Yes, when I have a name resolution problem, I'm still able to ping my local network devices - my "legacy" computer, and the firewall's internal IP. However, I can't ping the firewall's external IP (or any external IP). So, my network connection IS functional for the local network at least.
When I do a route -n, I'm seeing basic routing tables, with a default entry for the firewall's internal address. A thought just occured to me - I read in the IPCop documentation that I would need to put my local computers into HOSTS file to handle proper internal name resolution. When I browse to my web server from work, I occasionally see it trying to access my internal IP - of course the page fails at that point. I'll try removing all my internal boxes from the HOSTS file. But that doesn't explain why I can't ping external IP addresses when this condition is happening.... Shawn -----Original Message----- From: Kevin Anderson [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 6:53 AM To: [EMAIL PROTECTED] Subject: Re: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 Can you ping the windows box or the IPcop box from the Linux box during one of these outages? I can't see your routing changing without manual intervention. I can't see your IP adressing changing without manual intervention. So I'd be expecting to see your network connection not working _at_all_ during these times. Kev. ----- Original Message ----- From: "Shawn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 03, 2003 12:13 AM Subject: RE: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 > k, I did the dig, and then tried to ping the name server here's the results: > > dig www.google.ca > ;; connection timed out; no servers could be reached > > ping 216.123.198.243 (telus name server) > -- just hangs trying to connect.... no responses at all. > > ping 198.80.55.1 (name server) > -- just hangs trying to connect.... no responses at all. > > (both the above name servers are listed in my resolv.conf file) > > And for comparison, I tried to ping the same server from my windows box > while the Linux box was waiting for a reply - the windows box received > replies, Linux box didn't. I was able to ping my windows box though, so I > know networking IS working properly. > > My network config is as follows: > > firewall > | > ------------------ > | | > Linux server W2K workstation > > Firewall is IPCop 1.3 with forwarding rules for ports 80 and 25 to the Linux > server. only the red interface of the firewall has a dynamic IP address - > the rest are static. > > Now, I think this indicates something isn't configured right on the Linux > server. However, I know that if I wait for a little while (not quite sure > how long I'd need), I'll be able to enter the above commands again, and > they'll work - with no changes at all. > > Things I've tried/checked - I now have 7 name servers listed in resolv.conf. > I've checkd my network config, and all seems correct - ip address and > default gateway are getting assigned... (default gateway is the internal > address of my firewall - should I make this point to the external address?). > I'm not sure what else I should/could check. Maybe I need to assign a > static route or something? > > Thanks for any insight you may offer. > > Shawn > > -----Original Message----- > From: Kevin Anderson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 02, 2003 4:00 PM > To: [EMAIL PROTECTED] > Subject: Re: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 > > > Next up, can you what does dig show when you try to resolve a name? > > Kev. > > > ----- Original Message ----- > From: "Kevin Anderson" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, July 02, 2003 1:27 PM > Subject: Re: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 > > > > Out of curiosity, can you ping the DNS servers when you are recieving > these > > errors? > > > > kev. > > > > > > ----- Original Message ----- > > From: "Shawn Grover" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, July 02, 2003 10:15 AM > > Subject: RE: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 > > > > > > > Well, adding the other name servers to my resolv.conf file didn't > resolve > > > the issue. It appears that I loose name resolution after a period of > time > > > (somewhere around 5 - 15 minutes). I'll do more digging over the next > few > > > days. > > > > > > Shawn > > > > > > -----Original Message----- > > > From: Shawn [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, July 01, 2003 2:52 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 > > > > > > > > > The RED interface on the IPCop box is using DHCP. All other interfaces > on > > > my network are static. > > > I've added the other IP addresses mentioned in the other responses to my > > > message, so we'll see how that goes. > > > > > > Thanks for the responses. > > > > > > Shawn > > > > > > -----Original Message----- > > > From: Kevin Anderson [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, July 01, 2003 9:32 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 > > > > > > > > > If you're getting DHCP from IPcop, it will be caching DNS info for you. > > So > > > I'd start by checking that it isn't affected first. > > > > > > Next, is the Gentoo box recieving a dhcp address? Is it also recieving > > DNS > > > from the DHCP server? > > > > > > I'd start by hardcoding the address and DNS settings. If that doesn't > > work, > > > then try using a different DNS server (24.71.223.145 is SHAW, and it'll > > work > > > fine for you). > > > > > > Kev. > > > > > > > > > > > > > > > ----- Original Message ----- > > > From: "Shawn" <[EMAIL PROTECTED]> > > > To: "CLUG (E-mail)" <[EMAIL PROTECTED]> > > > Sent: Tuesday, July 01, 2003 12:30 AM > > > Subject: (clug-talk) Weird name resolution troubles and IPCop 1.3.0 > > > > > > > > > > I'm seeing some weird things going on with my network. > > > > > > > > I have two computers behind an IPCop firewall. One of the computers > is > > my > > > > W2K workstation - it has no problems doing name resolution and > browsing > > > the > > > > web. The other computer is my Gentoo server and it will periodically > > > refuse > > > > to resolve names. It does this when I'm trying to install packages > > > > sometimes, or even just trying to ping a remote server. > > > > > > > > I've just finished checking and reinstalling the IPCop firewall - and > > saw > > > > the symptoms appear again immediately (ping www.google.ca failed to > > > > resolve). However, a few minutes later, it's resolving with no > > problems. > > > > The obvious assumption is that my server isn't setup right. But I've > > just > > > > checked it's hosts file, and resolv.conf file - hosts has entries for > my > > > > local computers, and resolv.conf has entries for my name servers > (well, > > > > Telus' servers). Should I not have my firewall computer in the > > > resolv.conf > > > > file? Would that be the cause of this sort of trouble? I've also > > checked > > > > the default gateway, and it's set correctly. > > > > > > > > Has anyone else running IPCop seen the same sort of behaviour? > > > > > > > > Thanks for any tips. > > > > > > > > Shawn > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
