Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My redhat 9.0 machine is set up in a dmz, and right now I can ping other boxes in the dmz, and can ping the default gateway, but can't get out. I can't ping the dns ips that I need to use, and so can't ping anything on the internet or browse the internet. My resolv.conf file has the following:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.45.45.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.45.45.254 0.0.0.0 UG 0 0 0 eth0
I'm not sure what the 169.254.0.0 is doing in there, I have tried removing it using route del .... but have not been successful. reboots do not change that table. Any ideas on what is wrong and how to fix it?
yeah, 10.45.45.254 is gateway. That is dmz ip of pix firewall... my boss has told me that I shouldn't need to change any rules on that in order to get internet access, though... I just set up a win2k laptop to use the same IP that linux box was using, and can't ping out either... sounds like it is not my linux box, then....
How can I get rid of that 169.254 line, though?
I'll have my boss look at the firewall in the meantime...
also, i assume lo shows up when you type ifconfig? and can you ping the external card ip of the router. if you can ping the internal router ip and not the external, i would think it is the router.
I don't think the 169.254 should be there. I wonder if you are setting the 10.x.x.x and then dhcp is picking up 169.254.x.x.
Try:
#ip address show
it looks like RH is using iproute2, the above command (if it works) should provide all the ip's for your eth0 card. If there is a 169 ip on the card you will have to figure out why. Especially if your nameserver is on that network, in which case it certainly won't work. If 'ip address show' indicates an ip on the 169. net you can delete it with:
#ip address del dev eth0 169.254.x.x
where x.x is the ip the card is assigned.
Is it possible that the gateway on the 10.x.x.x net is forwarding dhcp replies so that your correct 10.x.x.x settings are being rewritten?
Try:
$ps aux |grep dhc
and look for dhclient or dhcpcd. If the address is provided by dhcp with an infinite lease you won't find anything anyway, and you will have to check the startup configs.
I'm not sure how much help I'm going to be cause I'm a newbie, but I can say that I was just in a similar situation. We have one linux, and one winXP box set up on a dmz of a pix firewall and we were having the same issues with both machines.
What was happening was:
1. can ping by IP address but not FQN
2. could not resolve DNS server
3. could receive requests (i.e. the servers could be telnet'd to) but we could not make requests (the servers could not telnet out).
Basically what it seemed like was that the outside (Internet and other inhouse subnets) could see those two servers on the dmz, but those two servers couldn't see past the dmz.
What ended up happening in our case is that those two servers were behind a Nortel switch, which was behind the pix firewall. The switch was improperly configured. ICMP traffic was being let through, which would explain why the servers could ping. However, IP traffic was not being allowed. Two statements were added to the VLAN config to allow IP traffic, and suddenly as if by magic everything worked.
I'm not a networking person, and actually a consultant worked on this for us... but I'm just letting you know what happened in our case hopefully it might give you some ideas of what else to check for... But if you have a question about the fix or about the firewall/switch settings, post it - I can asked my Network admin who worked with the consultant to resolve it...
Sorry for the delay in the reply, but I had been waiting on my boss. Our firewall is set up to only allow registered hosts from that subnet communicate with anything, so all we had to do was register the host in the firewall, and then things worked fine.
I'll do some more checking on the 169. junk, it shouldn't be there, but it's not a big deal if it is--it won't go anywhere.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.