LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-16-2014, 08:48 AM   #1
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 921

Rep: Reputation: 46
Squeeze dist-upgrade Wheezy broke internet access


Ladies & Gents

The host is acting as the router for an internal network with DNS-cache, DHCP, and NAT. I want to add some audio functionality to it but before I do that I wanted to update it to Wheezy so that I would not have to work on it for a while. So I edited my sources.list and added in the Wheezy repos and did apt-get dist-upgrade (I know I should have looked at the recommended process online first). All went fine with a successful reboot but then I discovered that NAT was broken.

So I started looking into the problem. The host has 4 nic's, two of which are activated and used, the other two are not used at all, no need at this time. Udev is set to name them correctly. Eth0 is set to pull an ip from my isp and does so correctly. Eth1 is set static and is setup correctly. ip forwarding is turned on in sysctl.conf with net.ipv4.ip_forward=1.

I appear to have the correct iptables rules. They are set by Arno's Iptables Firewall Script v2.0.1
Code:
-------------------------------------------------------------------------------
Chain PREROUTING (policy ACCEPT 2351 packets, 743358 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
    2351   743358 NAT_PREROUTING_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:xxxxxxxx to:x.x.x.x
    2351   743358 POST_NAT_PREROUTING_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 2 packets, 388 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 822 packets, 57330 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 826 packets, 57634 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 TCPMSS     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 TCPMSS clamp to PMTU
     826    57634 NAT_POSTROUTING_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 MASQUERADE  all  --  *      eth0    192.168.7.0/24      !192.168.7.0/24      
     826    57634 POST_NAT_POSTROUTING_CHAIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain NAT_POSTROUTING_CHAIN (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain NAT_PREROUTING_CHAIN (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POST_NAT_POSTROUTING_CHAIN (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POST_NAT_PREROUTING_CHAIN (1 references)
    pkts      bytes target     prot opt in     out     source               destination

I have tried flushing all the rules and tables and setting them up by hand like
Code:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
with no joy. /etc/init.d/arno-iptables-firewall restart brings back my ability to connect to the host on its local network. But there is still no NAT taking place.

This system was functioning flawlessly prior to the dist-upgrad.

There are reportedly some issue with network-manager when doing dist-upgrade. I tried to disable it as instructed...
Code:
update-rc.d network-manager disable
update-rc.d: using dependency based boot sequencing
update-rc.d: error: cannot find a LSB script for network-manager
Further searching shows that it is not installed.

resolv conf may be the issue but I don't know how to check that yet or how to disable it. I do know that burried down in its config is my original resov.conf named original.

Pinging on eth0 does not work

ping -I eth0 74.125.131.104 (www.google.com)
PING 74.125.131.104 (74.125.131.104) from 192.168.0.104 eth0: 56(84) bytes of data.
From 192.168.0.104 icmp_seq=1 Destination Host Unreachable
From 192.168.0.104 icmp_seq=2 Destination Host Unreachable
From 192.168.0.104 icmp_seq=3 Destination Host Unreachable
From 192.168.0.104 icmp_seq=4 Destination Host Unreachable
From 192.168.0.104 icmp_seq=5 Destination Host Unreachable
From 192.168.0.104 icmp_seq=6 Destination Host Unreachable
^C
--- 74.125.131.104 ping statistics ---
8 packets transmitted, 0 received, +6 errors, 100% packet loss, time 7039ms
pipe 3
Code:
sysctl -a | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth2.forwarding = 1	# not used
net.ipv4.conf.eth2.mc_forwarding = 0	# not used
net.ipv4.conf.eth3.forwarding = 1	# not used
net.ipv4.conf.eth3.mc_forwarding = 0	# not used
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.eth1.forwarding = 0
net.ipv6.conf.eth1.mc_forwarding = 0
net.ipv6.conf.eth2.forwarding = 0	# not used
net.ipv6.conf.eth2.mc_forwarding = 0	# not used
net.ipv6.conf.eth3.forwarding = 0	# not used
net.ipv6.conf.eth3.mc_forwarding = 0	# not used
I tried uninstalling resolvconf, putting a copy of the original resolv.conf in place, rebooted, no joy. I have not reinstalled it yet.

In the update log there are some warnings about ifupdown breaking netbase and moving some files out of the way. But then later netbase is installed and setup without issues.

I am getting very frustrated. I have no idea what else to try.

Any ideas?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible to dist-upgrade from woody to squeeze? frenchn00b Debian 22 01-10-2010 11:38 AM
[SOLVED] dist-upgrade Squeeze might break mplayer jlinkels Debian 4 11-04-2009 11:56 AM
debian etch to lenny dist-upgrade broke X for current user. pauledwards03 Linux - Software 6 11-17-2008 08:59 AM
apt-get dist-upgrade broke fglrx driver? drewbug01 Linux - Hardware 1 10-27-2006 04:14 PM
apt-get dist-upgrade broke lilo, apache & squid mikeaustn Debian 10 07-24-2005 02:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration