Topic: SME server cannot connect to Internet

[David Thomas]

Hi all,

I have posted this question before. I am posting it again asking for your help, please.

The workstations can connect to the internet via the SME server. When testing the internet connection from the admin console it will give a positive result. Now this is not the problem. The problem is when I try to access the internet from the server itself, for example when I use "lynx" or "wget http://www------", this is where I face the problem and cannot get access to the outside world.

I'm running SME 5.6. It is configured as a server and gateway dedicated. Both the external and internal IPs are static. Two NICs. I have to provide an external proxy server because this is a requirement from my ISP.

Could this be a problem in the configuration of the firewall although I did not change anything in the standard settings, just installed as is.

I hope this clarifies the situation. Any suggestions on how to solve this issue?

Thanks,
David

[SloopJohnB]

What type of Modem or router is the SME server behind? Is it also a firewall, or does it come with any firewall settings?? ie, some dsl routers like Netopia, Zyexcel, and others have these features built in.

What is the result when you do an IFCONFIG at the command prompt?

[David Thomas]

The box is directly connected to the internet via ADSL. No router or modem in between. It is connecting using the second NIC already installed on the SME server.

The result of the IFCONFIG is as follows:

eth0      Link encap:Ethernet  HWaddr 00:08:C7:45:68:58
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          EtherTalk Phase 2 addr:65280/18
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3482677 errors:0 dropped:0 overruns:0 frame:4
          TX packets:4349315 errors:0 dropped:0 overruns:0 carrier:2
          collisions:1145226
          RX bytes:1163274881 (1109.3 Mb)  TX bytes:168321501 (160.5 Mb)

eth1      Link encap:Ethernet  HWaddr 00:80:5F:EB:60:27
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:517768 errors:3 dropped:0 overruns:0 frame:3
          TX packets:564977 errors:0 dropped:0 overruns:0 carrier:0
          collisions:156
          RX bytes:170861955 (162.9 Mb)  TX bytes:56330999 (53.7 Mb)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          EtherTalk Phase 2 addr:0/0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:45478 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:21034176 (20.0 Mb)  TX bytes:21034176 (20.0 Mb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:212.70.52.207  P-t-P:212.26.72.14  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:37427 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42233 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:15719608 (14.9 Mb)  TX bytes:2281644 (2.1 Mb)

[brian kirk]

Is this a dns issue? Can you ping say your isp's dns ip address
Regards
Brian
PS I am interested in how you connect to the internet - I thought you needed an adsl router/modem

[Craig]

eth0 Link encap:Ethernet HWaddr 00:08:C7:45:68:58
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
EtherTalk Phase 2 addr:65280/18
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth1 Link encap:Ethernet HWaddr 00:80:5F:EB:60:27
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1


Look at the difference between eth0 and eth1. eth0 has an ip address of 192.168.0.1, eth1 has no ip address so it can't send or recieve any thing.

If you get an ip address given to you by dhcp then you need to get a new ip address, if your isp gives you a static ip address then you need to enter that into the server panel acessed by loging in as admin.

Read the manual on this one about how to setup ip addresses.

[Terry]

Craig, I think you missed the ppp0 connection that the ADSL modem will be using...

[Craig]

Terry,
Opps, missed the ADSL bit, not the ppp0 though. Just thought that some one on the internal network had just vpned to it.

[Michael Soulier]

brian kirk wrote:
>
> PS I am interested in how you connect to the internet - I
> thought you needed an adsl router/modem

Goodness, no! The SME server is, primarily, a secure gateway to the internet. Using a "broadband router" is redundant.

Mike

[Michael Soulier]

David Thomas wrote:
>
> The workstations can connect to the internet via the SME
> server. When testing the internet connection from the admin
> console it will give a positive result. Now this is not the
> problem. The problem is when I try to access the internet
> from the server itself, for example when I use "lynx" or
> "wget http://www------", this is where I face the problem and
> cannot get access to the outside world.

Considering that all traffic from the workstations is routed through the gateway, it's obviously not a connectivity issue.

1. Are the workstations using the gateway as their DNS server?
2. Have you tested DNS on the server?

ie. host

Mike

[David Thomas]

Michael  Soulier wrote:
>
> 1. Are the workstations using the gateway as their DNS server?

Yes. All of them.

> 2. Have you tested DNS on the server?
> ie. host

This works fine as well. This is the result.
[root@wd1 /]# host yahoo.com
yahoo.com has address 66.218.71.198

[NickCritten]

I'm having a similar problem here, its basicly due to the fact that you have to use a Proxy through your ISP.

We've just have a similar system installed here at the school I'm working in now. ALL web trafic (HTTP, FTP, SSL, Everything) has to go through their proxy.

To add insult to injury, the Proxy we have to go through isn't even part of the default route out, so we can't ask them to open outgoing ports, as it won't go out through the right gateway!
Bloody rediculous system if you ask me.


Anyway, enough of my Problems.

The problem with WGET arises, because you need to route HTTP & FTP through your ISP's proxy.
I have got around the HTTP problem by routing my trafic through an IPCop box, which has tranparent proxy switched on, with the ISP's proxy set as the upstream Proxy.  This does not however fix FTP.

I have found this page:

http://www.gnu.org/software/wget/manual/wget-1.8.1/html_node/wget_34.html

Which tells you how to configure proxy settings for WGET...
It says to alter some environment variables and seems pretty straight forward, but I'm still fairly new to Linux and I don't know where to change the Environment Variables.  Can anyone point me in the right direction?

Cheers.

Nick

[NickCritten]

Righty, I've found out how to do it now.

use the Export command to set the environment Variables as follows:

export http_proxy="proxyaddress:port"
export ftp_proxy="proxyaddress:port"


e.g. I put

export http_proxy="10.1.2.13:8080"
export ftp_proxy="10.1.2.13:8080"


I don't know if this setting is permanent, I'll post back later and let you know after a reboot.

Hope I help you out in my own blundering about  

Nick

[NickCritten]

Phew.. Took some doing but i think this problem is now nailed.

edit the file: /etc/profile

Scroll down till you see the line that says:
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC

Add the Variables you want to set above it, then add the variables to the export line.. e.g.

http_proxy="10.1.2.13:8080"
ftp_proxy="10.1.2.13:8080"
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC http_proxy ftp_proxy

Thats me sorted, the variables will be applied now to any user that logs into the console, and (hopefully) will apply to the Spam Assassin Scripts aswell

[Buddha_Joe]

David are your sure that the ISP isn't using PPPoE? That might be causing the problem. While you will be assigned an IP address you won't be ablee to access any  external services until you login.