Howdy ho,
Well I'm finally settling into using Red Hat 8.0 now after a lot of teething trouble (and a re-install after I totally messed it up), but I'm still having an issue with the internet.

My Red Hat server is connected via eth0 to a LAN. The ip address is dynamic (but I have also tried static ip) my firewall is turned off (iptables is disabled) and I have entered the proxy address to access the net.

When I open Mozilla and try to get to Google it sits there for a while then says "Operation timed out when attempting to contact www.google.com"

The server is online as I can ping it from a desktop machine and I can ping the default gateway from the server.

DNS is correctly configured.

Has anyone come across this problem before or has anyone got a lead I can follow or anything? I think I've exhausted everything on the web.

Many thanks to anyone who tries to help,
Clara

PS I posted this in the Red Hat forum first but after looking around a bit more I think it may be more suited here....I'm not fishing for more responses or anything...

Have a look at the write up here:
http://www.cyberciti.biz/faq/linux-s...route-command/

It sounds like you have the network set up OK, but the particular platform you are on does not know how to get out to the big wide world....you said you had configured the "proxy", I assume you meant the default gateway... If you can ping the default gateway (as you said) but cannot get to an outside address, then its most likely your default gateway config is mangled.

Thanks for that, I'll give it a lookover and try what it suggests.

I am using the Linux Server on a school's LAN. The default gateway to get out of the LAN is the same as what is entered as the default gateway on the server...

Our router then doesn't connect to the WWW, instead it goes to the broadband consortium's proxy which provides our internet access.

I can get to the gateway and I can even resolve domain names to ip addresses. It's almost as if the proxy doesn't like my linux server (if that makes any sense whatsoever ) when I try to connect to RHN I get connection refused. Unfortunately I have no access to the administration of the proxy (or I would have hit it with a hammer, tee hee)

This probably sounds very confusing (it is to me)! Everything I learned during my CCNA is going straight out the damned window....

Thanks anyway though mate!

Hey, Count_Cloppy we may be getting closer to understanding this! You are running from a schools network through a Broadband consortium's Internet access. I designed, built and operated a major south Midlands County Council's network from 2002-2003 and I have seen (and fixed!) this kind of problem elsewhere.

Try the stuff above, then if you still have problems print the routing table from a system that *can* get out, then go on to your misbehaving system, and do a traceroute to somewhere outside your network (something like "tracert www.bbc.co.uk"). Then post the results, and if there is any way for you to post up a network diagram (on a webserver you have control of, perhaps)

Once we have that info, we should be able to sort this....

HTH
Jimbo

Hi Mate, hey thats a relief to hear, if you've come across this before.

Routing table from PC thats works....

===================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 0d 77 f9 d3 ...... Intel(R) PRO/100 VE Network Connection - Packet
Scheduler Miniport
===================================================================
===================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.4.48.1 10.4.48.62 20
10.4.48.0 255.255.252.0 10.4.48.62 10.4.48.62 20
10.4.48.62 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.4.48.62 10.4.48.62 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.4.48.62 10.4.48.62 20
255.255.255.255 255.255.255.255 10.4.48.62 10.4.48.62 1

Default Gateway: 10.4.48.1
===================================================================
Persistent Routes:
None

Routing table from Linux server...

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.4.48.0 * 255.255.252.0 U 0 0 0 eth0
192.168.0.0 * 255.255.252.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.4.48.1 0.0.0.0 UG 0 0 0 eth0

Traceroute result for www.bbc.co.uk...
traceroute to www.bbc.net.uk (212.58.224.87), 30 hops max
1 10.4.48.1 (10.4.48.1) 87.467 ms 1.814 ms 0.967ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *

..and that carries on until 30 when it stops. (max hop count I guess).

Do you think I'll need to add the other routes from the working PC to the linux server? I can't understand why I'd have to, it's only the default I need to work (which is in the routing table already)

Where did you work in South Midlands then??

Thanks a million,
Clara.

I tried to space out the routing tables better than that but the forum has removed the spaces so it's all squashed up....sorry...

Hmmm....Is that traceroute is from your non-connecting server? If so, can you post up one from the working device, pls.

Can you also post the address/mask allocated to the non-working server's eth0

You have a good routing table by the look of it, but I want to be sure. The traceroute gets to the default router, which is encouraging, and the loss of entries after the default is not surprising, ICMP is probably disabled beyond your default router.

The device 10.4.48.1, your default gateway....what is it? does it NAT, does it have ACLs?.

I'm going to go away and have a think, see if I can draw up the topology...if you an get the info above, I'll have a squint at it tonite.

Later

Jimbo

Yes it was the traceroute from the non connecting server. The working machine gives the exact same results...

