| View previous topic :: View next topic |
| Author |
Message |
hardcore
l33t
Joined: 01 Nov 2003
Posts: 626
Location: MSU, MI
|
 Posted: Tue Sep 07, 2004 10:49 pm Post subject: Router help / weird internet problems |
 |
|
Ok, so here's the deal. I just finished setting up a computer to be a router (Gentoo  ), fresh install of gentoo, 2.6 kernel, and following the router HOWTO at gentoo.org ( http://www.gentoo.org/doc/en/home-router-howto.xml ), and eth1 is the link to the internet, eth0 is for the local network. Now my problem is thus: I can connect HTTP, in fact I'm posting this from a computer behind the router. The only other protocol I know that works is MSN on gaim. Tested protocols that are NOT working are various gift plugins (fasttrack, openft, gnutella), ftp, OSCAR (gaim), ping (even known sites that allow ping, www.yahoo.com ), well you get the point.
This is all behind the router of course, but the funny thing is, ping doesn't work on the router. Now I can ping locally within the network, but I can't ping say www.yahoo.com . And I have just checked on both the router and behind the router, and they both timeout.
router:
/etc/conf.d/net
| Code: | # $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/conf.d/net,v 1.7 2002/11/18 19:39:22 azarah Exp $
# Global config file for net.* rc-scripts
# This is basically the ifconfig argument without the ifconfig $iface
#
#iface_eth1="207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0"
iface_eth0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0"
# For DHCP set iface_eth? to "dhcp"
# For passing options to dhcpcd use dhcpcd_eth?
#
#iface_eth0="dhcp"
#dhcpcd_eth0="..."
iface_eth1="dhcp"
# For adding aliases to a interface
#
#alias_eth0="192.168.0.3 192.168.0.4"
# NB: The next is only used for aliases.
#
# To add a custom netmask/broadcast address to created aliases,
# uncomment and change accordingly. Leave commented to assign
# defaults for that interface.
#
#broadcast_eth0="192.168.0.255 192.168.0.255"
#netmask_eth0="255.255.255.0 255.255.255.0"
# For setting the default gateway
#
#gateway="eth0/192.168.0.1" |
/etc/dhcp/dhcpd.conf :
| Code: | authorative;
ddns-update-style ad-hoc;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.250;
default-lease-time 259200;
max-lease-time 518400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
}
|
/etc/conf.d/dnsmasq
| Code: | # Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-dns/dnsmasq/files/dnsmasq.confd,v 1.3 2004/07/14 23:23:32 agriffis Exp $
# Config file for /etc/init.d/dnsmasq
# See the dnsmasq(8) man page for possible options to put here.
DNSMASQ_OPTS="-i eth0"
|
| Code: | router root # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT udp -- anywhere anywhere udp dpt:bootps reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:domain reject-with icmp-port-unreachable
DROP tcp -- anywhere anywhere tcp dpts:0:1023
DROP udp -- anywhere anywhere udp dpts:0:1023
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED
ACCEPT all -- 192.168.0.0/16 anywhere
ACCEPT all -- anywhere 192.168.0.0/16
Chain OUTPUT (policy ACCEPT)
target prot opt source destination |
| Code: | #
# Networking support
#
CONFIG_NET=y
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
# CONFIG_NETLINK_DEV is not set
CONFIG_UNIX=y
CONFIG_NET_KEY=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
# CONFIG_IP_ROUTE_FWMARK is not set
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
#
# IP: Virtual Server Configuration
#
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
CONFIG_IP_NF_NAT_LOCAL=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_CLASSIFY=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_RAW=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
#
# SCTP Configuration (EXPERIMENTAL)
#
# CONFIG_IP_SCTP is not set
# CONFIG_ATM is not set
# CONFIG_BRIDGE is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_NET_DIVERT is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_HW_FLOWCONTROL is not set
#
# QoS and/or fair queueing
#
CONFIG_NET_SCHED=y
CONFIG_NET_SCH_CLK_JIFFIES=y
# CONFIG_NET_SCH_CLK_GETTIMEOFDAY is not set
# CONFIG_NET_SCH_CLK_CPU is not set
# CONFIG_NET_SCH_CBQ is not set
CONFIG_NET_SCH_HTB=y
# CONFIG_NET_SCH_HFSC is not set
# CONFIG_NET_SCH_PRIO is not set
# CONFIG_NET_SCH_RED is not set
# CONFIG_NET_SCH_SFQ is not set
# CONFIG_NET_SCH_TEQL is not set
# CONFIG_NET_SCH_TBF is not set
# CONFIG_NET_SCH_GRED is not set
# CONFIG_NET_SCH_DSMARK is not set
# CONFIG_NET_SCH_NETEM is not set
CONFIG_NET_SCH_INGRESS=y
# CONFIG_NET_QOS is not set
# CONFIG_NET_CLS is not set
# CONFIG_NET_CLS_ROUTE is not set
|
If you can offer any advice, please do so |
|
| Back to top |
|
 |
ep98
Apprentice
Joined: 08 Jul 2003
Posts: 232
Location: Bulgaria
|
| Posted: Tue Sep 07, 2004 11:30 pm Post subject: The same problem.... |
|
|
... no ping reply from the systems, behind the wall, resolver works, but cant connect without SQUID
and how to connect to IRC, ICQ etc.
_________________
If u cant give advice, dont send the helpless to the HOWTO's way or Google.com way. |
|
| Back to top |
|
|
hardcore
l33t
Joined: 01 Nov 2003
Posts: 626
Location: MSU, MI
|
| Posted: Wed Sep 08, 2004 1:47 am Post subject: Re: The same problem.... |
|
|
| ep98 wrote: | ... no ping reply from the systems, behind the wall, resolver works, but cant connect without SQUID
and how to connect to IRC, ICQ etc. |
Well at least we aren't alone, keep me posted if you find a solution to this. |
|
| Back to top |
|
|
ep98
Apprentice
Joined: 08 Jul 2003
Posts: 232
Location: Bulgaria
|
| Posted: Wed Sep 08, 2004 6:53 am Post subject: Re: The same problem.... |
|
|
| hardcore wrote: | | ep98 wrote: | ... no ping reply from the systems, behind the wall, resolver works, but cant connect without SQUID
and how to connect to IRC, ICQ etc. |
Well at least we aren't alone, keep me posted if you find a solution to this. |
When searchin' thru the Gentoo Forums, I found this two links, for me, doesnt make a lot (ICMP requests are still denied), but u can try on your service provider, cos I'm not so sure, but I hear rumors, that the damned ISP can prevent me from running NAT for my boxes behind the real IP, it can be true, and can be a big bull shit. but to ensure try this links
than go for guide here:
http://www.mplug.org/phpwiki/index.php/BasicFirewallRouter
and here
http://www.mplug.org/phpwiki/index.php/MonMothaReferenceGuide
I will try with one old script called Defcon4 with IPChains... and in case if monmotha dont work and for u, u must set sock5 transperant proxy, and the whole net behind the real ip, must go to the internet thru proxies, http, https, ftp, socks (ICQ, IRC)
_________________
If u cant give advice, dont send the helpless to the HOWTO's way or Google.com way. |
|
| Back to top |
|
|
hardcore
l33t
Joined: 01 Nov 2003
Posts: 626
Location: MSU, MI
|
| Posted: Thu Sep 09, 2004 2:25 pm Post subject: |
|
|
| Well I decieded to set up another computer as a router, and lo and behold it works! I still don't know what the hell the problem was with the other computer tho, if I ever figure it out, I'll let you know. |
|
| Back to top |
|
|
ep98
Apprentice
Joined: 08 Jul 2003
Posts: 232
Location: Bulgaria
|
| Posted: Fri Sep 10, 2004 7:07 am Post subject: |
|
|
10x in advance !
Yesterday I setup another PC with Debian (SID) aka unstable, it works without any problems with Debian stock kernel "kernel-image-2.4.27-1-k7-smp" and everything is ok, sill cant understand what's wrong with Gentoo-dev-sources, on the Debian gateway, I set it with Endoshield - http://endoshield.sourceforge.net/, if u want I cant give u my EndShield Configuration
_________________
If u cant give advice, dont send the helpless to the HOWTO's way or Google.com way. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
