd_timer               | soundcore               | thermal                 | uhci_hcd                 |
| usbcore                 | via82cxxx               | via_agp                 | x_tables                 |
| xt_limit                | xt_pkttype              | xt_state                | xt_tcpudp                |
==================================================================================================================
*** cat /etc/sysconfig/network/ifcfg-[earwd]* | egrep -v ".*=''"
==================================================================================================================
*** cat /etc/sysconfig/network/ifcfg-eth-id-00:e0:4c:0c:24:df
BOOTPROTO='static'
IPADDR='192.168.1.1'
NAME='Realtek RT8139'
NETMASK='255.255.255.0'
STARTMODE='auto'
UNIQUE='mY_N.IQxIdIhhuH7'
USERCONTROL='no'
_nm_name='bus-pci-0000:00:09.0'
==================================================================================================================
*** cat /etc/sysconfig/network/ifcfg-eth-id-00:e0:4c:0c:25:4a
BOOTPROTO='static'
IPADDR='192.168.0.1'
NAME='Realtek RT8139'
NETMASK='255.255.255.0'
STARTMODE='auto'
UNIQUE='DkES.IQxIdIhhuH7'
USERCONTROL='no'
_nm_name='bus-pci-0000:00:0a.0'
==================================================================================================================
*** NWEliza states
IF:eth2  IP:192.168.1.1 IM:1
IF:eth3  IP:192.168.0.1 IM:1
DI:2 dI:2 NIC:0 cNiC:1:0 NIC:0 cNiC:2:0 NI:0 cNI:0 PNG:0 DNS:0 MTU:0 NISS:0 IP6:1 KM:0 WLW: 0

framp · 25 Sep. 2008

Der Router sieht OK aus. Lass das Script noch mal auf dem Client laufen und poste die AusgabeDatei.

Remad · 25 Sep. 2008

Der Client ist ein Windows und korrekt eingerichtet. Das ist es ja, was mir zu denken gibt. Bei Suse Linux 9.0 keine Probleme mit erneuerten RP-PPPoe nur bei Suse Linux 10.2 tritt das Problem auf.

framp · 25 Sep. 2008

Stimmt ... das waren ja WIndowsBoxen. Ich kann nichts auffälliges sehen. Allerdings steht eine Netzwerkverbindung zwischen 192.168.0.1 und 192.168.0.5 denn arp erkennt die 192.168.0.5 und es lief auch Netzwerktraffic über eth3 (rcv/xmt counter > 0).

Versuch doch mal folgendes:

1) ppp Verbindung beender
2) rcSuSEFirewall stop (Firewall auschalten)
3) iptables -L -vn sollte sehr kurz sein
4) ping von 192.168.0.1 nach 192.168.0.5 probieren und umgekehrt

[gelöst]rp-pppoe und open SuSe 10.2

Member

Moderator

Member

Moderator

Member

Member

Advanced Hacker

Member

Moderator

Member

Advanced Hacker

Advanced Hacker

Member

Member

Moderator

Member

Member

Moderator

Member

Moderator