LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-02-2003, 05:50 AM   #1
foboldfky
LQ Newbie
 
Registered: Dec 2003
Location: Australia
Distribution: Red Hat 8.0
Posts: 3

Rep: Reputation: 0
Unhappy DNS lookups not working on dialup connection


Well, this sucks... I've been trying to set up a Linux internet machine for my family LAN. Basically, all it has to do is sit there making sure it's connected to the net, and doing IP Masq. for the rest of the internal network. I didn't think it would be a walk in the park, but it's just starting to peeve me off now...

Here's where I'm at: I can get pppd to dial up to my ISP ok. I can ping the ISP's server, the dns servers, and an on-the-net IP (provided by the guide mentioned below). I got the DNS servers from our Windows machine which we're currently using to connect to the net by running `ipconfig /all', and the guide I used to setup PPP was "How to hook up PPP on Linux" by W. G. Unruh (axion.physics.ubc.ca/ppp-linux.html) (BTW: the LDP's HOWTOs on the subject were like trying to read gibberish).

Now, I've tried everything that I could find in that guide, the PPP-HOWTO, NET-HOWTO, and I've searched on google and this message board for about three hours now, and I totally give up. Nothing seems to work.

Below, I've posted the contents of the config files that are related to this (as far as I know), and the output of some commands. Absolutely ANY help as to what's going on would be greatly appreciated. I've changed the IP addresses, phone number, etc. Don't know if that can be used in some malicious way, but better safe than sorry. If there's something else you need to know, please tell me so I can tell you

pppd version: 2.4.1
kernel version: 2.4.18-14
Red Hat Linux 8.0 3.2-7

Output of `hostname`
Code:
gatekeeper.cairns.net.au
Output of `ifconfig`
Code:
eth0      Link encap:Ethernet  HWaddr 00:60:67:65:BD:A2  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52912 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60578 errors:0 dropped:0 overruns:0 carrier:0
          collisions:1658 txqueuelen:100 
          RX bytes:39316209 (37.4 Mb)  TX bytes:6413412 (6.1 Mb)
          Interrupt:10 Base address:0xe800 

lo        Link encap:Local Loopback  
          ...

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:210.11.xxx.xxx  P-t-P:172.16.xxx.xxx  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:576  Metric:1
          RX packets:105 errors:1 dropped:0 overruns:0 frame:0
          TX packets:190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:12458 (12.1 Kb)  TX bytes:21261 (20.7 Kb)
Output of `route -n`
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.xxx.xxx  0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         172.16.xxx.xxx  0.0.0.0         UG    0      0        0 ppp0
Contents of /etc/host.conf
Code:
order hosts,bind
multi on
Contents of /etc/hosts
Code:
127.0.0.1	localhost loopback
192.168.0.1	gatekeeper.keeperlan
Contents of /etc/hosts.allow
Code:
ALL: 127.0.0.1 127.0.0.0 192.168.0.0/255.255.255.0
Contents of /etc/hosts.deny
Code:
ALL:ALL
Extract from /etc/nsswitch.conf (I'm not posting the whole thing :P)
Code:
...
hosts:      files nisplus dns
...
Contents of /etc/resolv.conf
Code:
domain		cairns.net.au
nameserver	202.4.31.130
nameserver	203.55.215.34
options		debug
Contents of /etc/ppp/options
Code:
lock
crtscts
defaultroute
noauth
nobsdcomp
Greatly abbreviated output from a single PPP session (logged to /var/log/ppp)
I also broke up the longer lines a bit
Code:
pppd: pppd 2.4.1 started by root, uid 0
chat: send (ATZ^M)
chat: expect (OK)
chat: ATZ^M^M
chat: OK
chat:  -- got it 
chat: send (ATM1L1^M)
chat: expect (OK)
chat: ^M
chat: ATM1L1^M^M
chat: OK
chat:  -- got it 
chat: send (ATDT183240nnnnnn^M)
chat: expect (CONNECT)
chat: ^M
chat: ATDT183240nnnnnn^M^M
chat: CONNECT
chat:  -- got it 
chat: send (\d)
pppd: Serial connection established.
pppd: using channel 1
pppd: Using interface ppp0
pppd: Connect: ppp0 <--> /dev/modem
pppd: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2f72f6bc> <pcomp> <accomp>]
pppd: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2f72f6bc> <pcomp> <accomp>]
pppd: rcvd [LCP ConfReq id=0x9b <mru 576> <magic 0xcf8581> <asyncmap 0x0> <mrru 1600>
   < 17 04 01 16> <auth pap> <endpoint [MAC:08:00:03:04:06:dc]>]
pppd: sent [LCP ConfRej id=0x9b <mrru 1600> < 17 04 01 16>]
pppd: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x2f72f6bc> <pcomp> <accomp>]
pppd: rcvd [LCP ConfReq id=0x9c <mru 576> <magic 0xcf8581> <asyncmap 0x0> <auth pap>
   <endpoint [MAC:08:00:03:04:06:dc]>]
pppd: sent [LCP ConfAck id=0x9c <mru 576> <magic 0xcf8581> <asyncmap 0x0> <auth pap>
   <endpoint [MAC:08:00:03:04:06:dc]>]
pppd: sent [PAP AuthReq id=0x1 user="myusername" password=<hidden>]
pppd: sent [PAP AuthReq id=0x2 user="myusername" password=<hidden>]
pppd: rcvd [PAP AuthAck id=0x2 "Access permitted for user \"myusername\"\r\n"]
pppd: Remote message: Access permitted for user "myusername"^M^J
pppd: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
pppd: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15>]
pppd: rcvd [IPCP ConfReq id=0x1 <addr 172.16.xxx.xxx>]
pppd: sent [IPCP ConfAck id=0x1 <addr 172.16.xxx.xxx>]
pppd: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
pppd: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
pppd: rcvd [LCP ProtRej id=0x9d 80 fd 01 01 00 0c 1a 04 78 00 18 04 78 00]
pppd: rcvd [IPCP ConfNak id=0x2 <addr 210.11.xxx.xxx>]
pppd: sent [IPCP ConfReq id=0x3 <addr 210.11.xxx.xxx>]
pppd: rcvd [IPCP ConfAck id=0x3 <addr 210.11.xxx.xxx>]
pppd: local  IP address 210.11.xxx.xxx
pppd: remote IP address 172.16.xxx.xxx
pppd: Script /etc/ppp/ip-up started (pid 3823)
pppd: Script /etc/ppp/ip-up finished (pid 3823), status = 0x0
pppd: Terminating on signal 15.
pppd: Script /etc/ppp/ip-down started (pid 4275)
pppd: sent [LCP TermReq id=0x2 "User request"]
pppd: Script /etc/ppp/ip-down finished (pid 4275), status = 0x0
pppd: sent [LCP TermReq id=0x3 "User request"]
pppd: Connection terminated.
pppd: Connect time 43.0 minutes.
pppd: Sent 21746 bytes, received 12761 bytes.
pppd: Exit.
 
