Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
08-20-2001, 06:39 PM
|
#1
|
Member
Registered: Aug 2001
Location: CT, USA
Distribution: Mandriva 2008
Posts: 105
Rep:
|
RH7.1 doesn't work behind a hardware firewall
I'm running RH7.1 with @home as my ISP. Everything worked perfectly until I installed a broadband router from DLink ( DI-804 ). Following the installation, eth0 can not secure an IP lease from the dhcp host. The router performs firewall, IP masking, and dhcp host duties.
I've tried:
changing the dhcp hostname to the IP address of the router
changing the gateway to the IP address of the router
without success.
If I boot the machine into windoze, I can access the internet without problem.
Can anyone offer some advice or perhaps point me in the right direction?
Thanks, in advance.
|
|
|
08-20-2001, 08:13 PM
|
#2
|
Senior Member
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731
Rep:
|
Your router should be using the @home client ID to get its lease. Your RH box should be able to get a lease from the router with the default dhcp setup.
What does the syslog say when you try to get a lease?
|
|
|
08-21-2001, 07:36 AM
|
#3
|
Member
Registered: Aug 2001
Location: CT, USA
Distribution: Mandriva 2008
Posts: 105
Original Poster
Rep:
|
Thanks for the response. Your synopsis agrees with my understanding of what “should” happen, and in fact, the router does acquire a lease correctly from @home. ( I have verified this by checking the router status. )
The boot.log messages of interest are:
ifup: Determining IP information for eth0…
ifup: Operation failed.
ifup: failed.
network: Bringing up interface eth0: failed.
My current thinking is to examine the ifup script to determine where the error messages are being generated, and then try to determine what arguments are necessary to get the script to execute successfully. Is that close to what you have in mind?
|
|
|
08-21-2001, 11:46 AM
|
#4
|
Member
Registered: May 2001
Location: Panama City Beach, FL
Distribution: *.BSD
Posts: 113
Rep:
|
why not set your linux box to a static ip? That will take care of that problem.
|
|
|
08-21-2001, 02:53 PM
|
#5
|
Member
Registered: Aug 2001
Location: CT, USA
Distribution: Mandriva 2008
Posts: 105
Original Poster
Rep:
|
Jase:
I’m sorry if I wasn’t clear with my initial post, but the problem here is not connecting to the internet, but rather getting DHCP to function as expected. I want to understand the technology and why it isn’t doing what I expect it to. Just by way of example, if I were administering 200 Linux boxes behind the firewall, I certainly wouldn’t want to assign static IPs for each of them.
|
|
|
08-22-2001, 12:32 AM
|
#6
|
Member
Registered: May 2001
Location: Panama City Beach, FL
Distribution: *.BSD
Posts: 113
Rep:
|
oops, sorry,...didn't realize
|
|
|
08-22-2001, 02:02 AM
|
#7
|
Senior Member
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731
Rep:
|
Which dhcp client are you using? There's...
pump
dhcpcd
dhclient
What do you see in your system logs?
Do you have more than one ethernet adpter?
Do you have the proper modules or kernel support for you network card?
|
|
|
08-22-2001, 07:43 AM
|
#8
|
Member
Registered: Aug 2001
Location: CT, USA
Distribution: Mandriva 2008
Posts: 105
Original Poster
Rep:
|
Both pump and dhcpcd are loaded during installation of RH7.1; I don’t know how to tell which one I’m actually using.
I haven’t been at this long enough to understand precisely what you mean when you use the term “system logs.” I presume these are files that Linux creates during various processes to write status, activity, etc. Is there one in particular that I should be looking at for this issue? Where is it located?
Only one ethernet adapter ( 3Com-supported by Linux, detected during installation ).
If I plug the patch cable directly from the cable MODEM into the NIC in the Linux box, Linux will acquire an IP lease directly from @home and operate correctly, so I believe I have the proper module support. ( Clearly, operating with this configuration is not desirable, since it leaves my beloved Linx box without firewall protection. )
|
|
|
08-22-2001, 10:23 AM
|
#9
|
Member
Registered: Apr 2001
Location: London
Posts: 408
Rep:
|
Welcome to the wonderful world of DHCP.
Now Linux as in Unix systems only have the option to use DHCP because of Microsoft and the lack of real internet addresses.
Unix doesn't like DHCP as lots of services need source routes to target services, however it will still do it due to it's versatility.
If I was an admin of 200 system behind a NAT firewall, I would have all my Unix system as static boxes and a NT "static" server, with a Bootp service for the Windows boxes on a different allowed internal subnet.
I would also be more concerned by the fact my router is doing basic NAT rather been a dedicated firewall, and that DHCP is a UDP protocol and doesn't authenticate on the source, so someone could easily spoof an internal system to your network through the dlink router, telling your systems to give up there leases and take a new assigned internet number, basically bypassing your NATwall.. "that's if we're going to be pedantic about it"
But as you want to experiment you might want to do some of these things first.
1) Upgrade the firmware of the Dlink router.
2) Use DHCPd instead of pump.
http://www.scrounge.org/linux/dhcpcd.html
Also shows you how to enable logging so you can get more info.
If it works from @homes bootp server, then it's more likely a incompatibility issue from the dlink side or between the two services.
Also start a DHCP service from a NT box and see if it takes the lease, then you know for sure it's the router sending a parameters that doesn't quite meet the rfc2131 standards. "which windows boxes won't care about, cause Microsoft doesn't bother to follow RFC's with any particular precision on TCP or UDP stacks. Just look at XMAS and NULL response from MS systems to know what I'm talking about"
That's my two pence....
/Raz
|
|
|
08-23-2001, 07:39 AM
|
#10
|
Member
Registered: Aug 2001
Location: CT, USA
Distribution: Mandriva 2008
Posts: 105
Original Poster
Rep:
|
I upgraded the firmware, no help there.
The link that raz included must be for an older version of ifup. The “if” statements are no longer constructed as described in the link; there are now lots of nested “ifs” and &variables galore…. DHCP appears to be enabled by including the line “BOOTPROTO=dhcp” in the ifcfg-eth0 file. In short, I believe raz is correct in his/her guess that the router is not following rfc2131 standards. ( Linux log message states that the process timed out while waiting for a valid response from the server; NT box accepts a lease without complaint. ) That being the case, I am forced to use a static IP ( at least for now ). Once a static IP is assigned, eth0 comes up as expected, but I can not ping the outside world or even the router. My next obstacle is clear, any thoughts on where to start looking?
Thanks for all the help thus far.
|
|
|
08-23-2001, 01:21 PM
|
#11
|
Senior Member
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731
Rep:
|
Is your h/w firewall blocking udp ports 67/68 on the internal betwork?
The fact that you can get an address from the cable modem would mean (to me anyways) that your dhcp client is functioning. Maybe your firewall is gagging on the 'hostname' request sent by your RH box. You usually need to provide a hostname to @Home in order to negotiate an IP lease, but if your h/w router/firewall doesn't like it then don't send it. Try this 'dhcpcd -d eth0' and see what happens.
|
|
|
09-01-2001, 10:52 AM
|
#12
|
Member
Registered: Aug 2001
Location: CT, USA
Distribution: Mandriva 2008
Posts: 105
Original Poster
Rep:
|
Firewall not blocking any ports; haven’t been sending ‘hostname’ from the Linux box since the firewall was installed; if the ‘dhcpcd –d eth0’ command created a log, I can’t find it; where should it be?
Since my last post:
Talked to the tech folks @ D-Link including a guy who claims to be running RH7.1 behind the DI-804, no help with Linux, but at least someone claims to be getting this configuration to work.
Installed RH7.0 on a separate machine, works fine with the firewall. Installed RH7.0 on the original machine, works fine with the firewall. Reverted to the RH7.1 installation (accepting all defaults, nothing fancy), still won’t secure a dhcp lease from the firewall! (Starting to think there may be something quirky with the NIC module.)
Downloaded a new dhcp client (in case there was some corruption in the original install), no help. Tried using the older version of dhcpcd (from RH7.0), no help.
Checked the bugs and errata sections of the RH site, no help.
|
|
|
09-11-2001, 09:28 AM
|
#13
|
Member
Registered: Aug 2001
Location: CT, USA
Distribution: Mandriva 2008
Posts: 105
Original Poster
Rep:
|
I still have not been able to locate the debugging log from the ‘dhcpcd -d eth0’ command. Is the log created in a default location, or do I need to create and entry in syslog.conf to see it? If I need to create something in syslog.conf, what should it look like?
|
|
|
09-15-2001, 09:30 AM
|
#14
|
LQ Newbie
Registered: Aug 2001
Location: Ohio
Distribution: RH 7.2, Coyote linux 1.30
Posts: 12
Rep:
|
dhcp/or not...
why not try a static to troubleshoot this? Its very possible you may not be loading the correct module, or even have the paramaters wrong. If in fact it does work with a static, then it is a DHCP problem, if not the problem is elsewere. I have RH 7.1 and I have a Coyote linux firewall/router (very similar to the hardware ones) and My pc as yours works in windows, but didnt give me any probolems at all in linux. I have a Netgear fa311tx (natsemi.o)
|
|
|
09-15-2001, 01:24 PM
|
#15
|
Senior Member
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028
Rep:
|
Quote:
Originally posted by WindozBytes
If I plug the patch cable directly from the cable MODEM into the NIC in the Linux box, Linux will acquire an IP lease directly from @home and operate correctly, so I believe I have the proper module support. ( Clearly, operating with this configuration is not desirable, since it leaves my beloved Linx box without firewall protection. )
|
As you state here you have the correct modules since you get it working with direct connection.
I have had problems with dhcp similar to your. I have a machine up as software nat, dhcp, router etc...
dhcp works for windows client, no problem, but when it comes to linux Red Hat I can't get it working, smae problem as you.
I haven't actually found out why, my linux is Red Hat 6.2
|
|
|
All times are GMT -5. The time now is 03:25 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|