LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-30-2005, 02:14 PM   #1
axelwing
LQ Newbie
 
Registered: May 2005
Posts: 7

Rep: Reputation: 0
Question Network Internet access


Hello,

I have a situation like this:

- 16 Windows computers on a office network;
- one web server ( also the e-mails are supposed to be stored there ) with RH9 Shrike - well, I know from some nice people here that I should reconsider using RH9 but at this time I have no other distros and my boss is ready to kill me anyway.
- we're taking the Internet through fiber optic ( 10MBps ) from a provider.

The server IP ( on the network ) is 192.168.1.200. All of the other computers are having their own IPs, and the gateways is set up to the server's IP.

Now, I installed RH9 as I told you; everything worked fine.
The eth0 and eth1 are having the following configurations:

eth0

Address: 192.168.1.200
Subnet mask: 255.255.255.0
Default gateway address: the one the Internet provider gave to us ( if it's necesarry, I'll post it )

eth1

Address: the server's IP ( is this THE external IP? )
Subnet mask: 255.255.255.0
Default gateway: the one the Internet provider gave to us

At the DNS, both eth0 and eth1 are having the primary and secondary DNS provided by our Internet provider and at the Hostname is our domain name ( ourdomain.com )

The computers on the network are finding the server with ping ( ping 192.168.1.200 ) as they did it before our old server dies.

Now, the problem:

From the server I am perfectly able to browse the Internet, including our websites ( I'm writing this message from the server's Mozilla ).
But that is all.
The other machines cannot browse the Internet at all and e-mails aren't working also. The errors are "Page not found" on the browser and Outlook Express says that the host cannot be found.

Now, if somebody can help me with this I will be more than grateful because my boss is pointing the shotgun to my head with a skull smile on his face and for God's sake, I have a child and a wife to feed...!

Now seriously speaking...what am I doing wrong?
I'm ready to give as many information I have, only ask me.

Thank you very much for your help.

Axel
 
Old 05-30-2005, 02:41 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Have you set up masqerading or a proxy?
See: http://www.linuxquestions.org/questi...ticle&artid=23
 
Old 05-30-2005, 02:47 PM   #3
ricstirato
Member
 
Registered: Jan 2004
Location: Gießen, Germany
Distribution: Xubuntu 12.04, Mythbuntu, Ubuntu Server 12.04
Posts: 174

Rep: Reputation: 24
I suppose all the clients have the server as default gateway? They should have it's internal IP (192.168.1.200) configured for that.

Concerning e-mail: did you configure the mail clients with the server's name or it's IP address? If they have the name in their configuration: can they resolve it? Under Windows you can open a shell window and execute

nslookup myserver.ourdomain.com

This should return the internal IP. If you get the external IP address or an error message, first try configuring the mail client with the server's internal IP as entries for SMTP and POP3 / IMAP resp.
If this works, you have a problem with the client's name resolution. You might want to set up a DNS server (e.g. bind) for your LAN.
What DNS servers are in the client configuration?

Concerning web traffic: try resolving an external address on the client, again like

nslookup www.google.de

If this works: do you have a (packet filter) firewall on the server? How is it configured (iptables -L -n and iptables -t nat -L -n)?

If this does not work: is forwarding enabled on the server?
You can find out with

cat /proc/sys/net/ipv4/ip_forward

This returns 1 if forwarding is enabled, 0 if not.
If you get a 0, enter (as root):

echo "1" > /proc/sys/net/ipv4/ip_forward


To ensure, repeat the above cat command, it should now return "1". Can the clients browse the web now?

Edit: oh, david is right, of course you need masquerading or a proxy (like squid).
For the first, the output of iptables -t nat -L -n should give at least one line containg the MASQUERADE target.


Regards
ric.

Last edited by ricstirato; 05-30-2005 at 02:50 PM.
 
Old 05-30-2005, 03:15 PM   #4
axelwing
LQ Newbie
 
Registered: May 2005
Posts: 7

Original Poster
Rep: Reputation: 0
Question Network Internet access

Hello,

To david_ross

No, we didn't use a proxy server before.
About masquerading...man, I have too short expertise with administration to talk about it, but from what I heared we didn't use that also ( now if this is a stupid answer, laugh more discreet please )

To ricstirato

Yes, all of the clients have the server as default gateway.

The e-mail clients are set up correctly but when I'm executing nslookup command in the shell is says like this:
"DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 193.231.236.25 ( the primary DNS, my note ): Timed out.
timeout was 2 seconds.
...
Default servers are not available.
...
...and the rest of the message.
"

Same thing executed from server's shell is returning:

"nslookup www.google.de
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 193.231.236.25
Address: 193.231.236.25#53

Non-authoritative answer:
www.google.de canonical name = www.google.com.
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 66.249.85.104
Name: www.l.google.com
Address: 66.249.85.99"

so from the server it is working.

I also enabled the forwarding.

What it returns on iptables -t nat -L -n ( are the listed nameservers the TARGET as you called it? in this case, what should I do with it? ):

[root@cargomagazin root]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- 193.231.236.30 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 193.231.236.25 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 flags:0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 flags:0x16/0x02
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable

I know too few things but somehow I have to set the thing working, so please don't swear me for my many questions...

Thaks a lot!

Axel.
 
Old 05-30-2005, 03:34 PM   #5
axelwing
LQ Newbie
 
Registered: May 2005
Posts: 7

Original Poster
Rep: Reputation: 0
Hello,

I solved it...I guess.
I have been read about masquerading and did the following:


$> modprobe ipt_MASQUERADE
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to < external IP >
$> echo 1 > /proc/sys/net/ipv4/ip_forward
$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$> iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
$> iptables -P INPUT DROP
$> iptables -A FORWARD -i eth1 -o eth1 -j REJECT

and it connected from the network computers.

Thank you very much guys, david_ross and ricstirato, for your help!
I learned something new!

Best regards,
Axel.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftp - Can access FTP within office network BUT cant access via Internet! kokfei77 Red Hat 2 03-07-2012 08:24 PM
Can't access network or internet! edanono Linux - Networking 6 02-20-2005 03:14 PM
Connection to access point OK, but cannot access the network/internet Nymphetamine Linux - Wireless Networking 29 01-13-2005 03:59 PM
help on network and internet access new2itall Linux - Networking 5 10-29-2004 04:54 PM
I can't access the Internet through the network Alasis Linux - Networking 2 10-23-2002 02:52 AM


All times are GMT -5. The time now is 06:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration