Can't access internet from my LAN. Any clues please ?
Andrew Lord
andrewlord at internode.on.net
Wed Dec 20 03:28:12 CST 2006
On Wednesday 20 December 2006 9:02 am, Haarsma, Michael (SAPOL) wrote:
> edit /etc/sysctl and there should be an ip_forward listed make it = 1
> and reboot
>
> Or, do above, and echo 1 > /proc/sys/net/ipv4/ip_forward which will make
> it happen without the need for a reboot, but will not persist past a
> reboot, hence you need the first command.
Thankyou for the pointer to ip_forward. In Mandriva, I've now added the line
'net.ipv4.ip_forward=1 ' to the file /etc/sysctl.conf and then used your echo
1 ..... (etc) line in shell.
Rebooting was required however. Without boot, doing 'ping 66.102.7.104' from
the NSLU2, yielded 100% packet loss. Watching the modem, I could see that
the ping was repeatedly conveyed to the modem (ie SD light repeatedly
flashing) but there was no return data (RD). I rebooted and thereafter, ping
from the NSLU2 brought the required response from the test ip address
(outside of LAN). So it seems that perhaps inclusion of the line
'net.ipv4.ip_forward=1' and issuing of 'echo 1
> /proc/sys/net/ipv4/ip_forward' gets the packets out to the net via the
desktop but that something more may be required in order to receive an answer
(if a reboot is to be avoided).
Pinging ip addresses now works just fine now, having rebooted.
One problem now remains: if I wish to ping a domain name (such as google.com),
I get:
ping: google.com: Host name lookup failure
So we're getting closer to sorting this out.
Cheers,
Andrew
PS. I should add that Mandriva has a GUI for "Sharing an internet Connection":
I have repeatedly attempted to configure internet sharing using that
interface but have never had success with it. Every time, the GUI confirms
that I have setup my internet sharing but despite having done so, the line
'net.ipv4.ip_forward=1' has never appeared in the file /etc/sysctl.conf until
I added it manually.
PPS. I should also add that I've now also found a useful page whose contents
I've incorporated in my settings: For those interested it is:
http://www.iwpcs.co.uk/ics_modem.html
Briefly, the contents of that web page that I made sure to include in my
settings (except for MII_NOT_SUPPORTED=yes, which I've left as
MII_NOT_SUPPORTED=no) are:
########################################################
Edit /etc/sysconfig/network-scripts/ifcfg-eth0 - This is the main config file
for eth0.
It should read : (you can leave out anything on a line after #)
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.0.1 # or whatever your IP address is to be - see above
NETMASK=255.255.255.0 # or 255.0.0.0 if your IP address is 10.x.x.x
NETWORK=192.168.0.0 # or 10.0.0.0 if your IP address is 10.x.x.x
BROADCAST=192.168.0.255 # or 10.255.255.255 if your IP address is 10.x.x.x
ONBOOT=yes
MII_NOT_SUPPORTED=yes
/etc/resolv.conf should contain the nameserver address(es) - put the address
of your ISPs nameserver right at the top. eg:
nameserver 195.20.224.165
You can have multiple nameserver xxx.xxx.xxx.xxx lines - the resolver will try
them all in turn if one fails
This file will probably be overwritten once you have dialled up, but it does
no harm to put the correct address in there anyway, just in case...
The default gateway and your hostname go in /etc/sysconfig/network:
HOSTNAME=yourhostname_goes_here
NETWORKING=yes
GATEWAY= # leave blank or delete - will get set up automatically
when you are connected to your ISP
We then need to set up packet forwarding:
Put the following command at the beginning of /etc/sysctl.conf
net.ipv4.ip_forward=1
Then 'turn off' the redirection to squid and set up network address
translation:
Install iptables - type "urpmi iptables" as root, or use the package manager
in the start menu or mcc
Add the following code to the bottom of /etc/rc.d/rc.local.
iptables -t nat -D PREROUTING -i eth0 -j loc_dnat
iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
(This will delete a rule from your firewall and set up NAT (masquerading) -
later, when you understand more, you can change shorewall and remove the
first line, but for now we'll keep it simple).
Reboot the computers
########################################################
>
>
> This will allow your desktop to route traffic between your Dial-Up and
> the rest of your network, and vise versa.
>
>
> I haven't read your post in detail (time), so I apologise in advance is
> this is not the problem, but it tends to be in this scenario. Also this
> is off my increasingly fuzzy memory, so it might not be syntax exact,
> but hopefully you get the jist of it :)
>
> Michael
>
> > -----Original Message-----
> > From: linuxsa-bounces at linuxsa.org.au
> > [mailto:linuxsa-bounces at linuxsa.org.au] On Behalf Of Andrew Lord
> > Sent: Tuesday, 19 December 2006 8:18 PM
> > To: linuxsa at linuxsa.org.au
> > Subject: Can't access internet from my LAN. Any clues please ?
> >
> >
> > Hi,
> >
> > I have a computer connected to the internet via a dial-up connection
> > (internode). That computer is on an LAN, to which I also
> > have a network
> > storage unit (NSLU2) connected. I can of course access the
> > internet from the
> > desktop, but I can't get access from the network storage unit
> > (nor from any
> > other computer I put on the LAN). I'm wondering if anyone can
> > shine some
> > light on this for me please. To assist in diagnosing the
> > problem, I've
> > provided as much information about my setup as I know how, below:
> >
> > My setup is:
> >
> > Desktop (ip address 192.168.0.1) ----- 5 Port Switch -----
> > NSLU2 (192.168.0.2)
> >
> >
> > Internet connection via dial-up modem
> >
> > OS is Mandriva 2006, kernel 2.6.12-27
> >
> > For my Desktop (ip 192.168.0.1), the output of ifconfig is:
> >
> > br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
> > inet addr:192.168.0.1 Bcast:192.168.0.255
> > Mask:255.255.255.0
> > inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:19299 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:0 (0.0 b) TX bytes:819577 (800.3 KiB)
> >
> > eth0 Link encap:Ethernet HWaddr 00:07:95:08:80:5C
> > inet addr:192.168.0.1 Bcast:192.168.0.255
> > Mask:255.255.255.0
> > inet6 addr: fe80::207:95ff:fe08:805c/64 Scope:Link
> > UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
> > RX packets:210 errors:1 dropped:0 overruns:0 frame:1
> > TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:71974 (70.2 KiB) TX bytes:20382 (19.9 KiB)
> > Interrupt:5 Base address:0xc800
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > inet6 addr: ::1/128 Scope:Host
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:231465 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:231465 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:39534495 (37.7 MiB) TX bytes:39534495 (37.7 MiB)
> >
> > ppp0 Link encap:Point-to-Point Protocol
> > inet addr:150.101.64.54 P-t-P:203.34.115.129
> > Mask:255.255.255.255
> > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> > RX packets:75073 errors:22 dropped:0 overruns:0 frame:0
> > TX packets:69142 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:3
> > RX bytes:94913672 (90.5 MiB) TX bytes:4235538 (4.0 MiB)
> >
> > and the output of route -n is
> >
> > [root at localhost andrew]# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref
> > Use Iface
> > 203.34.115.129 0.0.0.0 255.255.255.255 UH 0
> > 0 0 ppp0
> > 192.168.0.0 0.0.0.0 255.255.255.0 U 10
> > 0 0 eth0
> > 192.168.0.0 0.0.0.0 255.255.255.0 U 10
> > 0 0 br0
> > 0.0.0.0 203.34.115.129 0.0.0.0 UG 0
> > 0 0 ppp0
> >
> > If I telnet into the NSLU2, I can ping the NSLU2
> > (192.168.0.2), the broadcast
> > address (192.168.0.255) but not the desktop (192.168.0.1) nor
> > any web site
> > outside the LAN ( eg. www.google.com.au or 66.102.7.104).
> >
> > # ping 192.168.0.255
> > PING 192.168.0.255 (192.168.0.255): 56 data bytes
> > 64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=0.7 ms
> >
> > # ping 192.168.0.1
> > PING 192.168.0.1 (192.168.0.1): 56 data bytes
> > --- 192.168.0.1 ping statistics ---
> > 5 packets transmitted, 0 packets received, 100% packet loss
> >
> > # ping 192.168.0.2
> > PING 192.168.0.2 (192.168.0.2): 56 data bytes
> > 64 bytes from 192.168.0.2: icmp_seq=0 ttl=64
> > time=429496723.6 ms
> > 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.3 ms
> >
> > # ping www.google.com.au
> > ping: www.google.com.au: Host name lookup failure
> >
> > # ping 66.102.7.104
> > PING 66.102.7.104 (66.102.7.104): 56 data bytes
> > --- 66.102.7.104 ping statistics ---
> > 46 packets transmitted, 0 packets received, 100% packet loss
> >
> >
> > I can of course ping the NSLU2 and any web site, from the desktop.
> >
> > If in the NSLU2 i do 'ifconfig', I get:
> >
> > # ifconfig
> > ixp0 Link encap:Ethernet HWaddr 00:04:5A:0F:DE:0B
> > inet addr:192.168.0.2 Bcast:192.168.0.255
> > Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:1132 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:808 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:256
> > RX bytes:78660 (76.8 kiB) TX bytes:252012 (246.1 kiB)
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:54 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:5253 (5.1 kiB) TX bytes:5253 (5.1 kiB)
> >
> > and route -n for the NSLU2 gives me:
> >
> > # route -n
> >
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref
> > Use Iface
> > 192.168.0.0 0.0.0.0 255.255.255.0 U 0
> > 0 0 ixp0
> > 127.0.0.0 0.0.0.0 255.255.255.0 U 0
> > 0 0 lo
> > 239.0.0.0 0.0.0.0 255.0.0.0 U 0
> > 0 0 ixp0
> > 127.0.0.0 0.0.0.0 255.0.0.0 U 0
> > 0 0 lo
> > 0.0.0.0 192.168.0.1 0.0.0.0 UG 1
> > 0 0 ixp0
> >
> > I've very little networking experience and would be most
> > grateful for any
> > useful suggestions about how to fix this issue ?
> >
> > Cheers,
> >
> > Andrew
> > --
> > LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on
> > irc.freenode.net To unsubscribe or change your options:
> > http://www.netcraft.com.au/mailman/listinfo/linuxsa
More information about the linuxsa
mailing list