I've been using Dachstein on the system described in the attachment for 4
years. Kudos are due to all the participating developers in the LEAF effort! I
am attempting to get Bering uClibc running from a floppy on this system with an
eye to eventually upgrading the hardware and using a CD or hard drive version
of Bering.
With Bering uClibc I've been unable to access the internet from either the
internal network (eth1) windows macines or the firewall machine. ping appears
to work on the internal network among all three machines, but ping
www.usatoday.com (for example) returns the following:
ping: www.usatoday.com: Unknown host
This despite log info indicating that both NICs are operable. I was unable to
find specific assistance in the archives or FAQ. Seeking live assistance now. I
am including a lot of info (attached document) to assist troubleshooting. I
suspect I have a DNS issue or a DHCP issue, but have insufficient expertise at
this time to debug.
Thanks in advance for any assistance provided.
Mike
LEAF System Description:
Intel mother board (CA636382-001)
Intel Pentium 120 MHz CPU
16 MB SRAM
(2) D-LINK DFE530TX+ NICs
Cable Modem (Comcast ISP)
uname -a gives:
Linux firewall 2.4.32 #1 Sat Mar 4 21:00:13 CET 2006 i586 unknown
ip link show gives:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:ba:ac:5e:ea brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:ba:ac:5e:f2 brd ff:ff:ff:ff:ff:ff
ip addr show gives:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:ba:ac:5e:ea brd ff:ff:ff:ff:ff:ff
inet 67.190.53.180/23 brd 255.255.255.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:ba:ac:5e:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
ip route show gives:
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
71.229.242.0/23 dev eth0 proto kernel scope link src 71.229.243.194
default via 71.229.242.1 dev eth0
iptables -nvL gives:
Chain INPUT (policy DROP 36 packets, 11814 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
162 54854 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:INPUT:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:FORWARD:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:OUTPUT:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:all2all:REJECT:'
queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
0 0 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
162 54854 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
162 54854 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
0 0 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:net2all:DROP:'
queue_threshold 1
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain norfc1918 (2 references)
pkts bytes target prot opt in out source destination
0 0 rfc1918 all -- * * 172.16.0.0/12 0.0.0.0/0
0 0 rfc1918 all -- * * 192.168.0.0/16 0.0.0.0/0
0 0 rfc1918 all -- * * 10.0.0.0/8 0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 192.168.1.255 0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain rfc1918 (3 references)
pkts bytes target prot opt in out source destination
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:rfc1918:DROP:'
queue_threshold 1
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 ULOG all -- * * 255.255.255.255 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:'
queue_threshold 1
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 ULOG all -- * * 192.168.1.255 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:'
queue_threshold 1
0 0 DROP all -- * * 192.168.1.255 0.0.0.0/0
0 0 ULOG all -- * * 255.255.255.255 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:'
queue_threshold 1
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 ULOG all -- * * 224.0.0.0/4 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:smurfs:DROP:'
queue_threshold 1
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
iptables -t nat -nvL gives:
Chain PREROUTING (policy ACCEPT 3 packets, 703 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0
/sbin/shorewall status gives:
Shorewall-3.0.7 Status at firewall - Sat Aug 19 08:21:19 UTC 2006
Shorewall is running
State:Started (Sat Aug 19 08:13:44 UTC 2006)
ping 192.168.1.1 gives (this is a Windows machine on the internal net):
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=128 time=7.3 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=128 time=5.0 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=128 time=5.0 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=128 time=5.0 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=128 time=4.9 ms
--- 192.168.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 4.9/5.4/7.3 ms
ping 192.168.1.2 gives (this is a Windows machine on the internal net):
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=128 time=6.6 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=128 time=5.0 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=128 time=5.0 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=128 time=5.0 ms
64 bytes from 192.168.1.2: icmp_seq=4 ttl=128 time=5.0 ms
64 bytes from 192.168.1.2: icmp_seq=5 ttl=128 time=5.0 ms
--- 192.168.1.2 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 5.0/5.2/6.6 ms
ping 192.168.1.254 gives:
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=6.6 ms
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=5.9 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=5.9 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=64 time=5.9 ms
64 bytes from 192.168.1.254: icmp_seq=4 ttl=64 time=5.9 ms
64 bytes from 192.168.1.254: icmp_seq=5 ttl=64 time=5.9 ms
--- 192.168.1.254 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 5.9/6.0/6.6 ms
lsmod gives (the firewall contains two D-Link DFE-530TX+ NICS):
Module Size Used by Not tainted
softdog 1360 1
ipt_ipp2p 5624 0
ipt_state 272 15
ipt_helper 400 0 (unused)
ipt_conntrack 692 0
ipt_REDIRECT 480 0 (unused)
ipt_MASQUERADE 1024 1
ip_nat_irc 1704 0 (unused)
ip_nat_ftp 2152 0 (unused)
iptable_nat 14452 3 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc
ip_nat_ftp]
ip_conntrack_irc 2484 1
ip_conntrack_ftp 3132 1
ip_conntrack 16516 2 [ipt_state ipt_helper ipt_conntrack
ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc
ip_conntrack_ftp]
8139too 11944 2
mii 1820 0 [8139too]
pci-scan 3532 0 (unused)
crc32 2620 0 [8139too]
netstat -n gives (-r option not compiled in):
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 7 [ ] DGRAM 1630 /dev/log
unix 2 [ ] DGRAM 3208
unix 2 [ ] DGRAM 1921
unix 2 [ ] DGRAM 1883
unix 2 [ ] DGRAM 1834
unix 2 [ ] DGRAM 1656
DHCPCD.LOG contains (note: the IPs here are from a previous boot than the info
above, so the addresses may differ. However the same messages were otherwise
present):
Aug 16 15:46:01 firewall dhcpcd[20631]: broadcasting DHCP_DISCOVER
Aug 16 15:46:01 firewall dhcpcd[20631]: dhcpIPaddrLeaseTime=192052 in DHCP
server response.
Aug 16 15:46:01 firewall dhcpcd[20631]: dhcpT1value is missing in DHCP server
response. Assuming 96026 sec
Aug 16 15:46:01 firewall dhcpcd[20631]: dhcpT2value is missing in DHCP server
response. Assuming 168045 sec
Aug 16 15:46:01 firewall dhcpcd[20631]: DHCP_OFFER received from (68.87.66.13)
Aug 16 15:46:01 firewall dhcpcd[20631]: broadcasting DHCP_REQUEST for
67.190.53.180
Aug 16 15:46:01 firewall dhcpcd[20631]: dhcpIPaddrLeaseTime=192052 in DHCP
server response.
Aug 16 15:46:01 firewall dhcpcd[20631]: dhcpT1value is missing in DHCP server
response. Assuming 96026 sec
Aug 16 15:46:01 firewall dhcpcd[20631]: dhcpT2value is missing in DHCP server
response. Assuming 168045 sec
Aug 16 15:46:01 firewall dhcpcd[20631]: DHCP_ACK received from (68.87.66.13)
Aug 16 15:46:02 firewall dhcpcd.exe: interface eth0 has been configured with
new IP=67.190.53.180
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
