LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Some networking questions (http://www.linuxquestions.org/questions/linux-networking-3/some-networking-questions-130037/)

jmcollin92 12-30-2003 07:24 AM

Some networking questions
 
Hello there,

When searching to resolv the pb listed in this thread http://www.linuxquestions.org/questi...hreadid=128167

and I have some basics (?) questions :
1. is it a problem that local IP address are something like : 192.168.0.x ? Is the 0 possible in a IP address ?

2. what is the MTU parameter showed with ifconfig -a ?

3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?

4. How to change the MTU value for an IP interface and how to make this change persistant ?

Thank's for all.

yuray 12-30-2003 08:21 AM

About http://www.linuxquestions.org/quest...threadid=128167
Do you make ping from broken windows machine to broken sites ?

>1. is it a problem that local IP address are something like : 192.168.0.x ?
No problem. Only check what address give you ADSL provider.(must not from 192.168.0.x)
>Is the 0 possible in a IP address ?
No. IP address of host can`not be 0.
>2. what is the MTU parameter showed with ifconfig -a ?
Maximum Transfer Unit . Maximum size of packet. (for ethernet 1500)
>3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?
No. You router must fragmented IP packet if he is more then 1492.
>4. How to change the MTU value for an IP interface and how to make this change persistant ?
Why you need for ?

jmcollin92 12-30-2003 08:39 AM

Quote:

Originally posted by yuray
About http://www.linuxquestions.org/quest...threadid=128167
Do you make ping from broken windows machine to broken sites ?

>1. is it a problem that local IP address are something like : 192.168.0.x ?
No problem. Only check what address give you ADSL provider.(must not from 192.168.0.x)
>Is the 0 possible in a IP address ?
No. IP address of host can`not be 0.
>2. what is the MTU parameter showed with ifconfig -a ?
Maximum Transfer Unit . Maximum size of packet. (for ethernet 1500)
>3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?
No. You router must fragmented IP packet if he is more then 1492.
>4. How to change the MTU value for an IP interface and how to make this change persistant ?
Why you need for ?

Thank's for your answers,

But you says in 1. that there is no problem to have an IP like 192.168.0.1 and in 2. that it's not possible to have 0 in IP address. This seem's contradictoir to me. My question is : is an IP address like 192.168.0.1 legal or do I have to replace the 0 with something else ?

4. It was in case that both MTU (ppp0 and eth0) must be the same.

Do you have an idea for the problem listed in the thread : http://www.linuxquestions.org/quest...threadid=128167

Thank's for all

Gates1026 12-30-2003 09:11 AM

an address like 192.168.0.1 is legal, you just dont want to start an IP address with a 0 or end it with a 0. You also cannot use 255 for the IP b/c it is reserved

slightcrazed 12-30-2003 01:11 PM

255 = broadcast, meaning that packets are sent to every host on the subnet.

Gates is right, 0 can be used as long as it is not the end of the host portion. Often times a subnet is referred to by including the 0 (ie, 192.168.0.0 would refer to the subnet, and 192.168.0.1 would be a host on that subnet, and 192.168.0.255 would be the broadcast address for the subnet).

slight

yuray 12-31-2003 12:10 AM

Quote:

But you says in 1. that there is no problem to have an IP like 192.168.0.1 and in 2. that it's not possible to have 0 in IP address. This seem's contradictoir to me. My question is : is an IP address like 192.168.0.1 legal or do I have to replace the 0 with something else ?
In post http://www.linuxquestions.org/quest...threadid=128167 you write about
you have mask 255.255.255.0. In this case you may use legally ip from 192.168.0.1 to 192.168.0.254.
O in thrid octet belong to network part of address and with mask 255.255.255.0 is absolutly legally too.

Quote:

4. It was in case that both MTU (ppp0 and eth0) must be the same.
This is not necessarily so. But if you want - just read man ifconfig.

Quote:

Do you have an idea for the problem listed in the thread : http://www.linuxquestions.org/quest...threadid=128167
Do you make ping test from windows machines to Inernet urls ?

jmcollin92 12-31-2003 11:53 AM

Quote:

Originally posted by yuray

Do you make ping test from windows machines to Inernet urls ?

Yes all seems to be all right

yuray 01-02-2004 04:08 AM

Ok.
Try to sniffing traffic on inbound interface and adsl connection
In one window
tcpdump -vvv -i eth0(your local_net) host ip(one of windows box)
and other window
tcpdump -vvv -i ppp0(your adsl)
and from windows box check access to yahoo url.

