LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-12-2006, 09:58 PM   #1
mallard
LQ Newbie
 
Registered: Jul 2006
Posts: 7

Rep: Reputation: 0
Unhappy Linux router, my boxes can ping outside, but no web


I have a Debian box with two network cards, eth0 connected to cable modem and eth1 connected to switch. I'm currently using ipmasq to handle iptables and routing stuff. I was doing it by hand before, but discovered ipmasq while trying to solve the problem I'm having, and liked it enough to stick with it.

Here's my /etc/networking/interfaces:
Code:
	#loopback interface
	auto lo iface lo inet loopback

	# interface external network (internet), configured through dhcp 
	auto eth0
	iface eth0 inet dhcp

	#interface network 1
	auto eth1
	iface eth1 inet static
        	address 192.168.10.254
        	netmask 255.255.255.0
        	network 192.168.10.0
        	broadcast 192.168.10.255
Debian box uses DHCP to get love from the cable modem, I can access web fine from the Deb box. I connected two other machines (one Windows, one Mac) to the switch, and configured each with a static 192.168.10.x ip address using 192.168.10.254 as the gateway. On both machines, I can ping yahoo no problem, and do a traceroute. I thought I was good to go.

But neither machine gets web. There's something fishy going on thats letting ICMP through but nothing else. I tried email and AIM as well, no love. But they can ping www yahoo com, which means DNS is good, and that forwarding is happening.

I'm hoping there's a simple "gotcha" here.
 
Old 07-13-2006, 03:14 AM   #2
DaneM
Member
 
Registered: Oct 2003
Location: Chico, CA, USA
Distribution: Linux Mint
Posts: 865

Rep: Reputation: 119Reputation: 119
Hi, Mallard.

It sounds like you need to open port 80 and make sure that it's getting forwarded from the LAN to the WAN. Also, make sure that all established and related packets are getting forwarded from the WAN to the LAN.

What are using for a firewall? Straight IPTables (i.e. a script), Shorewall, etc.? I'm not really familiar with ipmasq, so I don't really know what to tell you as far as which command you should use :-p.

If anybody else has a good idea, feel free to chime in :-).

--Dane
 
Old 07-13-2006, 03:56 PM   #3
NomadX
Member
 
Registered: Jul 2005
Location: Portland, OR
Distribution: Debian Testing
Posts: 78

Rep: Reputation: 15
9 times out of 10....

9 times out of 10, if you can ping/traceroute etc an IP but not a URL it's because URL's arent being resolved. Do you have a DNS nameserver line or 2 in your /etc/resolv.conf on all the machines or just the debian box? The debian box ip shouldn't be considered a DNS unless your actualy running one (Which your almost definetly not)

Good luck
DrS
 
Old 07-13-2006, 05:58 PM   #4
rml_85226
LQ Newbie
 
Registered: Feb 2006
Posts: 8

Rep: Reputation: 0
Yes

I had a similiar problem with Linux 9.. I ended up setting my ISP DNS server addresses in the etc/resolv.conf file...
This seemed to allow my clinets to access web pages......

Hope this helps............
 
Old 07-13-2006, 07:39 PM   #5
mallard
LQ Newbie
 
Registered: Jul 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Not DNS

Its not a DNS problem...I can ping an outside website...ala "ping www dot yahoo dot com"...and get a response. But I try to go to the web page (even by IP), and nothing. Both my client boxes have outside primary and secondary DNSes set.

And ipmasq uses iptables under the covers. Doing "iptables --list" shows me "LOG level warning" next to several entries. I found thread id 241279 pertaining to that, but no answer. Anyone know where the log files are? Doesn't smell like syslog.
 
Old 07-13-2006, 08:02 PM   #6
mallard
LQ Newbie
 
Registered: Jul 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Question

Okay, I suppose the "LOG level warning" shows up because those particular lines are for LOG entries...not a problem. More information. I can FTP to the outside world from my boxen, and I noticed Bitorrent working on one of them. HTTP and HTTPS still no good. Curious about DNS I entered yahoo's IP in the browser (after resolving it by pinging), and it could not be reached.

I feel I'm so close...just can't understand why web not working for me.

Here's my iptables -t nat -L
Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.10.0/24      anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Heres my iptables -L
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  127.0.0.0/8          anywhere            LOG level warning
DROP       all  --  127.0.0.0/8          anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  192.168.10.0/24      anywhere
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
LOG        all  --  192.168.10.0/24      anywhere            LOG level warning
DROP       all  --  192.168.10.0/24      anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             ool-[censored].dyn.optonline.net
ACCEPT     all  --  anywhere             255.255.255.255
LOG        all  --  anywhere             anywhere            LOG level warning
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  192.168.10.0/24      anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
LOG        all  --  anywhere             192.168.10.0/24     LOG level warning
DROP       all  --  anywhere             192.168.10.0/24
LOG        all  --  anywhere             anywhere            LOG level warning
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             192.168.10.0/24
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
LOG        all  --  anywhere             192.168.10.0/24     LOG level warning
DROP       all  --  anywhere             192.168.10.0/24
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  ool-[censored].dyn.optonline.net  anywhere
ACCEPT     all  --  255.255.255.255      anywhere
LOG        all  --  anywhere             anywhere            LOG level warning
DROP       all  --  anywhere             anywhere
 
Old 07-13-2006, 08:07 PM   #7
mallard
LQ Newbie
 
Registered: Jul 2006
Posts: 7

Original Poster
Rep: Reputation: 0
I got it! MTU!

From thread 306304.

This fixed everything...eth1 is the card connecting the server to the switch with all my boxen.
Code:
/sbin/ifconfig eth1 mtu 1492
 
Old 07-14-2006, 09:50 AM   #8
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally Posted by rml_85226
I had a similiar problem with Linux 9..
Just a (hopefully gentle) reminder, there is no "Linux 9" per se -- the kernel is only up to 2.6 -- "9" could be RH, SuSE, Slack, & maybe others. Furthermore, OP is using Debian, which is only up to 3.1, so context isn't much help.

Please don't fall into the trap of thinking that your distro is the only one -- I count 515 in the Distrowatch drop-down menu this morning.
 
  


Reply

Tags
routing


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
2 linux boxes unable to ping each other in a network lqsukumar Linux - Networking 4 07-21-2005 06:36 PM
Linux boxes can't see the web... TBennettcc Linux - Networking 8 09-15-2004 12:08 PM
Tow linux boxes can't ping each other dvddecrypter Linux - Networking 8 05-30-2004 08:22 AM
My linux box can't ping to my windows boxes! Thermodynamic Linux - Networking 8 08-06-2003 04:15 AM
Samba with linux box, 2 win boxes, cable, router kuber Linux - Networking 2 09-04-2001 09:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration