Re: Help! Idiot shot self in foot.

You can uninstall those things from adept or synaptic.
The following commands will reset all your iptables rules:

sudo iptables -t nat -F
sudo iptables -t nat -x
sudo iptables -F
sudo iptables -X

I don't know if the other files leave behind any config files that would reset it on reboot though.

The default install of (k)ubuntu doesn't have any services listening to stuff from the outside world, so you don't have to have a firewall unless you wish to block outgoing stuff too.

Re: Help! Idiot shot self in foot.

Hi, same idiot here, I tried to reset my iptables rules as you described in this thread but after those commands things got much worse.
Now I've lost completely my internet connection, can't even ping to google, the thing hangs. What can I do? please help!

Re: Help! Idiot shot self in foot.

Maybe something else got changed too then. I'll try to help, but I'll need some info:

1. How do you connect to the network? (eg. dialup, ethernet with static IP, ethernet with dhcp, wifi, etc?)
2. What's the output of:
sudo /sbin/iptables -L
3. What's the output of:
cat /etc/resolv.conf
4. What's the output of:
sudo /sbin/ifconfig -a
5. What's the output of:
cat /etc/hosts

That should be enough to get started...

Re: Help! Idiot shot self in foot.

Man you're fast! Thanks for trying to help!

1: I connect within ethernet via dhcp

root@SCALEOp:/home/gks# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@SCALEOp:/home/gks#
root@SCALEOp:/home/gks#
root@SCALEOp:/home/gks# cat /etc/resolv.conf
search homenet.telecomitalia.it
nameserver 192.168.1.1
root@SCALEOp:/home/gks#
root@SCALEOp:/home/gks#
root@SCALEOp:/home/gks#
root@SCALEOp:/home/gks# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0F:EAD:C6:8E
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5161 (5.0 KiB) TX bytes:15506 (15.1 KiB)
Interrupt:58 Base address:0xdead

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:172 (172.0 b) TX bytes:172 (172.0 b)

root@SCALEOp:/home/gks# cat /etc/hosts
127.0.0.1 localhost SCALEOp
127.0.1.1 SCALEOp

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Hope this might help you sort it out

Re: Help! Idiot shot self in foot.

OK. All that looks alright - you have a nameserver, have an IP address assigned to the right interface, and have no obvious iptables problems...

Next step, lets try these three commands:
/sbin/route -n
sudo /sbin/iptables -t nat -L
ping 192.168.1.1

Re: Help! Idiot shot self in foot.

root@SCALEOp:/home/gks# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
root@SCALEOp:/home/gks# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@SCALEOp:/home/gks#
root@SCALEOp:/home/gks# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=1.62 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.612 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.631 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.645 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.652 ms
64 bytes from 192.168.1.1: icmp_seq=6 ttl=64 time=0.618 ms

--- 192.168.1.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.612/0.797/1.629/0.373 ms

Re: Help! Idiot shot self in foot.

Heh. You're sure this isn't working, right?

You seem to have all your routes set OK, and can reach your nameserver/gateway just fine.

Try:
ping kubuntuforums.net
if that fails, try
ping 66.135.37.25
(which is the same machine, in case it's a nameserver problem you have).

You can also try
tracepath kubuntuforums.net
if those commands don't seem to work, to see where your net access stops.

Try opening a page in konqueror too, and making sure you're not looking at a cached copy (F5 or click the reload icon). If that's not working, maybe you have a proxy problem.

Re: Help! Idiot shot self in foot.

Yes, it's not working and it is strange cause it worked perfectly 1hour ago and after i messed up with the iptables it won't work anymore.

None of these command works (ping, tracepath,konqueror), it just stays idle....I don't understand!

Re: Help! Idiot shot self in foot.

When you try to ping kubuntuforums.net, do you get the first line:
PING kubuntuforums.net (66.135.37.25) 56(84) bytes of data.
?
If you did, it would show that your name server is resolving OK.
The tracepath command might take a while, since it tries to resolve the names of each step between you and the target.

It's possible you have a firewall problem on your 192.168.1.1 machine that is blocking traffic from this machine, but you don't seem to have any network problem on this machine - the network is all set up, and appears to be working (since ping 192.168.1.1 works). The only thing I can think of that isn't ruled out yet is the name resolution.

Re: Help! Idiot shot self in foot.

No , I don't ,it freezes, but I get the first line when I ping the 66.135.37.25

as for the nameservers, I never touched them, they're automaticly configured

Re: Help! Idiot shot self in foot.

Well, as far as I can tell, it's name lookup that's causing your problems. ping is appearing to freeze because it's taking a long time to look up the name.

Try:

dig @192.168.1.1 kubuntuforums.net

(It will probably take a while, the timeout is probably a minute or more.)

Is 192.168.1.1 another of your own linux machines? or an embedded router? Do you have a /etc/resolv.conf on that machine?

Re: Help! Idiot shot self in foot.

The dig won't work either:
; <<>> DiG 9.3.2 <<>> @192.168.1.1 kubuntuforums.net
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached

I did something clever I think, I run the ubuntu live cd (net used to work) and it seems that it doesn't any more. Right now I have internet only under windows and don't ask me why...

192.168.1.1 is my router (no firewall)
No other machines...

Re: Help! Idiot shot self in foot.

In windows, do you have the same ip address and nameserver configured? I'm afraid I forget how to get the nameserver windows is using...

What I'm thinking is that either your router allocates a different IP, and then won't permit that IP to use the DNS, or that you've got a different nameserver configured in windows, rather than picking it up off the DHCP info, so windows is using that instead.

Re: Help! Idiot shot self in foot.

Yes, windows settings are identical, same nameserver, ip address.

I just don't believe it's a coincidence that my connection broke up exactly when i was messing with the iptables......ahh, it's driving me nuts!