LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-16-2003, 10:47 PM   #1
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Rep: Reputation: 0
Firewall/DHCP Problem (I think)


I'm rebuilding our firewall from a unique version of linux (Carbonwave CarbonWall) to something a bit more normal, Redhat 8. But I've run into a problem, I cannot get computers on the network to see the internet, even if I turn the firewall off. The firewall can see the internet, and computers on the intranet. The computers on the intranet can see the firewall, but can't see the internet.
I've set up DHCP, but don't know if I did it right other than the fact that the computers on the network are getting the dhcpd.conf info and showing up in the leases file. I've turned on ip forwarding for the kernel, and I added an IP masquerading line to the iptables.
Other than that I'm flummoxed, I've had this thing for years, but never had to do basic configuration with it like I'm trying now. Also, the book I got Red Hat Linux 8 Bible, seems to have no relation to the operating system Red Hat Linux 8, I've found this forum to be much more help by far (any recomendations on other books welcome).

Red Hat Linux 8
eth0 connected to a DSL set to DHCP
eth1 connected to intranet hub with w2k pcs on it set to 172.168.0.0 255.255.255.0 no gateway
DHCPD.conf:
option subnet-mask 255.255.255.0;
option domain-name-servers 172.168.0.1; - this is my isps dns
option routers 172.168.0.0; -eth1, I've also tried .1 which is my isp
ddns-update-style ad-hoc; -dhcpd made me put this is
subnet 172.168.0.0 netmask 255.255.255.0 { range 172.168.0.10 172.168.0.100; }
These numbers are mostly trial and error, I include them because something in there could be wrong.

TIA
 
Old 04-17-2003, 03:01 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Your ISP has a 172 address?

Try setting the "option routers" to the ip of your linux box since it is going to become your router.

If this doesn't work give a windows client a fixed ip and a gateway of the linux box - if this works you will have narrowed it down to dhcp problems.

When you check the connection to the internet use ip addresses as well as domain names - if only the domain name fails then it is a DNS issue.
 
Old 04-17-2003, 08:45 PM   #3
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
Thanks David,
As it turns out it is a DNS issue, I can ping IPs but not domains. I've tried .1 which is the DNS from my isp and .0 which is the firewall, anywhere else I should look to configure DNS?
 
Old 04-17-2003, 08:52 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
I don't think you are using your ISP's DNS server it will not be a 172 address. Who is your ISP? Post the address of their site and take a look yourself in their support section for their DNS server ip addresses.

You could try:
66.100.224.8
 
Old 04-17-2003, 09:31 PM   #5
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
When I do an ipconfig /all when hooked to the dsl it says my Gateway, DHCP, and DNS are all 172.16.0.1, so that is what I have been going by. That could be the local router, but I didn't think it was a DNS as well, maybe I'm wrong, I thought it needed to be a computer to be a DNS.
I tried 66.100.224.8 with no effect. I'm using an SBC DSL.
Thanks for all your help.
 
Old 04-17-2003, 09:36 PM   #6
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Like I said - check with your ISP what your DNS servers are.

Remember that you will need to release and renew your dhcp lease on the windows boxes after you hcange the dhcpd config.

I'll check back tomorrow to see how you get on.
 
Old 04-17-2003, 11:06 PM   #7
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
Thanks a lot David, that was it.
 
Old 04-18-2003, 06:41 PM   #8
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
As a follow up to this thread, I've had the DHCP and firewall working well for a day now. But I'm getting something pretty unusual with one of the clients (win2k), after 5-10 min of normal function it drops most of the DHCP info and will not access the network (intra or inter) and won't function again until a reboot. If I use a specific ip address all is well, but I think this is odd because this box has been using DHCP for several years and only started doing this last night when I got everything else working right. Strange, any ideas?
 
Old 04-19-2003, 12:40 AM   #9
MetaPhyzx
LQ Newbie
 
Registered: Apr 2003
Location: Columbus, OH
Distribution: Slackware, RHEL, Open Solaris, Net-BSD
Posts: 26

Rep: Reputation: 15
Whats the DHCP lease period? hours? days? And what does the DHCP servers, lease table look like (what information does it have concerning leases, as in time, when hte lease is due to expire, on and on)
 
Old 04-19-2003, 01:11 PM   #10
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
Default 720
Max is 86400
 
Old 04-19-2003, 01:29 PM   #11
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Try posting dhcpd.conf.
 
Old 04-19-2003, 03:24 PM   #12
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
default-lease-time 720;
max-lease-time 86400;
option subnet mask 255.255.255.0;
option domain-name-servers 206.13.29.12;
option routers 172.168.0.0;
ddns-update-style ad-hoc;
subnet 172.168.0.0 netmask 255.255.255.0 {
range 172.168.0.10 172.168.0.100;
}

Most of this I copied out of a book and then figured most of the numbers by trial and error except the DNS which david pointed out. The ddns-update-style was prompted by the dhcpd when started and failed. This worked well for a while and now two of the w2k machines seem to drop their lease after 12 minutes (which is suspiciously similar to their lease time), the xp machines seem not to be having this problem. I have changed the default-lease-time to 86400, but haven't tested it yet, so the above is the conf file during when I was having problems, I've switched over both machines to static ip for now but would like to put them back to DHCP if I can get it to work. Thanks for all your help.
 
Old 04-19-2003, 04:05 PM   #13
MetaPhyzx
LQ Newbie
 
Registered: Apr 2003
Location: Columbus, OH
Distribution: Slackware, RHEL, Open Solaris, Net-BSD
Posts: 26

Rep: Reputation: 15
I would hope thats minutes. But it may be seconds. So its possible every twelve minutes these workstations are looking for a new address, and you may have an arp caching issue. Some devices arp tables may not update that fast which would cause the cached MAC address to not match the dhcp assigned address. If that is the case go for the max (which breaks down to 24 hours if the number listed is seconds). That'll give the arp tables time to clear and renew. Another thing that will help is if forward and reverse DNS are set up for the addresses in the DHCP pool. I hope that helps you.

KVE

Last edited by MetaPhyzx; 04-22-2010 at 09:46 AM.
 
Old 04-19-2003, 04:12 PM   #14
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
That sounds right, I'm testing now with the default set to 86400 seconds and no probs yet. Any pointers or lit I can read on how to set up the forward and reverse DNS? Any good books out there? Thanks,
 
Old 04-19-2003, 06:03 PM   #15
Eric Pratt
LQ Newbie
 
Registered: Apr 2003
Location: Orange County
Posts: 15

Original Poster
Rep: Reputation: 0
raising the default lease seems to have fix the problem, we'll see if there's an issue tomorrow when the lease runs out. Thanks for all your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with DHCP on computer connected to the internet through a bridging firewall mullog *BSD 2 04-23-2005 09:41 AM
firewall not allowing dhcp? sarah_t_s Linux - Networking 2 07-25-2004 09:05 AM
Multi Network Firewall Proxy and DHCP Problem linedpaper Linux - Security 10 12-13-2003 09:23 PM
firewall script. DHCP? e1000 Linux - Networking 1 11-08-2003 09:13 AM
dhcp, firewall, router, and such Spaz17 Linux - Networking 4 08-11-2003 02:41 PM


All times are GMT -5. The time now is 07:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration