Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
after many faithful years my mandrake 366mhz gateway has died, i have d/ld suse 9.3 and installed it into an old p4 1.7ghz m/c
the problem..
on my old box the only config i had was to setup my adsl (btbroadband),ok
then su in and echo 1 ip_forward and then add iptable -t nat -A POSTROUTING -s 192.xxx.xxx.xxx/24 Masquerade and same but on eth0 to allow other machines on network to see the gateway at 192.xxx.xxx.xxx as their gateway and dns.
New box connects to the web ok and i can ping the static eth1 address and its act light blinks.
but no internet access.
have tried all i can browsed till my fingers bled!!
is there something dumb that im missing .
ppl seem to be mentioning yast2 firewall and ive been there so here is my settings:
dsl0 BTbroadband no zone selected
eth0 allied telesyns 2500 external (#to the dsl line)
eth1 hp 10/100 internal static ip
Usually this is pretty easy to setup using the Yast2 firewall administration module. Once you start it, make sure that you've selected the proper interfaces for your internal and external networks and make sure to select the "enable forwarding and do masquerading" option. Then save the settings. That will enable port forwarding and perform NAT (masquerading).
spent 3hrs playing with yast2 settings both in securityandusers>firewall and in system>firewall>susefirewall2 have got eth0 on dhcp (to bt broadband modem) voyager205 ok.
eth1 private internal network.
crazy i no but i can ping 192.168.0.1 gateway addr on eth1 ttl64 ok.
then i use ifconfig to get eth0 dhcp addr ext eth 192.168.1.3 i can ping that too.
then i ping an external ftp server on 210.xxx.xxx.xxx ttl32 ok.
but when i try and ping www.yahoo.com i get unreachable and no internet.
my old machine mandrake 9.0 new psu works fine this is nutz.
any help and thanks for post.
In that case (you can ping by IP address but not hostname) it sounds like the problem is DNS related and your internal host is not resolving hostnames. Check /etc/resolv.conf and make sure that the entries for your ISPs DNS servers are there.
That may work, depending on how often your ISP changes the IP address of its nameservers. If they change often, then you'll have problems resolving hostnames and have to update the IPs manually. Is this happening on the internal machines or on the gateway host?
sharaad try this site for iptables /firewall rules etc. please post a new thread for all future queries best of luck. maku99,(http://iptables-tutorial.frozentux.net/)
now where was i, capt caveman , local (internal network works fine on old gateway . talking to you now. New gateway can browse ,post, email, p2p ok but internal network gets nada.
I agree must be DNS problem but not knowing is a real pain ive checked all cables changed network cards over done hardware stuff .
Thanks for your time , its really appreciated , ive spent lots of time spreading the linux word , its nice to see im not alone..
So just to get this straight, you can ping hosts from the internal network by IP address but not by hostname? Try yahoo for example; 'ping 68.142.226.33' works but 'ping www.yahoo.com' does not?
yep, spot on i can ping from any local internal machine to ip address fine but not by name , i have been reading up on dns and have looked at resolv.conf in etc and also in dhcpd as the forums here at linuxquestions have threads on resolv probs and dns errors. some suggest adding lo to the resolv.conf file other say to create a script of my own to point to dns also there are issues when your isp renews your lease ip and it doesnt update via this.
also there are some abscure refs to named and possible missing entries here too.
this is giving me bags under the eyes and a headache gonna beat it tho.
thanks.
I'd take a look at the /etc/resolv.conf of the gateway system that has working DNS and copy the nameservers from there into the internal hosts /etc/resolv.conf file. If that doesn't work, you may need to run dhcpd on the gateway and have the internal clients grap the IPs and nameservers from there.
Capt Caveman , thought i would share the solution and the problem with you, after all without you id have had a nervous break down by now.
I wiped server and installed mandrake it worked but only with old bt flat fish modem in situ at old server cupboard. I looked at new "modem" voyager 205 , on box it says router so i look at web searches for routers these send a dns address to the machine telling it that it deals with any dns resloution. so im trying to reroute dns through my server then reresolve through the router duh!
simply cchange client networking to dns of router and bingo linux port forwards and router dns .
aaahhh!! the smell of success.
many thanks again you are a star for stickin with me.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.