Gentoo box can't cURL or ping after restarting net.eth1
- by Curlybraces
Hi all, the following is completely baffling me. We currently have a gentoo box which acts as our LAMP, DNS, DHCP server. This is assigned a static IP on the network. This server is connected directly to the internet via a BT BusinessHub Router. The server is also connected to a patch panel/switch port which connects the remaining office (around 10 PC's) to the server.
Everything has been plain sailing until the other day when the server was restarted. For some reason now only portions of network accessibility is available depending on which ethernet device was last restarted. Restarting net.eth0 allows the office server to cURL, ping, etc but stops all networked PC's from accessing the internet. Then restarting net.eth1 restores all internet to the network but stops the server from curling, pinging, etc again.
However, even when the server can't ping, curl, etc, I can still remote SSH and remote MySQL connect from the server command line to other external servers that we own.
Here's my route map (router is 192.168.1.254):
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
Here's my /etc/conf.d/net:
iface_eth0="192.168.1.99 broadcast 192.168.1.255 netmask 255.255.255.0"
iface_eth1="dhcp"
None of the above have ever been changed however. Things have just ceased to operate correctly, which makes me think it's a freshly added Iptables rule. Here's the Iptables Filter table:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- ##.##.##.## anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:2199
ACCEPT tcp -- anywhere anywhere tcp dpt:3199
ACCEPT tcp -- ##.###.###.## anywhere tcp dpt:http
ACCEPT tcp -- ###.###.##.## anywhere tcp dpt:2199
ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:http
ACCEPT tcp -- ##.###.##.## anywhere tcp dpt:http
ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:3128
ACCEPT udp -- ##.###.###.### anywhere udp dpt:3128
ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:http
ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:https
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere ##.###.###.##
DROP all -- anywhere ##.###.###.##
ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:2199
ACCEPT udp -- anywhere anywhere udp spt:4817
ACCEPT udp -- anywhere anywhere udp spt:4819
ACCEPT udp -- anywhere anywhere udp spt:3199
Help gratefully appreciated.