Ray Olszewski said:
> Whle I am not troubled by the length of your reply -- complicated problems
> take a lot of description -- I do wish you had kept the old subject line
> (indeed, used one at all) -- your not doing so made it a bit hard to find
> your earlier message.
Sorry about that.. That was a total cockup on my behalf.. I didn't relise I
had done that until after I had sent it and then because of the size of it..
I didn't want to re-send it.. (rock and a hard place)
> Also, while the quoted command results you sent came
> through cleanly, your own writing was munged somehow, and perhaps for this
> reason I find myself not understanding some of what you wrote.
>
> 1. Is mr_bumpy a client on your LAN, OR is mr_bunpy the RH router itself? I
> can't find where you say.
mr_bumpy is the server itself. (ip 192.168.100.1) I am currently working on
it from a terra term in windoze client. But if need be I can easily swap to
the servers k/b.
> Since it cannot ping the Internet, it would be
> helpful to know if this failure were occurring in the router or in a client.
> For the moment, I will assume that mr_bumpy is the RH router.
Correct, The machine can send the ping, and according to the modem lights the
ping is comming back, but the server isn't alowed to see it.. (firewall is
blocking??)
>
> 2. Can you ping the ppp0 default gateway (203.57.130.22 in the ifconfig
> output you sent) or not? Both from the router and from a client. I don't see
> where you report the results of this test.
Ok I'm a little confused here.. I have given the server a gateway of
192.168.100.1 Why is it picking up a second IP address from my ISP (in the
203.57.130.* range) and calling it the gateway? This is going to make the
firewall even harder to setup.. every time I dial up it changes... All of the
windoze machines inside the LAN have 192.168.100.1 as their gateway..
> 3. I am puzzled by this sentence: "The server works as a router excellently
> when the firewall isn\'t running." As I understand it, your LAN is using
> private addressing, so has to be Masq'd. Masq'ing is part of the firewall
> you are running. So how does the RH host manage to route private-address
> traffic *before* you implement the firewall? Might it be that you have a
> limited firewall running already, then you add more rules to it?
Yeah this is where my knowledge gets even patchier, This server was setup for
me so I could :
A) have my LAN on the net
B) (most important) Learn Linux server administration.
What I do KNOW is that the server is running IPFORWARDING and IPMASQUERADING,
now I have been told that this is a kind of firewall in itself, my problem is
that my vision of a firewall is somewhat 2D - The only firewalls I've ever
seen going are ones inside of /etc/rc.d/ and are called rc.firewall or
firewall. In my mind a firewall is basicly a text file with rules in it. All
that goes through it must first be run past the file.. if it matches all then
it may continue.. Is this right or am I missing a large part of the picture
here... ( I feel I am)
> 4. Have you tried pinging a variety of hosts or just the one in your
> example? In the Ping-of-Death days, some ISP's set up their routers to block
> some icmp traffic, and it is possible that you are just hitting an oddity.
No, I know that my ISP disalowes Traceroutes but thats about it.. I can ping
away to my hearts content...
> 5. You say "inside LAN can do NOTHING on the net". From your ping example,
> this appears to be incorrect -- both the Windows client and the RH server
> can resolve the FQDN emerge.net.au to IP address 203.57.130.34 . How? How is
> your LAN doing name resolution (what nameservers are entered in the RH
> host's /etc/resolv.conf and in the equivalent on the Windows host? Is the RH
> router running BIND?)?
My server is behaving a nameserver to the lan as well as a few other MAJOR
ISP in My country (Australia) I assume that is where the windoze clients are
getting their info from..
> 6. You say: "For pings.. the modem lights flash. For www and telnet past the
> server they don\'t." This is a bit too terse. Is this true when working from
> either the server OR a LAN client? Does it differ when using FQDNs or IP
> addresses (that is, might the modem be showing DNS activity)?
>
I didn't try to surf from the server.. sorry my oversite
Lynx cannot browse from the server, though the lights on the modem indicate
that the www requests are being sent and replys are comming back..
NOTE: When I say that modem lights indicate somthing I am 99.99999% sure that
this is a good indication. The amount of activity that the modem does when no-
one is trying to access the web is VERY quiet, There is a LARGE difference
between ping/surfing/telneting and sever updateing DNS titles.
> 1. Your routing table shows TWO default gateways, in these lines:
>
> >0.0.0.0 203.57.130.22 0.0.0.0 UG 0 0 0
ppp0
> >0.0.0.0 192.168.100.1 0.0.0.0 UG 1 0 0
eth0
>
> You want to delete the second of these, since the internal interface is only
> a static route to the LAN. (This routing table *should* work okay, since it
> is supposed to get traversed in order ... but I wouldn't count on its
> complete reliability in the face of this error, in any case.)
A few questions on this, The first gateway is not static, it changes every
time the server has to dial up again, If I remove the second (static) what
should I set the windoze machines to point at ? (is it really important for
the windoze machines to have agateway to point at?)
Also, How do I remove a gateway? I assume that I should be able to do that in
the "linuxconf" ?
> The first rule blocks fragmented packets; this mihgt introduce problems on a
> ppp connection. The second rule accepts everything else. So rules 3 and on
> never get tested. Based on this, the first thing I'd do is try omitting the
> first rule and see if that fixes your problems. Since rule 3 logs matching
> packets, you might also look at your logs and see if they tell you anything
> informative.
I have # 'ed the first rule and it doesn't seem to make any difference. I am
still looking for the firewall logs.. I can't seem to find them but will keep
looking.
I am VERY gratefull for the help you have given me, I Realise that the help
you have been giving me has probably taken a large amount of your time and
been no small headache, so if you would permit me to have a snail mail
address that I could send a small token of my gratitude to, I would like to
repay you for your effort. Your help has been worth more to me than the
amount I fork out for books, and feel a debt to you for the imparted
knowledge you have given.
Thanks again
Marcus Giles
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