Old 12-02-2003, 08:13 AM   #2
zaphodiv
Member
 
Registered: Oct 2003
Distribution: Slackware
Posts: 388

Rep: Reputation: 30
> I've changed the IP addresses
If the machine is insecure it will get owned anyway. Constant scans
are a part of being conneted to the internet these days.

I assume that internet access by ip address works?

Extract from /etc/nsswitch.conf
hosts: files nisplus dns

Shouldn't that be just
hosts: files dns
 
Old 12-02-2003, 08:39 AM   #3
paul.nel
Member
 
Registered: Nov 2003
Location: Cape Town
Distribution: Gentoo, Redhat 9, SuSE 9.0, 9.2, Win XP
Posts: 149

Rep: Reputation: 15
What does your firewall rules look like? Please post teh output of iptables -L. For a start try to disable your firewall with service iptables stop. If this works I suggest you rebuild your firewall. The IP Maquarade How To at www.tldp.org. has some good pointers.

Regards
p.n

Last edited by paul.nel; 12-02-2003 at 08:40 AM.
 
Old 12-02-2003, 08:50 AM   #4
foboldfky
LQ Newbie
 
Registered: Dec 2003
Location: Australia
Distribution: Red Hat 8.0
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Shouldn't that be just
hosts: files dns
The guide I was following said that it wouldn't make any difference, so long as those two were in the right order. I'll try removing it, and see if it helps.

Also, here's the output of iptables -L:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp
   flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp
   reject-with icmp-port-unreachable
I have no idea what it means ( /me is )

Actually, I'd forgotten about the firewall; since it was going to be a net router/machine, I set it to high in the Red Hat config. My idea was to basically get it connecting to the net first, then setting up IP masquerading, and then fine-tune the firewall. I'll try disabling it tomorrow. It's late over here, and to test the machine, I have to pull the modem out of this machine, and stick it in the Linux box. But first, I need sleep

Also, as for the IP masquerading HOWTO, I've read that one too... I think most of it went over my head, although I'm planning on re-reading it when I come to setting that up. I was lucky enough to get a set of Linux CDs with the entire set of HOWTOs (although just how `complete' this is is anyone's guess) on them. For now, I'd be happy if I could just ping google
 
Old 12-02-2003, 11:58 AM   #5
paul.nel
Member
 
Registered: Nov 2003
Location: Cape Town
Distribution: Gentoo, Redhat 9, SuSE 9.0, 9.2, Win XP
Posts: 149

Rep: Reputation: 15
OK, this does not look right:

Quote:
REJECT tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
As I mentioned, try with your firewall stopped "service iptabels stop" and try to ping google. After that, set a firewall as explained in the HOW TO I referred to. It is a rather long HOW TO but absolutely briliantly laid out and easy to follow.

Let us know how you are doing.

Regards

p.n
 
Old 12-03-2003, 09:53 AM   #6
foboldfky
LQ Newbie
 
Registered: Dec 2003
Location: Australia
Distribution: Red Hat 8.0
Posts: 3

Original Poster
Rep: Reputation: 0
I've nailed the bugger.

Turns out it WAS Redhat's firewall keeping me from doing DNS resolution. Thanks to everyone's advice; I've now got the net working on the Linux machine, PLUS I've managed to get IQ Masq working, too. Wai! ^_^.

All I have to do now is setup some remote control procedure to directly control the firewall settings/net connection from the other machines, dial on demand, and work out why filesharing with the windows boxes suddenly died (whopsie, think I broke something :P)

Once again, thanks for everyone's help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Lookups Slow kwiksand Linux - Networking 0 11-15-2004 04:52 AM
DNS lookups for MX records not working neiljt Linux - Networking 2 08-18-2004 06:01 AM
Caching DNS lookups vikasa Linux - Networking 0 06-26-2003 12:30 PM
Allow DNS lookups through ipchains? ifm Linux - Security 4 08-09-2002 08:17 AM
Reverse DNS Lookups ascii2k Linux - Networking 2 08-08-2001 09:01 AM


All times are GMT -5. The time now is 09:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration