RH9-problem with browsing Internet: domain names-errors, using IP-OK.

o-circ · 02-20-2007, 08:43 AM

I'm new to Linux and I have a problem with browsing the Internet. I have RedHat 9 and I'm connected to the Internet through a router.

When I use domain names in Mozilla or Nautilus, I get errors. When I navigate using "direct" IP numbers, everything seems to be OK. Furthermore, I cannot ping sites by their names, although dig, host and nslookup return no errors.

My DNS is set to the same address I have set under Win XP on the same computer - and under Win name solving works fine.

(I have VIA VT86c100A Rhine-II PCI network card, if this information can help)

Any help would be great.

win32sux · 02-20-2007, 12:55 PM

welcome to LQ!!!

please post the output of:

Code:

cat /etc/resolv.conf

if you try to ping a domain name, do you get an "unknown host" error like this??

Code:

win32sux@candystore:~$ ping google.com
ping: unknown host google.com

o-circ · 02-20-2007, 02:28 PM

Hi,

This is cat output:

; generated by /sbin/dhclient-script
nameserver 192.168.2.1
search agpg

And yes, I get exactly the error you described, "unknown host".

win32sux · 02-20-2007, 03:49 PM

well, considering your resolv.conf looks fine, i'd say it could be either your local iptables rules or perhaps your dns resolver is bugging-out... you can check (and post) your iptables rules with:

Code:

iptables -L -v -n

as for your resolver possibly needing a bugfix update (it's a long-shot), the problem is that Red Hat 9 hasn't been supported/maintained in a LONG time... so i'm wondering if perhaps you are able to upgrade to a supported/mainitained distro - not so much cuz of this DNS issue, but for security and an overall better experience... in any case, i'm sure someone smarter than me will have some other suggestions for you, so hang in there...

o-circ · 02-21-2007, 05:06 AM

As a matter of fact, I don't get much of my iptables' output, which is

Code:

[root@agpg root]# iptables -L -v -n
Chain INPUT (policy ACCEPT 28 packets, 1540 bytes)
 pkts bytes target     prot opt in     out     source               destination
 7191  491K RH-Lokkit-0-50-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RH-Lokkit-0-50-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 
Chain OUTPUT (policy ACCEPT 7213 packets, 492K bytes)
 pkts bytes target     prot opt in     out     source               destination
 
Chain RH-Lokkit-0-50-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     udp  --  *      *       192.168.2.1          0.0.0.0/0          udp spt:53 dpts:1025:65535
    3   984 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp spts:67:68 dpts:67:68
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          udp spts:67:68 dpts:67:68
 7157  488K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
    3   689 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpts:0:1023 reject-with icmp-port-unreachable
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:2049 reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable

I'm trying to learn basics of Linux on RH; I thought about switching to another distribution, but I want to deal with this DNS problem first - I've spent lots of time trying to fix it and I don't want to give up now.

I hope my iptables can help; I'm kind of confused and I don't really know what to do with the results.

Best regards,
o-circ

win32sux · 02-21-2007, 01:55 PM

okay, well, let's rule-out an iptables issue by using some super-simple rules... execute this script and see if it helps... this script basically just sets some sane policies, clears all your chains, and sets two known-good rules... make sure you check that the script executed properly by doing another "iptables -L -v -n" right after...

Code:

#!/bin/sh

IPT="/sbin/iptables"

$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT

$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT

make sure you don't reboot before testing, cuz these rules will be lost upon reboot if not saved...

v00d00101 · 02-21-2007, 03:31 PM

The simplish solution is to find out the DNS server your ISP uses, should be x.x.x.x where x = 1-254.

If you want to test if it works, try.

Code:

nameserver 192.168.2.1

to

nameserver 194.106.33.42

If it works, then find out your ISP's DNS server IP, and put it in the file instead of the one i gave you. It can be found in your router or on google.

o-circ · 02-22-2007, 04:33 AM

Hi,

changing DNS into "external" one solved the problem! Everything works fine now (at least I hadn't found anything wrong till now).

Thanks a lot, v00d00101! And thanks to you, win32sux - now I know a little bit more about Linux.

Would you be so kind and tell me, how to switch off DNS auto-detection? I don't like the idea of changing resolv.conf every time I reboot...

Cheers,
o-circ

PS: Funny, it was the first post I could write under Linux.

win32sux · 02-22-2007, 01:43 PM

hehe, glad you got it working, even though it's more of a work-around than a solution... not sure why you are experiencing this, perhaps it's an issue with the leases on your router or something... in any case, you could give your box a static IP configuration to achieve what you want... but if you truly want to leave it on DHCP but prevent resolv.conf from getting written to, then i'd imagine a quick and dirty way to achieve that is giving it read-only permissions like:

Code:

chmod 400 /etc/resolv.conf

keep in mind i haven't tested to see how well this works...

o-circ · 02-23-2007, 10:33 AM

I changed resolv.conf permissions with success, but the script ignored it somehow (?!) and overwrote my settings...

But another solution was found: adding this

Code:

echo nameserver x.x.x.x > /etc/resolv.conf

after every call to make_resolv_conf in /sbin/dhclient-script fixes the problem. It's quite crude, I admit, but effective.

Thanks again for helping me!
o-circ