What you see ? Can you give small dump ? (and result of ifconfig)

jmcollin92 01-02-2004 07:05 AM

Quote:

Originally posted by yuray
Ok.
Try to sniffing traffic on inbound interface and adsl connection
In one window
tcpdump -vvv -i eth0(your local_net) host ip(one of windows box)
and other window
tcpdump -vvv -i ppp0(your adsl)
and from windows box check access to yahoo url.

What you see ? Can you give small dump ? (and result of ifconfig)

I don't have tcpdump installed. Where can I find it ?

jmcollin92 01-02-2004 07:26 AM

OK I got it.
Sorry we will have to wait on monday to have people working. I cannot access this from home.

jmcollin92 01-03-2004 06:28 PM

2 ideas while waiting for users ....
 
While waiting for monday I have two ideas :
1. can it be a masquerading problem ?

My Linux box has an constant IP and I've read some articles saying that with constant IP with hav to use SNAT and not MASQUERADING ?

But I'm not shure the solution apply to me, they were talking about redirection also ...

What do you think about that ?

2. the port 113 (auth) was blocked is the OUTPUT rules with messages in /var/log/messages. I've read there that in this case http request could not work.
You could notice that by default all OUTPUT connections are DROPPED in my iptables config.
So perhaps do I need to open this port in OUTPUT ?
Does people have generally all OUTPUT ACCEPT and not DROP ?

yuray 01-04-2004 08:32 AM

I don`t think so.
You problem is not with all url. If you was have masquerading problem then windows machines can not
work at all.
I don`t know what is port 133 do.
HTTP -80 HTTPS -443 and thats all what need for web.
By the way, you forget https (hope, this solve the problem :) )
-A OUTPUT -p tcp -m tcp -o ppp0 --dport https -j ACCEPT

jmcollin92 01-04-2004 09:59 AM

I've already add the https which was missing, and it does not correct my problem.
See you tomorrow with real users ...

Thank's in advance for your help.

yuray 01-05-2004 06:15 AM

Hello.
I read a little more about iptables :)
Try to check very simple and insecure configuration.
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
( or iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source your_static_ip )
iptables -A FORWARD -j LOG --log-level info

In /var/log/messages (I don`t know where you syslog stored info, chekc /etc/syslog.conf ) you
will see requests and replys.

jmcollin92 01-05-2004 08:40 AM

Quote:

Originally posted by yuray
Ok.
Try to sniffing traffic on inbound interface and adsl connection
In one window
tcpdump -vvv -i eth0(your local_net) host ip(one of windows box)
and other window
tcpdump -vvv -i ppp0(your adsl)
and from windows box check access to yahoo url.

What you see ? Can you give small dump ? (and result of ifconfig)

Here are the traces requested :

On eth0 with the command tcpdump -vvv -i eth0 (only ticeropo1 was working) :
Code:

15:23:46.986313 ticeropo1.ticero.com.1028 > ticerosrv1.ticero.com.domain: [udp sum ok]  39+ A? www.nordparis.banquepopulaire.fr. (50) (ttl 128, id 49462, len 78)
15:23:46.986561 ticerosrv1.ticero.com.domain > ticeropo1.ticero.com.1028:  39 q: A? www.nordparis.banquepopulaire.fr. 1/3/0 www.nordparis.banquepopulaire.fr.[|domain] (DF) (ttl 64, id 0, len 158)
15:23:46.987699 ticeropo1.ticero.com.3197 > 194.51.109.131.http: S [tcp sum ok] 1484651153:1484651153(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 49463, len 48)
15:23:47.122241 194.51.109.131.http > ticeropo1.ticero.com.3197: S [tcp sum ok] 3663766469:3663766469(0) ack 1484651154 win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 117, id 13569, len 48)
15:23:47.122453 ticeropo1.ticero.com.3197 > 194.51.109.131.http: . [tcp sum ok] 1:1(0) ack 1 win 65535 (DF) (ttl 128, id 49465, len 40)
15:23:47.124300 ticeropo1.ticero.com.3197 > 194.51.109.131.http: P 1:367(366) ack 1 win 65535 (DF) (ttl 128, id 49466, len 406)
15:23:47.410177 194.51.109.131.http > ticeropo1.ticero.com.3197: . [tcp sum ok] 1:1(0) ack 367 win 65169 (DF) (ttl 117, id 13602, len 40)
15:24:46.627600 ticeropo1.ticero.com.netbios-dgm > 192.168.0.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x1102 ID=0x80BD IP=192 (0xc0).168 (0xa8).0 (0x0).3 (0x3) Port=138 (0x8a) Length=196 (0xc4) Res2=0x0
SourceName=TICEROPO1      NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length