I think ICMP is disabled by the broadband consortium. I cannot get access to the router which is the gateway, it does not belong to us, it is owned by the authority which runs the internet here. I would imagine that ACL's are active on the incoming and outgoing interfaces of the router....it would be insane to not to have them.

We do have another Linux server running Fedora but I cannot access it to have look at how it is set up.

Thanks for all your help mate.

Can you also post the address/mask allocated to the non-working server's eth0

ip 10.4.48.2 mask 255.255.252.0

Check first if you have IPV6 enabled. If yes, disable it and try.

Also try to disable the DHCP client on your box and set up a static IP. The reason for this is not to have a static IP, I know you already tried this, but to avoid the DHCP client changing stuff.

The picture I have drawn in my head looks something like a LAN, with a device 10.4.48.62 (the working PC), another device 10.4.48.2 (the non-working Linux device) and the gateway 10.4.48.1, all running mask 255.255.252.0. Both devices can do a traceroute to an outside address that looks like:

Traceroute result for www.bbc.co.uk...
traceroute to www.bbc.net.uk (212.58.224.87), 30 hops max
1 10.4.48.1 (10.4.48.1) 87.467 ms 1.814 ms 0.967ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *

So what do we know from that?
1) The eth0 interface looks to be working correctly (it can see the 10.4.48.1 gateway interface; since traceroute uses the ping function, the traceroute proved local connectivity);
2) DNS works correctly; if it didn't, the ping to the bbc site wouldn't have resolved to an address
3) The network behind the gateway is obscured, probably ICMP-disabled, almost certainly NAT-ed, and not under your control.

If that sounds like I have an accurate picture, goto next, else beat writer between eyes with keyboard!

The device 10.4.48.62 is the working PC (from the line shown below from the routing table of the OK PC):

Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.4.48.1 10.4.48.62 20



Clearly, the network likes that system, because it can get to the outside world. OK, lets do a "binary chop", see if we can reduce the area of unknown stuff. During a quiet time on the net, record the configurations of the working PC exactly. Then power the PC down, and configure the "broken" linux system to look the same as the working one (on the network interface, anyway). Then try to get out of the net, to the BBC site or whatever is your favourite. You *must* power the working PC down, or disconnect it from the net during this test, or you will get duplicate IP addreses and all kinds of alarms and complaints

If that works, it appears that the problem lies outside your network, and its probably that the Broadband consortium has filtered your address out and blocked the traffic. If it doesn't work, it proves we have a problem (still) with the linux box.

Sorry to have you chasing "round the houses" a bit, but you appear to have done everything right...leaving us with "partial elimination" as the only way to get closer to the problem.

The other stuff from runlevel0 is also worth doing, though I've never seen IPv6 do this kind of thing


nil illegitimus carborundum!

Jimbo

It's OK Jimbo I like running round houses (**cough**), and thanks for all you are trying to do. I will try what you suggest tomorrow (Friday) but I have already switched the IP of eth0 about 6 times to different IP addresses, both static and DHCP. Something you may find of interest though....before I formatted the server and re-insalled Red Hat (basically because the prior user had put allsorts on it that I couldn't un-install) the internet connection worked fine. The system picked up it's IP dynamically and I could surf everywhere.

Then I re-installed Red Hat and can't get anywhere!! Now I'm a newbie at Linux, but I'm learning fast all the time. Would there be any other RPMs I'd need to install in Red Hat to view the web? An update to Mozilla perhaps, or something? All I have is the basic, un-updated install of Red Hat 8.0 (no updates cos I can't connect to the web.....catch 22 here or what!?!)

In response to runlevel0, I see where you are going and I'll give it a try but eventually the server is going to be a DHCP server itself (on a private network of course). The project is to run DRBL on the server and use Clonezilla to image machines (kind of like a cheap and better version of Norton Ghost!)...

Thanks again guys for all your help,
Yours, Clara!

Oh by the way, on the point of copying the working machines config on the Linux machine....the working machine which can get online is Windows XP and picks up it's IP dynamically, would this make any difference? I mean it being XP.

Tell you what, I'll copy the Linux config to the working machine and see if that works or not...

I just think our network doesn't like linux....ha ha ha ha ha!

Hi Guys,
Jimbo I tried copying the config from the Linux server to the working XP pc. The settings worked fine...

RunLevel0 - Again I tried your advice, but to no avail....

I'm just in the process of downloading the lastest Firefox RPM, see if that works!!

Something interesting came up whilst I was trying to install Firefox, I tried to ping the working machine from the Linux machine and vice versa but I couldn't...is that normal being as one is linux, other is XPPro?

Cheers!