Topic: ADSL Connection

[Brando Choy]

Hi,
My problem is that e-smith will not connect to the internet.

Harware:
P200
32 Megs ram
8 gig HD
2 NIC - Intel 100pro

Setup:
Server And Gateway - dedicated
Obtain DHCP IP Address OFF
IP address 207.x.x.x
IP mask x.x.x.x
Gateway x.x.x.x
(Where x is the correct ip address for the info)

Local IP 192.168.1.1
Local Mask 255.255.255.255.0
DHCP Server ON

There are no failed devices on start up or in log reports(/var/log/messages).
I have switched cables back and forth  as I am using 2 of the same model NICs due to the difficulty in finding which is eth0/1. - Either case Test for internet fails.

On the log report what is interesting is that eth1 is not listed at all other than startup while the
eth0 has listening and sending
Eg . dhcpd Listening on socket/eth0/192/168.1.1
       dhcpd Sending on socket/eth0/192/168.1.1

Is there something I am missing or misconfigured?

Note:
If I change the Local ip to an ADSL static ip (IE from 192.168.1.1 --> 209.y.y.y) then connection to the internet works, but that defeats the idea of using e-smith as a gateway. All the users will then end up provided with a direct connection to the net instead of going thru e-smith.

On NT it works fine - Provide all users with a 192.x.x.x address and when they go out to the internet a  proxy ADSL IP goes out.

Any suggestions would be appreciated,

Brando Choy

[sd]

Local Mask 255.255.255.255.0


that should be 255.255.255.0

change that and try again

[Charlie Brady]

Brando Choy wrote:

> There are no failed devices on start up or in log
> reports(/var/log/messages). I have switched cables back and
> forth  as I am using 2 of the same model NICs due to the
> difficulty in finding which is eth0/1. - Either case Test for
> internet fails.
>
> On the log report what is interesting is that eth1 is not
> listed at all other than startup while the eth0 has listening
> and sending Eg . dhcpd Listening on socket/eth0/192/168.1.1
> dhcpd Sending on socket/eth0/192/168.1.1

The reason for that is that the services are configured so only bind to the internal interface - which is what you want.

> Is there something I am missing or misconfigured?

To make it easier to diagnose your problem, first try to troubleshoot the server<->internet connection, then worry about your client machines. Try pinging your default gateway from the server. Until you can do that, nothing else will work either.

Charlie

[Brando Choy]

Thanks SD,

Lack of sleep has made me miss-type along with 192/168.1.1 on my previous message
I'm not that lucky on the e-smith box though ;D

Brando

[Brando Choy]

Charlie Brady wrote:

> > Is there something I am missing or misconfigured?
>
> To make it easier to diagnose your problem, first try to
> troubleshoot the server<->internet connection, then worry
> about your client machines. Try pinging your default gateway
> from the server. Until you can do that, nothing else will work
> either.

Charlie,
I ping the ISP gateway and get +1 errors, 100% packet loss Any suggestions as to where else to look?

I added the DNS to see what would happen and the log file would show that the "IP is unreachable".

I checked the message log file and everything looks ok (well to me).
I do notice this "named[520]: Forwarding source address [0.0.0.0].1024"

I'm still learning linux as can be shown pretty evidently.

Thanks,

Brando

[Charlie Brady]

Brando Choy wrote:

> Charlie, I ping the ISP gateway and get +1 errors, 100% packet
> loss Any suggestions as to where else to look?
>
> I added the DNS to see what would happen and the log file
> would show that the "IP is unreachable".

You would expect that. If you can't ping your default gateway you can't expect much else to work.

> I checked the message log file and everything looks ok (well
> to me). I do notice this "named[520]: Forwarding source
> address [0.0.0.0].1024"

That doesn't look too good.

OK, do "/sbin/lsmod" and check that a driver module for your ethernet card is loaded. "grep eth1 /etc/conf.modules" will show you which module the system has configured for your Internet side NIC.

Now do "/sbin/ifconfig eth1" to check that the Internet side NIC is configured with the correct IP address and netmask, etc.

Do "/usr/bin/netstat -i" to look at the statistics for packets in, out and errors on the various interfaces.

Between those three diagnostics, you should be able to discover something.

> I'm still learning linux as can be shown pretty evidently.

Don't apologise for that. E-smith exists to bring the reliability of linux to people like you. The troubleshooting facilities do need some development work though

Charlie

[Brando Choy]

> OK, do "/sbin/lsmod" and check that a driver module
> for your ethernet card is loaded. "grep eth1
> /etc/conf.modules" will show you which module the system
> has configured for your Internet side NIC.
>
> Now do "/sbin/ifconfig eth1" to check that the
> Internet side NIC is configured with the correct IP address and
> netmask, etc.
>
> Do "/usr/bin/netstat -i" to look at the statistics
> for packets in, out and errors on the various interfaces.

I did the above and the card responded perfectly fine. No errors. Packets came in and out. Now that confused me like nothing so I removed the eth1 card and put another card in thinking it might be the card and ... everthing works It must have been a a weird failure on the card. (The card I replaced is the same model 100Pro Intel)

Thank you very much for your time and response.

One more question,
I'm not sure how IPmasq works or Ipchains for E-smith.
Do I have to setup both to allow an ip for incoming traffic?

The reason I ask is because my mail server runs on a different IP so I would need it to pass the firewall.

Thanks again for the help.

BC

[Charlie Brady]

Brando Choy wrote:

> One more question, I'm not sure how IPmasq works or Ipchains
> for E-smith. Do I have to setup both to allow an ip for
> incoming traffic? ... The reason I ask is because my mail
> server runs on a different IP so I would need it
> to pass the firewall.

You don't need to. IPmasq is not for incoming traffic, only outgoing, and although you can use IPchains to set up forwarding
for incoming traffic, that isn't the only way to do it. Search for "Exchange" on this BBoard for earlier advice about setting
up forwarding.

Your options are:

- change the qmail configuration so that it relays both inbound    and outbound mail. IMO, the best if mail is the only thing you
  want to handle inside your e-smith firewall.

- Use IPchains port forwarding to do tranparent port forwarding.

- Set up inetd (e-smith 3.x) or rlinetd (e-smith 4) to accept
  inbound connections on port 25, and start a TCP socket
  connecting program (nc, socket, etc) to connect to port 25
  of your internal mail server.

Regards

Charlie

[Brando Choy]

Thanks again for the advice. I will look into the options.

Brando