 (ttl 128, id 49606, len 238)
15:27:54.431914 arp who-has ticerosrv1.ticero.com tell ticeropo1.ticero.com
15:27:54.431931 arp reply ticerosrv1.ticero.com is-at 0:8:a1:40:67:d9
15:28:56.006362 ticeropo1.ticero.com.1028 > ticerosrv1.ticero.com.domain: [udp sum ok]  40+ A? maj.securitoo.com. (35) (ttl 128, id 50089, len 63)
15:28:56.154067 ticerosrv1.ticero.com.domain > ticeropo1.ticero.com.1028:  40 q: A? maj.securitoo.com. 1/2/0 maj.securitoo.com. A maj.securitoo.com ns: securitoo.com.[|domain] (DF) (ttl 64, id 0, len 132)
15:29:01.150582 arp who-has ticeropo1.ticero.com tell ticerosrv1.ticero.com
15:29:01.150727 arp reply ticeropo1.ticero.com is-at 0:a0:cc:5b:7b:8a
15:29:55.534641 ticeropo1.ticero.com.1028 > ticerosrv1.ticero.com.domain: [udp sum ok]  41+ A? bwcluster.securitoo.com. (41) (ttl 128, id 50195, len 69)
15:29:55.599256 ticerosrv1.ticero.com.domain > ticeropo1.ticero.com.1028:  41 q: A? bwcluster.securitoo.com. 1/2/0 bwcluster.securitoo.com. A[|domain] (DF) (ttl 64, id 0, len 138)
15:29:55.600955 ticeropo1.ticero.com.9370 > bwcluster.securitoo.com.codaauth2: [udp sum ok] udp 45 (ttl 128, id 50196, len 73)
15:29:55.679035 bwcluster.securitoo.com.codaauth2 > ticeropo1.ticero.com.9370: [udp sum ok] udp 12 (ttl 117, id 2629, len 40)

1667 packets received by filter
778 packets dropped by kernel

on ppp0 (with the command tcpdump -vvv -i ppp0 port not ssh
because I get this trace connected by ssh) :
[CODE]
15:23:46.987738 217.128.230.16.3197 > 194.51.109.131.http: S [tcp sum ok] 1484651153:1484651153(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 127, id 49463, len 48)
15:23:46.988172 217.128.230.16.32850 > 198.6.1.83.domain: 49373 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:47.122217 194.51.109.131.http > 217.128.230.16.3197: S [tcp sum ok] 3663766469:3663766469(0) ack 1484651154 win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 118, id 13569, len 48)
15:23:47.122464 217.128.230.16.3197 > 194.51.109.131.http: . [tcp sum ok] 1:1(0) ack 1 win 65535 (DF) (ttl 127, id 49465, len 40)
15:23:47.124311 217.128.230.16.3197 > 194.51.109.131.http: P 1:367(366) ack 1 win 65535 (DF) (ttl 127, id 49466, len 406)
15:23:47.186227 198.6.1.83.domain > 217.128.230.16.32850: 49373-% q: PTR? 131.109.51.194.in-addr.arpa. 0/5/3 ns: 51.194.in-addr.arpa.[|domain] (DF) (ttl 235, id 11963, len 247)
15:23:47.186568 217.128.230.16.32850 > 192.134.0.49.domain: 30993 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:47.410162 194.51.109.131.http > 217.128.230.16.3197: . [tcp sum ok] 1:1(0) ack 367 win 65169 (DF) (ttl 118, id 13602, len 40)
15:23:49.190707 217.128.230.16.32850 > 193.0.0.193.domain: 31478 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:49.480592 217.128.230.16.43695 > 217.167.52.114.auth: S [tcp sum ok] 2113102382:2113102382(0) win 5808 <mss 1452,sackOK,timestamp 136782637 0,nop,wscale 0> (DF) (ttl 64, id 16432, len 60)
15:23:51.200703 217.128.230.16.32850 > 194.51.3.49.domain: 57011 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:51.265468 194.51.3.49.domain > 217.128.230.16.32850: 57011*- q: PTR? 131.109.51.194.in-addr.arpa. 1/2/3 131.109.51.194.in-addr.arpa.[|domain] (ttl 58, id 1869, len 199)
15:23:51.265784 217.128.230.16.32850 > 194.52.1.10.domain: 41731 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.361448 194.52.1.10.domain > 217.128.230.16.32850: 41731 q:[|domain] (DF) (ttl 243, id 23322, len 169)
15:23:51.361669 217.128.230.16.32850 > 194.51.3.49.domain: 48061 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.425435 194.51.3.49.domain > 217.128.230.16.32850: 48061- q:[|domain] (ttl 58, id 2009, len 181)
15:23:51.425694 217.128.230.16.32850 > 194.51.3.65.domain: 37938 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.425785 217.128.230.16.32850 > 193.176.144.6.domain: [udp sum ok] 51737 [1au] A? ceprox01.cerius.fr. ar: . OPT UDPsize=2048 (47) (DF) (ttl 64, id 0, len 75)
15:23:51.489425 194.51.3.65.domain > 217.128.230.16.32850: 37938 NXDomain*- q:[|domain] (DF) (ttl 248, id 13937, len 155)
15:23:51.505436 193.176.144.6.domain > 217.128.230.16.32850: 51737-% q: A? ceprox01.cerius.fr. 1/2/3 ceprox01.cerius.fr. A 194.51.109.157[|domain] (ttl 49, id 23295, len 162)
15:23:55.480591 217.128.230.16.43695 > 217.167.52.114.auth: S [tcp sum ok] 2113102382:2113102382(0) win 5808 <mss 1452,sackOK,timestamp 136783237 0,nop,wscale 0> (DF) (ttl 64, id 16433, len 60)

424 packets received by filter
87 packets dropped by kernel
[/CODE

in /var/log/messages :
Code:

Jan  5 15:21:43 ticerosrv1 kernel: device ppp0 left promiscuous mode
Jan  5 15:21:49 ticerosrv1 kernel: device ppp0 entered promiscuous mode
Jan  5 15:21:54 ticerosrv1 kernel: device ppp0 left promiscuous mode
Jan  5 15:22:00 ticerosrv1 CROND[8637]: (root) CMD (  /usr/share/msec/promisc_check.sh)
Jan  5 15:22:36 ticerosrv1 kernel: device ppp0 entered promiscuous mode
Jan  5 15:23:00 ticerosrv1 CROND[8662]: (root) CMD (  /usr/share/msec/promisc_check.sh)
Jan  5 15:24:00 ticerosrv1 CROND[8668]: (root) CMD (  /usr/share/msec/promisc_check.sh)

First question :
the tcpdump command says xxx paquets dropped and normally I should see this paquet on /var/log/messages. I'm shure this is working in my firewall configuration :
Code:

[root@ticerosrv1 root]# iptables-save
# Generated by iptables-save v1.2.7a on Mon Jan  5 15:40:48 2004
*filter
:INPUT DROP [758:46414]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p udp -m udp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 901 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -i ppp0 -j DROP
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i ppp0 -p icmp -m limit --limit 1/sec -j ACCEPT
-A INPUT -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "IPTABLES-INPUT : " --log-level 3
-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -o ppp0 -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "IPTABLES-FORWARD : " --log-level 3
-A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o eth0 -p tcp -m tcp -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 113 -j ACCEPT
-A OUTPUT -o ppp0 -p udp -m udp --dport 113 -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth0 -p tcp -m tcp --dport 137:138 -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth0 -p udp -m udp --dport 137:138 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A OUTPUT -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "IPTABLES-OUTPUT : " --log-level 3
COMMIT
# Completed on Mon Jan  5 15:40:48 2004
# Generated by iptables-save v1.2.7a on Mon Jan  5 15:40:48 2004
*mangle
:PREROUTING ACCEPT [39470:9001082]
:INPUT ACCEPT [34369:6434525]
:FORWARD ACCEPT [5035:2539065]
:OUTPUT ACCEPT [35248:10535825]
:POSTROUTING ACCEPT [40309:13075410]
COMMIT
# Completed on Mon Jan  5 15:40:48 2004
# Generated by iptables-save v1.2.7a on Mon Jan  5 15:40:48 2004
*nat
:PREROUTING ACCEPT [1972:148644]
:POSTROUTING ACCEPT [928:58597]
:OUTPUT ACCEPT [2190:149102]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Jan  5 15:40:48 2004

Thank's for all


All times are GMT -5. The time now is 10:11 PM.