[ILUG] VPND and just shoot me and put me out of my misery
kevin lyda
kevin at ie.suberic.net
Sun Jun 30 18:05:57 IST 2002
On Sun, Jun 30, 2002 at 09:45:17AM -0700, Paul O'Neil wrote:
> I've been up trying to get this piece of cheese to work for what must be
> close to 30 hours. No one has responded. This is what I got now. Everybody
> can ping everybody! I put it some foreword rules in the firewall config and
> setup my vpnd.conf. But I can't ftp from host on one private lan to what is
> the firewall/vpnd/server/ box using the internal nic ip, but i can ping it.
> How do I know I'm really ping it. And I guess there are more rules through
> iptables to allow for different port uses.
to debug problems like this you should do the following things:
log all deny rules. all of them. server and client. if a rule says
reject or deny or whatever, add -l (for ipchains, not sure what you
use for iptables).
use traceroute to see where packets go.
on a quietish network you can watch ifconfig's packet counters.
netstat is useful for both routing tables (-nr) and to see what
connections have come up (-an). the latter tool can catch the
obnoxious problem where the server's ipchains rules allow the packet
in but the client won't let it back in.
kevin
--
kevin at suberic.net that a believer is happier than a skeptic is no more to
fork()'ed on 37058400 the point than the fact that a drunken man is happier
meatspace place: inle than a sober one. the happiness of credulity is a
http://suberic.net/~kevin cheap & dangerous quality -- g.b. shaw
More information about the ILUG
mailing list