Linux network problem??

Printable View

March 27th, 2002, 08:11 AM
Silkk

Linux network problem??

SUP!!

Im trying to set up a linux firewall for my Lan (linux 7.1) I have 2 win2k machine behind the the linux box. I setup eth0 as the gateway for the "win" machines and eth1 for the internet on my linux box.Now all my machines can ping each other. BUt when i try to ping www.yahoo.com their is no reply- but it does say transmitted xx packets --0 packets received?? I try to surf the net and that obviously doesnt work either. Sooo i tryed to ping my ISP gateway and that works and same with their dhcp. Anybody have an idea what i forgot to setup or did worng? I also tryed nslookup and it resolves the names--- Any ideas!!! Thanks

P.S.> I just a newbie to linux :confused:
March 27th, 2002, 10:26 AM
Rewandythal

Sounds more like a problem at your ISP, if you ask me.
However, it might be worth checking your router/firewall settings just to make sure you didn't make a mistake, wrong IP address, wrong port number someplace or something...
March 27th, 2002, 11:02 AM
Focmaester

Can you give us some more info, like what kinda connection you have/ if you use a router/dhcp server etc.
March 27th, 2002, 02:38 PM
souleman

Are you trying to ping from the linux box or the win2k boxes?

If you have a dedicated connection (which it appears you do) it looks like something is wrong with you DNS lookup. Either it isn't attempting to lookup anything, or your isp is having some type of problem.
March 27th, 2002, 02:42 PM
Dome

DNS

Yeah, Dedicated connection or not, you always have to set up DNS on a linux box..... that might be your problem
March 27th, 2002, 06:18 PM
iNViCTuS

do you have a default route set on your fw?

it might be a DNS prob, but you can diagnose that quickly by pinging to an IP addy instead of a DNS name.

Your FW might also be blocking this traffic. Focmaester is right...we really need more info, but try the basics first.
March 27th, 2002, 06:27 PM
hogfly

sounds like ipforwarding is not setup on the router.........
March 28th, 2002, 01:14 AM
Silkk

Yah i got a ADSL connection to the internet.... And i can ping my linux box from my win2k box and linux to win2k, all that is fine... no i dont use a DNS or a DHCP server on my LAN but have it configured to my ISP DNS. WHen i ping www.yahoo.com it says it sent paketcs to www.yahoo.akadns.net(216.115.102.78) but no relpy and then when i try to ping an internet ip addy i get the same thing, i configured all of my sttings using "linuxconf" and DNS is pointing to my ISP DNS servers and i am using "lokkit" to configure my Firewall setting which are "medium" and i have enabled access for DHCP and WWW. I dont know really if i configured DNS other than directing it to my ISP..... How would i configure DNS and my firewall if that is that problem??? THANKS!!
March 28th, 2002, 01:25 AM
Rewandythal

You might need to enable incoming ICMP Ping if you want to receive ping results, but I'm not sure on that one... I could be (and probably am) mixing 2 things up here and getting it wrong.
March 28th, 2002, 01:46 AM
Silkk

Iam trying to ping ip addys from my linux machine i havent even tryed anything behind it yet, just want to get a connection to the internet with the linux machine first... Sooo this is exactly what is happining just with my LINUX box (i was reading over my POST and its not very clear)
1)I try to ping my self 127.0.0.1 that works
2)I try to ping machines on my LAN that works
3)I try to ping my ISP DNS server that works
4)I try to ping my ISP DHCP that works
5) nslookup www.yahoo.com that works resolves name

1)try to use netscape to surf the net DONT work
2)try to ping 216.115.102.76 (internet ip addys) DONT work sends- but no reply
3)
March 28th, 2002, 02:30 PM
iNViCTuS

Try a traceroute out to the Internet and see where it dies.

What is your default route set to on your linux box?
March 28th, 2002, 03:06 PM
Vorlin

Like Invictus said, you have to have a default route out of your machine which seems to be already there if nslookup for yahoo works. Another thing to remember is that after Amazon got blown off the map by DDOS, most major sites turned off ICMP inbound so you can't ping them. Make sure /etc/resolv.conf has the right nameserver IP declarations, domain (your ISP domain here), and search (same domain here). That'll keep DNS happy unless they have busted DNS servers.
March 28th, 2002, 06:08 PM
iNViCTuS

Quote:

Originally posted here by Vorlin
Like Invictus said, you have to have a default route out of your machine which seems to be already there if nslookup for yahoo works.

This is true...however, I have seen some ISP's lately using their gateways as caching for DNS, in which case nslookup would still work, but anything else might not.

What is the netmask of your public IP. Are the IP's that you are able to ping on the same subnet as your ip maybe?

If they are on a [glowpurple]different [/glowpurple] subnet, and you could ping them, but not get anywhere else then I might suggest calling your ISP as it sounds like it might be a routing problem.

Like i said though a traceroute will give you the best idea of where your connection is dying, and will also be useful info for your ISP to troubleshoot the problem
March 28th, 2002, 06:25 PM
souleman

Umm, I actually had a problem like this about a week ago. After 30 minutes of playing around with everything, I contacted my ISP. Come to find out, a telco guy accidently cut through the isp's fiber. Took out every outboud connection they had. Could still dial in over copper, but that was about it.

I doubt this is your problem, but I just thought it was kinda funny.
March 29th, 2002, 04:05 AM
cgkanchi

Something like this happened to ma a while back. I could connect to the net but not surf and stuff. It turned out that I had the firewall set to high security. You're probably not this stupid but check it out the firewall settings anyway. In case you don't know how, try this:
Login as root.
type setup
Then select firewall configuration and set the security to medium.
Cheers,
cgkanchi
March 29th, 2002, 08:30 AM
Silkk

Alright guys, this is what is happenin

I looked in my resolv.conf file and it has

"nameserver my isp dns
nameserver my isp secondary dns
search localdomain"

And when i run tarcert on www.cnn.com it only has one hop then it dies
April 3rd, 2002, 10:17 AM
Silkk

Hurraaaaay the linux machine connects to the internet now, it had something to do with the ISP DNS server................ But
BOooooo i cant get the windows machines to access the internet, is there a configuration i can check on my linux box to make sure it is configured to let my windows machine access the net... Like i said before all the machines can ping each other.. but when i try to ping www.supercars.net and other internet addys it gives me "host not found" (from windows machine) And the windows machine is pointing to the linux eth1 192.168.0.69 as the gateway and for the DNS server i pointed it to the "ISP DNS server...." is there some setting on the linux machine i can try and play with to get my network up and running..... anything
April 3rd, 2002, 01:29 PM
secretagent

make sure you're not blocking incoming and outgoing packets for the DNS port (port 53 UDP - you don't need TCP unless if you do zone transfers) from the windows machines to the linux gateway. also see if you can ping or telnet into external IP addresses (e.g. POP mail servers) from the windows machines, because if that fails too, then something else is configured incorrectly.

regards,
mark.
April 4th, 2002, 01:07 AM
Silkk

Alright i tryed to "ping ISP DNS Server" +"ping ISP mail server" and i get a request timed out (from windows machine) BY the way when u are talking about letting my firewall allow incoming udp packets --- i configured this by going to "lokkit" and set it like soo

allow dhcp, www, and for "DNS" i put "DNS:53" is that the correct way?
Is there something else i can check to see if it properly configured to forward packets from my windows machine......
April 4th, 2002, 05:45 AM
secretagent

i have never used lokkit so i don't know. i believe it uses ipchains and not iptables which would be slightly better. your linux gateway is probably not forwarding the packets back and forth correctly. what i would suggest is to read iptables / NAT HOWTOs and also rusty's guides available at netfilter.samba.org. its a lot of reading but in the end its all worth it.

regards,
mark
April 4th, 2002, 05:48 AM
secretagent

i'll try to copy and paste some iptables firewall rules for this later on.

regards,
mark.
April 10th, 2002, 11:16 AM
secretagent

ok, this is very messy, and brief, incomplete, as it is just bits from my own firewall rules which i cannot post in total, etc.. but here are some important parts of the firewall rule. i would still recommend for you to read the manuals on this one. btw... is your IP address static?

regards,
mark.

# location of iptables binary
IPT=/sbin/iptables

INT_IFACE="eth0" # internal interface
EXT_IFACE="eth1" # external interface
LOOPBACK_IFACE="lo" # loopback interface

PRIV_PORTS="0:1023"
UNPRIV_PORTS="1024:65535"

# allow packets from internal network (unprivileged ports)
$IPT -A INPUT -i eth0 -d 192.168.0.0/24 -p tcp --dport $UNPRIV_PORTS -j ACCEPT

# allow packets to internal network (privileged ports)
$IPT -A OUTPUT -o eth0 -d 192.168.0.0/24 -p tcp --dport $PRIV_PORTS -j ACCEPT

# change source IP of packets
$IPT -t nat -A POSTROUTING -o $EXT_IFACE -j SNAT --to <your static IP address>

# output using unprivileged ports
$IPT -A OUTPUT -o $EXT_IFACE -p tcp --dport $UNPRIV_PORTS -j ACCEPT

# enabled ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward