Some networking questions
When searching to resolv the pb listed in this thread http://www.linuxquestions.org/questi...hreadid=128167
and I have some basics (?) questions :
1. is it a problem that local IP address are something like : 192.168.0.x ? Is the 0 possible in a IP address ?
2. what is the MTU parameter showed with ifconfig -a ?
3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?
4. How to change the MTU value for an IP interface and how to make this change persistant ?
Thank's for all.
Do you make ping from broken windows machine to broken sites ?
>1. is it a problem that local IP address are something like : 192.168.0.x ?
No problem. Only check what address give you ADSL provider.(must not from 192.168.0.x)
>Is the 0 possible in a IP address ?
No. IP address of host can`not be 0.
>2. what is the MTU parameter showed with ifconfig -a ?
Maximum Transfer Unit . Maximum size of packet. (for ethernet 1500)
>3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?
No. You router must fragmented IP packet if he is more then 1492.
>4. How to change the MTU value for an IP interface and how to make this change persistant ?
Why you need for ?
But you says in 1. that there is no problem to have an IP like 192.168.0.1 and in 2. that it's not possible to have 0 in IP address. This seem's contradictoir to me. My question is : is an IP address like 192.168.0.1 legal or do I have to replace the 0 with something else ?
4. It was in case that both MTU (ppp0 and eth0) must be the same.
Do you have an idea for the problem listed in the thread : http://www.linuxquestions.org/quest...threadid=128167
Thank's for all
an address like 192.168.0.1 is legal, you just dont want to start an IP address with a 0 or end it with a 0. You also cannot use 255 for the IP b/c it is reserved
255 = broadcast, meaning that packets are sent to every host on the subnet.
Gates is right, 0 can be used as long as it is not the end of the host portion. Often times a subnet is referred to by including the 0 (ie, 192.168.0.0 would refer to the subnet, and 192.168.0.1 would be a host on that subnet, and 192.168.0.255 would be the broadcast address for the subnet).
you have mask 255.255.255.0. In this case you may use legally ip from 192.168.0.1 to 192.168.0.254.
O in thrid octet belong to network part of address and with mask 255.255.255.0 is absolutly legally too.
Try to sniffing traffic on inbound interface and adsl connection
In one window
tcpdump -vvv -i eth0(your local_net) host ip(one of windows box)
and other window
tcpdump -vvv -i ppp0(your adsl)
and from windows box check access to yahoo url.
What you see ? Can you give small dump ? (and result of ifconfig)
OK I got it.
Sorry we will have to wait on monday to have people working. I cannot access this from home.
2 ideas while waiting for users ....
While waiting for monday I have two ideas :
1. can it be a masquerading problem ?
My Linux box has an constant IP and I've read some articles saying that with constant IP with hav to use SNAT and not MASQUERADING ?
But I'm not shure the solution apply to me, they were talking about redirection also ...
What do you think about that ?
2. the port 113 (auth) was blocked is the OUTPUT rules with messages in /var/log/messages. I've read there that in this case http request could not work.
You could notice that by default all OUTPUT connections are DROPPED in my iptables config.
So perhaps do I need to open this port in OUTPUT ?
Does people have generally all OUTPUT ACCEPT and not DROP ?
I don`t think so.
You problem is not with all url. If you was have masquerading problem then windows machines can not
work at all.
I don`t know what is port 133 do.
HTTP -80 HTTPS -443 and thats all what need for web.
By the way, you forget https (hope, this solve the problem :) )
-A OUTPUT -p tcp -m tcp -o ppp0 --dport https -j ACCEPT
I've already add the https which was missing, and it does not correct my problem.
See you tomorrow with real users ...
Thank's in advance for your help.
I read a little more about iptables :)
Try to check very simple and insecure configuration.
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
( or iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source your_static_ip )
iptables -A FORWARD -j LOG --log-level info
In /var/log/messages (I don`t know where you syslog stored info, chekc /etc/syslog.conf ) you
will see requests and replys.
On eth0 with the command tcpdump -vvv -i eth0 (only ticeropo1 was working) :
because I get this trace connected by ssh) :
15:23:46.987738 220.127.116.11.3197 > 18.104.22.168.http: S [tcp sum ok] 1484651153:1484651153(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 127, id 49463, len 48)
15:23:46.988172 22.214.171.124.32850 > 126.96.36.199.domain: 49373 [1au] PTR? 188.8.131.52.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:47.122217 184.108.40.206.http > 220.127.116.11.3197: S [tcp sum ok] 3663766469:3663766469(0) ack 1484651154 win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 118, id 13569, len 48)
15:23:47.122464 18.104.22.168.3197 > 22.214.171.124.http: . [tcp sum ok] 1:1(0) ack 1 win 65535 (DF) (ttl 127, id 49465, len 40)
15:23:47.124311 126.96.36.199.3197 > 188.8.131.52.http: P 1:367(366) ack 1 win 65535 (DF) (ttl 127, id 49466, len 406)
15:23:47.186227 184.108.40.206.domain > 220.127.116.11.32850: 49373-% q: PTR? 18.104.22.168.in-addr.arpa. 0/5/3 ns: 51.194.in-addr.arpa.[|domain] (DF) (ttl 235, id 11963, len 247)
15:23:47.186568 22.214.171.124.32850 > 126.96.36.199.domain: 30993 [1au] PTR? 188.8.131.52.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:47.410162 184.108.40.206.http > 220.127.116.11.3197: . [tcp sum ok] 1:1(0) ack 367 win 65169 (DF) (ttl 118, id 13602, len 40)
15:23:49.190707 18.104.22.168.32850 > 22.214.171.124.domain: 31478 [1au] PTR? 126.96.36.199.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:49.480592 188.8.131.52.43695 > 184.108.40.206.auth: S [tcp sum ok] 2113102382:2113102382(0) win 5808 <mss 1452,sackOK,timestamp 136782637 0,nop,wscale 0> (DF) (ttl 64, id 16432, len 60)
15:23:51.200703 220.127.116.11.32850 > 18.104.22.168.domain: 57011 [1au] PTR? 22.214.171.124.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:51.265468 126.96.36.199.domain > 188.8.131.52.32850: 57011*- q: PTR? 184.108.40.206.in-addr.arpa. 1/2/3 220.127.116.11.in-addr.arpa.[|domain] (ttl 58, id 1869, len 199)
15:23:51.265784 18.104.22.168.32850 > 22.214.171.124.domain: 41731 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.361448 126.96.36.199.domain > 188.8.131.52.32850: 41731 q:[|domain] (DF) (ttl 243, id 23322, len 169)
15:23:51.361669 184.108.40.206.32850 > 220.127.116.11.domain: 48061 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.425435 18.104.22.168.domain > 22.214.171.124.32850: 48061- q:[|domain] (ttl 58, id 2009, len 181)
15:23:51.425694 126.96.36.199.32850 > 188.8.131.52.domain: 37938 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.425785 184.108.40.206.32850 > 220.127.116.11.domain: [udp sum ok] 51737 [1au] A? ceprox01.cerius.fr. ar: . OPT UDPsize=2048 (47) (DF) (ttl 64, id 0, len 75)
15:23:51.489425 18.104.22.168.domain > 22.214.171.124.32850: 37938 NXDomain*- q:[|domain] (DF) (ttl 248, id 13937, len 155)
15:23:51.505436 126.96.36.199.domain > 188.8.131.52.32850: 51737-% q: A? ceprox01.cerius.fr. 1/2/3 ceprox01.cerius.fr. A 184.108.40.206[|domain] (ttl 49, id 23295, len 162)
15:23:55.480591 220.127.116.11.43695 > 18.104.22.168.auth: S [tcp sum ok] 2113102382:2113102382(0) win 5808 <mss 1452,sackOK,timestamp 136783237 0,nop,wscale 0> (DF) (ttl 64, id 16433, len 60)
424 packets received by filter
87 packets dropped by kernel
in /var/log/messages :
the tcpdump command says xxx paquets dropped and normally I should see this paquet on /var/log/messages. I'm shure this is working in my firewall configuration :
|All times are GMT -5. The time now is 11:12 PM.|