LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 02-11-2012, 08:46 PM   #91
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply


Alright. So now we know that when you login as a regular user account and then su - root to launch firefox you are able to browse the sites.

Appears to be permission or browser setting issue but can't say for sure. We need to perform further testing. Run the following commands with test account from terminal:

Code:
nslookup
Once you are in nslookup run the following:

Code:
set debug
after that

www.google.com
www.yahoo.com
www.hotmail.com

If you are able to get response from these sites then we are good to move on to next test.

Exit from nslookup by typing "exit" without quotes.

Run the following commands:

Code:
ping www.google.com
Code:
ping www.yahoo.com
Code:
ping www.hotmail.com
If you get ping response then we are sure that there is nothing being blocked when you are logging in as regular user. It has something to do with permission or browser config.

Once the above tests are done run the following commands and let us know the output:

1.
Code:
ls -a /home/test/.mozila/firefox
2.
Code:
ls -l /usr/bin/firefox
3.
Code:
ls -l /usr/lib/firefox-3.6/firefox
In the last command it is firefox-3.6 because I am running that version. Could be different for you so type that accordingly.

Last edited by T3RM1NVT0R; 02-11-2012 at 08:47 PM.
 
Old 02-11-2012, 08:54 PM   #92
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
# nslookup
> set debug
> www.google.com
Server: 199.242.236.1
Address: 199.242.236.1#53

------------
QUESTIONS:
www.google.com, type = A, class = IN
ANSWERS:
-> www.google.com
canonical name = www.l.google.com.
-> www.l.google.com
internet address = 74.125.227.48
-> www.l.google.com
internet address = 74.125.227.49
-> www.l.google.com
internet address = 74.125.227.50
-> www.l.google.com
internet address = 74.125.227.51
-> www.l.google.com
internet address = 74.125.227.52
AUTHORITY RECORDS:
-> google.com
nameserver = ns4.google.com.
-> google.com
nameserver = ns1.google.com.
-> google.com
nameserver = ns2.google.com.
-> google.com
nameserver = ns3.google.com.
ADDITIONAL RECORDS:
-> ns1.google.com
internet address = 216.239.32.10
-> ns2.google.com
internet address = 216.239.34.10
-> ns3.google.com
internet address = 216.239.36.10
-> ns4.google.com
internet address = 216.239.38.10
------------
Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 74.125.227.48
Name: www.l.google.com
Address: 74.125.227.49
Name: www.l.google.com
Address: 74.125.227.50
Name: www.l.google.com
Address: 74.125.227.51
Name: www.l.google.com
Address: 74.125.227.52
> www.yahoo.com
Server: 199.242.236.1
Address: 199.242.236.1#53

------------
QUESTIONS:
www.yahoo.com, type = A, class = IN
ANSWERS:
-> www.yahoo.com
canonical name = fp3.wg1.b.yahoo.com.
-> fp3.wg1.b.yahoo.com
canonical name = any-fp3-lfb.wa1.b.yahoo.com.
-> any-fp3-lfb.wa1.b.yahoo.com
canonical name = any-fp3-real.wa1.b.yahoo.com.
-> any-fp3-real.wa1.b.yahoo.com
internet address = 209.191.122.70
AUTHORITY RECORDS:
-> wa1.b.yahoo.com
nameserver = yf1.yahoo.com.
-> wa1.b.yahoo.com
nameserver = yf2.yahoo.com.
ADDITIONAL RECORDS:
-> yf1.yahoo.com
internet address = 68.142.254.15
-> yf2.yahoo.com
internet address = 68.180.130.15
------------
Non-authoritative answer:
www.yahoo.com canonical name = fp3.wg1.b.yahoo.com.
fp3.wg1.b.yahoo.com canonical name = any-fp3-lfb.wa1.b.yahoo.com.
any-fp3-lfb.wa1.b.yahoo.com canonical name = any-fp3-real.wa1.b.yahoo.com.
Name: any-fp3-real.wa1.b.yahoo.com
Address: 209.191.122.70
> www.hotmail.com
Server: 199.242.236.1
Address: 199.242.236.1#53

------------
QUESTIONS:
www.hotmail.com, type = A, class = IN
ANSWERS:
-> www.hotmail.com
canonical name = dispatch.kahuna.glbdns.microsoft.com.
-> dispatch.kahuna.glbdns.microsoft.com
internet address = 65.55.72.119
-> dispatch.kahuna.glbdns.microsoft.com
internet address = 65.55.72.135
AUTHORITY RECORDS:
-> glbdns.microsoft.com
nameserver = glb1.glbdns.microsoft.com.
-> glbdns.microsoft.com
nameserver = glb2.glbdns.microsoft.com.
ADDITIONAL RECORDS:
-> glb1.glbdns.microsoft.com
internet address = 204.79.195.7
-> glb2.glbdns.microsoft.com
internet address = 65.55.117.2
------------
Non-authoritative answer:
www.hotmail.com canonical name = dispatch.kahuna.glbdns.microsoft.com.
Name: dispatch.kahuna.glbdns.microsoft.com
Address: 65.55.72.119
Name: dispatch.kahuna.glbdns.microsoft.com
Address: 65.55.72.135
>
 
Old 02-11-2012, 08:55 PM   #93
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
I think this means I can't get response from these websites, right?
 
Old 02-11-2012, 08:58 PM   #94
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
I can't get ping response either.
 
Old 02-11-2012, 08:59 PM   #95
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

No. That means that nslookup is able to resolve the name of those websites. I can see that you run nslookup with root user. You have to run that with test user account. What was the result of the other tests that I have suggested?

What you mean by you cannot get ping response. Paste the output.
 
Old 02-11-2012, 09:10 PM   #96
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
[test@swan ~]$ nslookup
> set debug
> www.google.com
Server: 199.242.236.1
Address: 199.242.236.1#53

------------
QUESTIONS:
www.google.com, type = A, class = IN
ANSWERS:
-> www.google.com
canonical name = www.l.google.com.
-> www.l.google.com
internet address = 74.125.227.52
-> www.l.google.com
internet address = 74.125.227.48
-> www.l.google.com
internet address = 74.125.227.49
-> www.l.google.com
internet address = 74.125.227.50
-> www.l.google.com
internet address = 74.125.227.51
AUTHORITY RECORDS:
-> google.com
nameserver = ns4.google.com.
-> google.com
nameserver = ns1.google.com.
-> google.com
nameserver = ns2.google.com.
-> google.com
nameserver = ns3.google.com.
ADDITIONAL RECORDS:
-> ns1.google.com
internet address = 216.239.32.10
-> ns2.google.com
internet address = 216.239.34.10
-> ns3.google.com
internet address = 216.239.36.10
-> ns4.google.com
internet address = 216.239.38.10
------------
Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 74.125.227.52
Name: www.l.google.com
Address: 74.125.227.48
Name: www.l.google.com
Address: 74.125.227.49
Name: www.l.google.com
Address: 74.125.227.50
Name: www.l.google.com
Address: 74.125.227.51
> www.yahoo.com
Server: 199.242.236.1
Address: 199.242.236.1#53

------------
QUESTIONS:
www.yahoo.com, type = A, class = IN
ANSWERS:
-> www.yahoo.com
canonical name = fp3.wg1.b.yahoo.com.
-> fp3.wg1.b.yahoo.com
canonical name = any-fp3-lfb.wa1.b.yahoo.com.
-> any-fp3-lfb.wa1.b.yahoo.com
canonical name = any-fp3-real.wa1.b.yahoo.com.
-> any-fp3-real.wa1.b.yahoo.com
internet address = 209.191.122.70
AUTHORITY RECORDS:
-> wa1.b.yahoo.com
nameserver = yf1.yahoo.com.
-> wa1.b.yahoo.com
nameserver = yf2.yahoo.com.
ADDITIONAL RECORDS:
-> yf1.yahoo.com
internet address = 68.142.254.15
-> yf2.yahoo.com
internet address = 68.180.130.15
------------
Non-authoritative answer:
www.yahoo.com canonical name = fp3.wg1.b.yahoo.com.
fp3.wg1.b.yahoo.com canonical name = any-fp3-lfb.wa1.b.yahoo.com.
any-fp3-lfb.wa1.b.yahoo.com canonical name = any-fp3-real.wa1.b.yahoo.com.
Name: any-fp3-real.wa1.b.yahoo.com
Address: 209.191.122.70
> www.hotmail.com
Server: 199.242.236.1
Address: 199.242.236.1#53

------------
QUESTIONS:
www.hotmail.com, type = A, class = IN
ANSWERS:
-> www.hotmail.com
canonical name = dispatch.kahuna.glbdns.microsoft.com.
-> dispatch.kahuna.glbdns.microsoft.com
internet address = 65.55.72.39
-> dispatch.kahuna.glbdns.microsoft.com
internet address = 65.55.72.23
AUTHORITY RECORDS:
-> glbdns.microsoft.com
nameserver = glb2.glbdns.microsoft.com.
-> glbdns.microsoft.com
nameserver = glb1.glbdns.microsoft.com.
ADDITIONAL RECORDS:
-> glb1.glbdns.microsoft.com
internet address = 204.79.195.7
-> glb2.glbdns.microsoft.com
internet address = 65.55.117.2
------------
Non-authoritative answer:
www.hotmail.com canonical name = dispatch.kahuna.glbdns.microsoft.com.
Name: dispatch.kahuna.glbdns.microsoft.com
Address: 65.55.72.39
Name: dispatch.kahuna.glbdns.microsoft.com
Address: 65.55.72.23
> exit

[test@swan ~]$ ping www.google.com
PING www.l.google.com (74.125.227.51) 56(84) bytes of data.

--- www.l.google.com ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11000ms

[test@swan ~]$ ping yahoo.com
PING yahoo.com (72.30.2.43) 56(84) bytes of data.

--- yahoo.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 4999ms

[test@swan ~]$ ping hotmail.com
PING hotmail.com (65.55.72.183) 56(84) bytes of data.

--- hotmail.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

[test@swan ~]$ ls -a /home/test/.mozilla/firefox
. .. dcv50nks.default profiles.ini
[test@swan ~]$ ls -l /usr/bin/firefox
-rwxr-xr-x 1 root root 4526 Dec 9 2008 /usr/bin/firefox
[test@swan ~]$ ls -l /usr/lib/firefox-3.0.5/firefox
-rwxr-xr-x 1 root root 47540 Dec 9 2008 /usr/lib/firefox-3.0.5/firefox
 
Old 02-11-2012, 09:11 PM   #97
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
I pinged, but there is no response.
So I use Ctrl+C to stop it and pasted the result above.
Is there anything wrong?

Last edited by omizt; 02-11-2012 at 09:29 PM.
 
Old 02-11-2012, 09:29 PM   #98
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

Alright. Lets sum it up:

1. Regular user cannot ping websites but is able to get response via nslookup (Try it from root if the same behavior then ICMP is blocked somewhere)
2. If root user can ping websites and is able to get response via nslookup (Then regular user is either blocked by iptables or could be something else preventing access to the internet)
3. After going through all outputs and the comments you made on proxy setting (you said it is same for both test and root user) there is nothing appears to be wrong on browser part.
4. su - root test we performed in the terminal shows that there is something (could be iptables or something else) that is only allowing root user to pass through this system.

Do you have any other system in the same network. Test from that system if you are able to surf internet using normal user. If yes, then there is something on this system which is blocking internet access for normal user. If not, then there is something centralized which is blocking internet access for normal user and only allowing internet access on the basis of user name such as root.

I am logging off for now but this was my observation so far. Perform the test that I have suggested in this post (if possible) to see if there is something centralized that is blocking or it is this system which is blocking.

Last edited by T3RM1NVT0R; 02-11-2012 at 09:30 PM.
 
Old 02-11-2012, 09:35 PM   #99
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
root user can't ping websites but is able to get response via nslookup

Last edited by omizt; 02-11-2012 at 09:38 PM.
 
Old 02-11-2012, 09:37 PM   #100
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by T3RM1NVT0R View Post
Alright. Lets sum it up:

1. Regular user cannot ping websites but is able to get response via nslookup (Try it from root if the same behavior then ICMP is blocked somewhere)
.
it's the same behavior in the root account.
 
Old 02-12-2012, 04:56 PM   #101
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, Ubuntu, SLES, CentOS
Posts: 1,790

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
@ Reply

As I said that if you get the same response for ping even for the root account then your firewall is blocking ICMP requests. As you are able to browse sites via root account I am pretty sure that it is your firewall that is configured that way or there is a proxy server which is setup that way.
 
Old 02-13-2012, 03:22 PM   #102
omizt
Member
 
Registered: Feb 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Thank you!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
root access to user account RudraB Linux - Newbie 16 06-30-2010 03:11 AM
Root Account Access Security iconicmoronic Linux - Security 2 04-14-2007 03:17 PM
How do I access root account in Mandrake 10? dbz Linux - Security 4 04-03-2004 12:00 PM
Can Access Sites with root but not user account Obelus Linux - Networking 4 12-21-2003 04:28 PM
FTP access using root account - restrictions alaerte Linux - Software 7 04-03-2003 02:33 PM


All times are GMT -5. The time now is 12:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration