[lug] IPChains issue (I think)

Jason Vallery jason at vallery.net
Thu Apr 13 11:14:44 MDT 2006 

Hey all,

Wow, it's been years since I've posted to this list.  I've just recently
sort of rediscovered you all and have been actively lurking (versus passive
where the mail was just queueing up in a folder I never read).

Recently I just got some new hardware for one of the boxes I run.  The new
box (a 1U rack mount) has integrated dual nics and is running CentOS 4.3 (
2.6.9-34.106.unsupportedsmp).  I decided I wanted to take advantage of the
redundancy dual nics offers me however I'm not really clear on how things
should be setup.  This box only does WWW and DNS serving so these along with
SSH are the only services I run.   I've got IPChains setup to reject all
traffic except these core 3 services.  My dual nics are configured with
static IP addresses.  For some reason however, only traffic pointed at eth0
ever accesses the services on this box.  The traffic on eth1 never
connects.  The symptoms indicate an IPChains issue, however looking at the
rules I don't see anything that would cause this problem.

Here is the output of "iptables -L"


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_IN:'
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_IN:'
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_OUT:'
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_IN:'
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_OUT:'
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_IN:'
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_OUT:'
LOG        all  --  anywhere             anywhere            LOG level debug
prefix `BANDWIDTH_OUT:'

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:webcache
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
state NEW
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

Any thoughts?  Is there a HOW-TO out there somewhere for setting up a box
with dual nics?

Thanks
-Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20060413/47fbb7fe/attachment.html>

More information about the LUG mailing list