Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: David Thomas on November 18, 2003, 09:35:40 AM
-
Hi all,
I have posted this question before. I am posting it again asking for your help, please.
The workstations can connect to the internet via the SME server. When testing the internet connection from the admin console it will give a positive result. Now this is not the problem. The problem is when I try to access the internet from the server itself, for example when I use "lynx" or "wget http://www------", this is where I face the problem and cannot get access to the outside world.
I'm running SME 5.6. It is configured as a server and gateway dedicated. Both the external and internal IPs are static. Two NICs. I have to provide an external proxy server because this is a requirement from my ISP.
Could this be a problem in the configuration of the firewall although I did not change anything in the standard settings, just installed as is.
I hope this clarifies the situation. Any suggestions on how to solve this issue?
Thanks,
David
-
What type of Modem or router is the SME server behind? Is it also a firewall, or does it come with any firewall settings?? ie, some dsl routers like Netopia, Zyexcel, and others have these features built in.
What is the result when you do an IFCONFIG at the command prompt?
-
The box is directly connected to the internet via ADSL. No router or modem in between. It is connecting using the second NIC already installed on the SME server.
The result of the IFCONFIG is as follows:
eth0 Link encap:Ethernet HWaddr 00:08:C7:45:68:58
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
EtherTalk Phase 2 addr:65280/18
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3482677 errors:0 dropped:0 overruns:0 frame:4
TX packets:4349315 errors:0 dropped:0 overruns:0 carrier:2
collisions:1145226
RX bytes:1163274881 (1109.3 Mb) TX bytes:168321501 (160.5 Mb)
eth1 Link encap:Ethernet HWaddr 00:80:5F:EB:60:27
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:517768 errors:3 dropped:0 overruns:0 frame:3
TX packets:564977 errors:0 dropped:0 overruns:0 carrier:0
collisions:156
RX bytes:170861955 (162.9 Mb) TX bytes:56330999 (53.7 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
EtherTalk Phase 2 addr:0/0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:45478 errors:0 dropped:0 overruns:0 frame:0
TX packets:45478 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:21034176 (20.0 Mb) TX bytes:21034176 (20.0 Mb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:212.70.52.207 P-t-P:212.26.72.14 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:37427 errors:0 dropped:0 overruns:0 frame:0
TX packets:42233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:15719608 (14.9 Mb) TX bytes:2281644 (2.1 Mb)
-
Is this a dns issue? Can you ping say your isp's dns ip address
Regards
Brian
PS I am interested in how you connect to the internet - I thought you needed an adsl router/modem
-
eth0 Link encap:Ethernet HWaddr 00:08:C7:45:68:58
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
EtherTalk Phase 2 addr:65280/18
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 00:80:5F:EB:60:27
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Look at the difference between eth0 and eth1. eth0 has an ip address of 192.168.0.1, eth1 has no ip address so it can't send or recieve any thing.
If you get an ip address given to you by dhcp then you need to get a new ip address, if your isp gives you a static ip address then you need to enter that into the server panel acessed by loging in as admin.
Read the manual on this one about how to setup ip addresses.
-
Craig, I think you missed the ppp0 connection that the ADSL modem will be using...
-
Terry,
Opps, missed the ADSL bit, not the ppp0 though. Just thought that some one on the internal network had just vpned to it.
-
brian kirk wrote:
>
> PS I am interested in how you connect to the internet - I
> thought you needed an adsl router/modem
Goodness, no! The SME server is, primarily, a secure gateway to the internet. Using a "broadband router" is redundant.
Mike
-
David Thomas wrote:
>
> The workstations can connect to the internet via the SME
> server. When testing the internet connection from the admin
> console it will give a positive result. Now this is not the
> problem. The problem is when I try to access the internet
> from the server itself, for example when I use "lynx" or
> "wget http://www------", this is where I face the problem and
> cannot get access to the outside world.
Considering that all traffic from the workstations is routed through the gateway, it's obviously not a connectivity issue.
1. Are the workstations using the gateway as their DNS server?
2. Have you tested DNS on the server?
ie. host
Mike
-
Michael Soulier wrote:
>
> 1. Are the workstations using the gateway as their DNS server?
Yes. All of them.
> 2. Have you tested DNS on the server?
> ie. host
This works fine as well. This is the result.
[root@wd1 /]# host yahoo.com
yahoo.com has address 66.218.71.198
-
I'm having a similar problem here, its basicly due to the fact that you have to use a Proxy through your ISP.
We've just have a similar system installed here at the school I'm working in now. ALL web trafic (HTTP, FTP, SSL, Everything) has to go through their proxy.
To add insult to injury, the Proxy we have to go through isn't even part of the default route out, so we can't ask them to open outgoing ports, as it won't go out through the right gateway!
Bloody rediculous system if you ask me.
Anyway, enough of my Problems.
The problem with WGET arises, because you need to route HTTP & FTP through your ISP's proxy.
I have got around the HTTP problem by routing my trafic through an IPCop box, which has tranparent proxy switched on, with the ISP's proxy set as the upstream Proxy. This does not however fix FTP.
I have found this page:
http://www.gnu.org/software/wget/manual/wget-1.8.1/html_node/wget_34.html
Which tells you how to configure proxy settings for WGET...
It says to alter some environment variables and seems pretty straight forward, but I'm still fairly new to Linux and I don't know where to change the Environment Variables. Can anyone point me in the right direction?
Cheers.
Nick
-
Righty, I've found out how to do it now.
use the Export command to set the environment Variables as follows:
export http_proxy="proxyaddress:port"
export ftp_proxy="proxyaddress:port"
e.g. I put
export http_proxy="10.1.2.13:8080"
export ftp_proxy="10.1.2.13:8080"
I don't know if this setting is permanent, I'll post back later and let you know after a reboot.
Hope I help you out in my own blundering about :-D
Nick
-
Phew.. Took some doing but i think this problem is now nailed.
edit the file: /etc/profile
Scroll down till you see the line that says:
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC
Add the Variables you want to set above it, then add the variables to the export line.. e.g.
http_proxy="10.1.2.13:8080"
ftp_proxy="10.1.2.13:8080"
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC http_proxy ftp_proxy
Thats me sorted, the variables will be applied now to any user that logs into the console, and (hopefully) will apply to the Spam Assassin Scripts aswell :-)
-
David are your sure that the ISP isn't using PPPoE? That might be causing the problem. While you will be assigned an IP address you won't be ablee to access any external services until you login.