LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-15-2010, 06:08 AM   #1
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Rep: Reputation: 15
Changed my ISP - now my LAN is not able to access the internet


hi
I changed my ISP recently, post which my LAN is not able to access the internet.
I have 6 PCs in my LAN which run on Ubuntu 9.04 and 1 on Ubuntu 9.10 and one more on WindowsXP and these are connected to an Ubuntu 9.04 where the ISP pipe is terminated. The main PC is able to access internet and has IP of 192.168.1.xx series on eth1 on DHCP and eth0 is configured as 192.168.0.2
Regards
 
Old 07-15-2010, 06:44 AM   #2
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Not much of an information. Are you using iptables for internet sharing? Or you are also using squid for caching? What are the iptables rules for sharing, if you have any?
You need to MASQUERADE the outgoing connections on external interface as you have a DHCP assigned address.

Something like:

iptables -t nat -A POSTROUTING -o $external-interface -j MASQUERADE

Change it accordingly.
 
Old 07-15-2010, 06:44 AM   #3
jwl
LQ Newbie
 
Registered: Mar 2006
Location: Johannesburg
Distribution: Suse 10
Posts: 10

Rep: Reputation: 0
IP Addresses

Your Internet access has an IP address of 192.168.1.XX on eth1 and 192.168.0.2 on eth0. How are the other PC's setup. If the Internet access is via 192.168.0.2 and the PC's are getting their addresses from the DHCP on 192.168.1.xx then their addresses will be generated with the 192.168.1.xx and will not see the 192.168.0.2. The gateway on all the other PC's must have be 192.168.0.2 or they will not see the Internet.
 
Old 07-15-2010, 08:25 AM   #4
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
I think you are misunderstanding it. Or it may be myself as well. But this is how I interpret it. The external interface has the IP 192.168.1.xx and it is assigned by DHCP and hence .xx. This is not assigning ip addresses but getting it from another DHCP server.
 
Old 07-16-2010, 02:12 AM   #5
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
hi
Yes, I have been using squid for past 18mths and running the NAT commands
sudo iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
Everything used to go well for the past 18mths that I have been using Linux

Recently I changed my ISP and after that I havent been able to get my LAN to access internet. Do I need to edit any conf files on the external interface PC which has static IP of 192.168.1.21 on Auto Eth1 (DHCP). The Eth0 configurations have been manually set to 192.168.0.2 and gateway of 192.168.1.1. The internal PCs have been manually set to IPs of 192.168.0.3 onwards and gateway of 192.168.0.2 and DNS of the PC with external interface

regards
 
Old 07-16-2010, 02:41 AM   #6
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
There should not much of an issue as such. If you are running squid, is it running in transparent mode? I do not see that you are redirecting web traffic to squid. And I am still not clear if your ISP is providing you with static IP or is assigning it using DHCP?
Quote:
external interface PC which has static IP of 192.168.1.21 on Auto Eth1 (DHCP).
What should that mean? It either can have static IP or a dynamic. Not both.

If your external interface has dynamic IP then you need to masquerade the connections as I said in the previous post.

Also do post the error messages that you see on the clients.
And if you are running squid, try to configure your client web browsers for proxy and see if you get the internet connection.
PS: Assuming that you do not have a connection that needs you to dial up for it. Though this should matter. Also that you can access the internet on your gateway.
 
Old 07-16-2010, 03:45 AM   #7
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
hi
Even on DHCP mode my external interface gets the same IP address all the time. The error on my clients is "Server not found .... Check the address for typing errors...If you are unable to load any pages, check the computer network connection. If your computer or network is protected by a firewall or proxy, make sure that firefox is permitted to access the web".
All I changed is the ISP, do I need to edit any conf files to allow the new DNS servers or gateway.
 
Old 07-16-2010, 05:04 AM   #8
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
What DNS are you using? Have you changed the DNS to the one given by your new ISP? Can your clients browse web after configuring browsers for proxy?
 
Old 07-16-2010, 12:58 PM   #9
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
hi
The clients are set on "use system proxy settings"
Should I be editing any conf file on the PC with external interface
 
Old 07-17-2010, 03:00 AM   #10
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
If systems are configured to use system proxy then you need to have set correct default gateway for the systems. Also can they browse when set for proxy? i.e. browsers set with proxy settings? Give this information as well. Else it would be difficult to tell if your squid is working or not.
 
Old 07-17-2010, 05:54 AM   #11
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
hi
My clients are not able to browse when set for proxy. I have keyed the default gateway as 192.168.0.2 the internal IP of the external interface PC.
regards
 
Old 07-17-2010, 10:36 AM   #12
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,324
Blog Entries: 1

Rep: Reputation: 447Reputation: 447Reputation: 447Reputation: 447Reputation: 447
There's various parts to internet connectivity. A ROUTE, a GATEWAY, and DNS. If any one is broken, the whole thing stops working (for the most part).

Since you changed ISPs, did you switch from say dialup (ppp0) to broadband (eth0)?

$ ifconfig default eth0

If you changed gateways?

$ ifconfig eth0 default gw 192.168.2.1 up

Your DNS is pretty much guaranteed to change between ISPs, but that doesn't always mean that your OLD DNS entries stop working. Although they may have a latency that is intollerable. As long as the .com's resolve to .##'s, you can change / work on that later.

For connection sharing you'll need to masquerading / nat (address translation). iptables is the usual means to that end. And other concerns like a firewall that could block all traffic on an otherwise perfectly setup internet. It could also be something on the ISPs end. Bad crimp in the cable, termination do to non-payment, quota for the month exceeded, and other things.

$ iptables -L
$ iptables -t nat -L

$ route -n
$ netstat -r

$ cat /etc/resolv.conf

$ ifconfig -a
 
Old 07-18-2010, 03:08 AM   #13
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Then try and go from step to step. I did a typo in post#10. Sorry. Can you browse the net on the squid system? Is your squid configured to listen on correct IP? Is the squid service running?
Take steps to find the fault. Make sure you have working internet connection on squid system. Once that is done, then make sure your squid is running and that clients can browse internet by configuring browsers for proxy settings. Then you can make squid transparent.
Also post the configurations as suggested in the previous post by Shadow.
 
Old 07-18-2010, 09:12 AM   #14
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
Ok, taking it step by step, heres my squid.conf
(Had setup squid with your forum's help 18mths back)
My external interface PC is able to browse net, problem must be between my external interface PC and LAN.
Even previous ISP was a broadband connection


Quote:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access allow all
icp_access allow localnet
icp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
regards
Aarav
 
Old 07-19-2010, 01:14 AM   #15
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
That looks fine. What does ifconfig -a give?
Also give output to the command in post#12
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ppp dials up ISP but I can not access internet Jbone2007 Linux - Networking 2 01-08-2008 06:53 PM
can't access internet, but lan is ok jcor Linux - Networking 2 11-09-2007 11:55 AM
Access to the Internet without an ISP Gins Linux - Wireless Networking 4 04-26-2007 02:59 AM
Internet Access with RedHat9 and ISP is AOL sgarci Linux - Networking 6 08-14-2006 07:02 AM
Cannot connect to internet through ISP LAN in Fedora Core 2 tlee7977 Linux - Newbie 2 06-26-2004 01:06 AM


All times are GMT -5. The time now is 12:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration