LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-07-2006, 04:07 AM   #1
orhanco
LQ Newbie
 
Registered: Sep 2006
Location: Bulgaria
Distribution: suse
Posts: 5

Rep: Reputation: 0
suse 10 Internet gateway problem


Hi Guys

It is my first posting here and if I make mistakes please accept my appoligies.

I have installed Suse 10 server at home and want to share my pppoe internet to the rest of the machines.

I have read many documents on the net and got to the...

I have only one Network card. it is connected to local network 192.168.2.1/255.255.248.0.
Throught this conn I connect to pppoe(my internet) too.

I setup router(in yast) to default gateway I get from the dsl0(pppoe),enabled IP forwarding. I activated the FW and enabled masqureading.

On the firewall dsl0(external network) eth0 is internal.

I run the DNS server and it gets the DNS forwarders from PPP conn.

I set on the client pcs proparly the gateway and DNS(my suse server's IP)

Now the result.
I have internet on the router PC. I can see the router PC from the clients. I can connect to the web server on the router. but I cant connect to web pages from the clients. I can ping(from clients) the gateway which is set as default on the router.
(client PC)When I try to ping google.com for example
It shows me the IP of google but doesnt reply. and says name cannot be resolved even it is obvious it reached google.com.

Obviously I have outbound connection but somehow the replies from the internet never reaches back my client.

I doubt from:
I have only one LAN card,using for local network and pppoe, all examples on the net are with 2 LAN cards.

I have a question too
I played with iptables file and I dont get the IP synacsis used there 192.168.2.1/24
what does the 24 stand for? sometime it is 20 or 16
is the 192.168.2.1/255.255.248.0 usable too?

I used Yast for the basic thing I hope it is not bugged.

Any suggestions?
thanks
Orhi
 
Old 09-07-2006, 12:43 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
i'd be pointing at the firewall. i'd suggest you did this.... log onto the server, and run "tcpdump port http -vn" and then from a client try to access google.com. you'll then see on the server the 4 stages of the tcp traffic (client to gateway, gateway to google, google to gateway, gateway to client) and see what bit is not there. you said
Quote:
It shows me the IP of google but doesnt reply. and says name cannot be resolved even it is obvious it reached google.com.
this doesn't really make sense.... if it shows you the ip of google, then it's not reached google at all, but just found it's ip from a dns server. doesn't mean it's actually routing anywhere at all, as if dns is runnign on the server, no ip level routing is happening.

the other bits....

/24 means a 24 mit mask, which in old skool notation is 255.255.255.0 so 192.168.1.2/24 means 192.168.2.1/255.255.255.0 i'd suggest playing with an online ip calculator to get more comfortable with CIDR notation and such. as for /20's or /16's these widen the scope of the subnet, and whilst it's totally possible, stick to /24's in general, or things will get messy

Last edited by acid_kewpie; 09-07-2006 at 12:45 PM.
 
Old 09-07-2006, 01:58 PM   #3
orhanco
LQ Newbie
 
Registered: Sep 2006
Location: Bulgaria
Distribution: suse
Posts: 5

Original Poster
Rep: Reputation: 0
hi

I also think that there is something wrong with the FW. I did many changes manually in the firewall2 file. maybe it will be eaisier to just print my file here. on the internet I can only find tutorials with commands iptable. I will try with the commands as well.

So the problem is not because I run LAN and ppp0e on the same LAn card?

Thanks you for the command
I will try it tomorrow
Orhi
 
Old 09-08-2006, 11:03 AM   #4
orhanco
LQ Newbie
 
Registered: Sep 2006
Location: Bulgaria
Distribution: suse
Posts: 5

Original Poster
Rep: Reputation: 0
hi acid

i tried many commands even installed suse from begining but it doesnt work
the command you gave me prints this below
i dont unsderstand it. but i guess it is because i use only one lan card. maybe it confuses as pppoe is connecting over eth0 whic is internal network and dsl09pppoe0 external. but thay are same device in practice.
dont know what else to do.

orhi


tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:56:16.292535 IP (tos 0x0, ttl 128, id 3431, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1086 > 209.200.224.54.80: S, cksum 0x55bd (correct), 872645495:872645495(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:17.504270 IP (tos 0x0, ttl 128, id 3432, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1088 > 87.120.41.130.80: S, cksum 0x5486 (correct), 4146459278:4146459278(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:19.162900 IP (tos 0x0, ttl 128, id 3434, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1086 > 209.200.224.54.80: S, cksum 0x55bd (correct), 872645495:872645495(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:20.366694 IP (tos 0x0, ttl 128, id 3435, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1088 > 87.120.41.130.80: S, cksum 0x5486 (correct), 4146459278:4146459278(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:25.181804 IP (tos 0x0, ttl 128, id 3441, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1086 > 209.200.224.54.80: S, cksum 0x55bd (correct), 872645495:872645495(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:26.385701 IP (tos 0x0, ttl 128, id 3443, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1088 > 87.120.41.130.80: S, cksum 0x5486 (correct), 4146459278:4146459278(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:37.318195 IP (tos 0x0, ttl 128, id 3447, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1090 > 82.208.27.3.80: S, cksum 0x0632 (correct), 524889061:524889061(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:40.229432 IP (tos 0x0, ttl 128, id 3448, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1090 > 82.208.27.3.80: S, cksum 0x0632 (correct), 524889061:524889061(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:46.248323 IP (tos 0x0, ttl 128, id 3454, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1090 > 82.208.27.3.80: S, cksum 0x0632 (correct), 524889061:524889061(0) win 64240 <mss 1460,nop,nop,sackOK>
14:56:59.772961 IP (tos 0x0, ttl 128, id 4156, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1092 > 194.213.194.29.80: S, cksum 0xbf57 (correct), 3372265957:3372265957(0) win 64240 <mss 1460,nop,nop,sackOK>
14:57:02.700330 IP (tos 0x0, ttl 128, id 4348, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1092 > 194.213.194.29.80: S, cksum 0xbf57 (correct), 3372265957:3372265957(0) win 64240 <mss 1460,nop,nop,sackOK>
14:57:08.719389 IP (tos 0x0, ttl 128, id 4472, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1092 > 194.213.194.29.80: S, cksum 0xbf57 (correct), 3372265957:3372265957(0) win 64240 <mss 1460,nop,nop,sackOK>
14:57:22.359694 IP (tos 0x0, ttl 128, id 4488, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1093 > 82.165.250.33.80: S, cksum 0x71a3 (correct), 2874955113:2874955113(0) win 64240 <mss 1460,nop,nop,sackOK>
14:57:25.275566 IP (tos 0x0, ttl 128, id 4494, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1093 > 82.165.250.33.80: S, cksum 0x71a3 (correct), 2874955113:2874955113(0) win 64240 <mss 1460,nop,nop,sackOK>
14:57:31.294583 IP (tos 0x0, ttl 128, id 4496, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.3.193.1093 > 82.165.250.33.80: S, cksum 0x71a3 (correct), 2874955113:2874955113(0) win 64240 <mss 1460,nop,nop,sackOK>
 
Old 09-08-2006, 11:10 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
ok well there are clearly no acks coming back to the internal network, realyl does look like a firewall. try the tcpdump command with "-i ppp0" or whatever the external interface name is and do a similar test (only use one host though, keeps it cleaner) and i would expect that you would being seeing either nothing (outbound block) or a fully valid syn / ack (inbound block)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
problem setting up internet gateway using iptables sweemeng Linux - Networking 2 07-12-2006 01:59 PM
wireless gateway problem on SUSE 9.3 LargoW Linux - Wireless Networking 8 10-10-2005 05:53 PM
internet gateway+mail sever+WinXP+SuSE.... djdevx SUSE / openSUSE 0 09-03-2005 03:28 AM
Suse 9.3 - No internet, can't ping my gateway bacan Linux - Networking 5 05-26-2005 10:08 AM
internet gateway with suse 9.0 pro digitalf Linux - Networking 35 04-30-2005 11:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration