2010/11/5 Ellington Santos <[email protected]>: > 2010/11/5 Alcir <[email protected]>: >> Peco novamente ajuda aos senhores, pois ainda n'ao consigo abrir paginas no >> navegador. J`a tentei uma `analise sistemica, mas algo ainda est`a errado!!! >> >> Tenho no servidor: >> . conexao `a internet >> .ping no nome www.gmail.com >> . no ip google 8.8.8.8 >> . e na estacao 192.168.2.7 >> #ping 192.168.2.7 >> PING 192.168.2.7 (192.168.2.7) 56(84) bytes of data. >> 64 bytes from 192.168.2.7: icmp_req=1 ttl=64 time=0.656 ms >> 64 bytes from 192.168.2.7: icmp_req=2 ttl=64 time=0.100 ms >> >> Na estacao: >> .ping no servidor >> . ping 8.8.8.8 ( fora ) >> .ping www.gmail.com ( fora) >> >> Alguem poderia ajudar-me? >> >> Em 2 de novembro de 2010 11:04, Alcir <[email protected]> escreveu: >>> >>> Vou dobrar a mensagem, pois o motivo `e bom!!! >>> >>> server:/home/normal#ping 192.168.2.7 >>> PING 192.168.2.7 (192.168.2.7) 56(84) bytes of data. >>> 64 bytes from 192.168.2.7: icmp_req=1 ttl=64 time=0.113 ms >>> 64 bytes from 192.168.2.7: icmp_req=2 ttl=64 time=0.103 ms >>> >>> >>> Falta ainda conectar `a internet pela estacao, pois as paginas nao estao >>> abrindo... Mas ta indo!!! >>> >>> Em 2 de novembro de 2010 10:15, Alcir <[email protected]> escreveu: >>>> >>>> Meu nobre, estou nessa batalha pela madrugada a dentro. O route del >>>> default consertou a rota e depois do reboot assumiu corretamente. Mas o >>>> ping >>>> continua fora.! Fiz o teste sistemico para a rede. >>>> No servidor: >>>> ping para 192.168.2.1 >>>> ping 8.8.8.8 >>>> ping para nome- www.gmail.com >>>> >>>> Todos ok!! >>>> >>>> Na Estacao: >>>> ping 192.168.2.7 (ok! ) >>>> ping 192.168.2.1 (fora) >>>> >>>> Tmbem tentei rodar >>>> #cat /proc/sys/net/ipv4/ip_forward >>>> >>>> Confirmada saida (1) e a operacionalidade do forward >>>> >>>> #iptables -vL >>>> >>>> Nao mostra nenhum drop!! >>>> >>>> Coloquei um scriptzinho no rc.firewall com permissao de execucao no >>>> boot: >>>> >>>> #vi /etc/rc.d/rc.firewall/roteando >>>> >>>> #!/bin/bash >>>> iptables -t nat -F >>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >>>> >>>> >>>> >>>> Tenho duvidas aqui: >>>> a) O fail2ban ativo poderia estar provovando esse problema? >>>> >>>> b) O iptables precisa estar habilitado na estacao? >>>> >>>> >>>> >>>> Estou quase desesperando e partindo para uma pane de hardware. De >>>> qualquer forma vou tentar arrumar uma nova placa de rede! >>>> >>>> Em 2 de novembro de 2010 09:18, Ellington Santos <[email protected]> >>>> escreveu: >>>>> >>>>> 2010/11/1 Alcir <[email protected]>: >>>>> > Parece que a rota consertou-se. >>>>> > >>>>> > #route -n >>>>> > Kernel IP routing table >>>>> > Destination Gateway Genmask Flags Metric Ref >>>>> > Use >>>>> > Iface >>>>> > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 >>>>> > 0 eth1 >>>>> > 192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 >>>>> > 0 eth0 >>>>> > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 >>>>> > 0 lo >>>>> > 0.0.0.0 192.168.1.254 0.0.0.0 UG 202 0 >>>>> > 0 eth0 >>>>> > >>>>> > >>>>> > >>>>> > Meu vi /etc/rc.local. Nothing!!! Tinhas falado antes em debugar... O >>>>> > que >>>>> > mais pode ser feito? >>>>> > !/bin/sh >>>>> > # >>>>> > # /etc/rc.d/rc.local: Local system initialization script. >>>>> > # >>>>> > # Put any local startup commands in here. Also, if you have >>>>> > # anything that needs to be run at shutdown time you can >>>>> > # make an /etc/rc.d/rc.local_shutdown script and put those >>>>> > # commands in there. >>>>> > # BootSplash functions >>>>> > . /etc/rc.d/rc.bootsplash >>>>> > >>>>> > >>>>> > Em 1 de novembro de 2010 20:56, Ellington Santos >>>>> > <[email protected]> >>>>> > escreveu: >>>>> >> >>>>> >> 2010/11/1 Alcir <[email protected]>: >>>>> >> > Desculpe o triplo post, mas reorganizei esses ips e sem sucesso. >>>>> >> > Tento >>>>> >> > dar >>>>> >> > um ping da Estacao para o Servidor e nada! >>>>> >> > >>>>> >> > Reconfigurei o eth1 server para 192.168.2.1. >>>>> >> > e a Estacao para 192.168.2.7 experimentando numa outra maquina. >>>>> >> > >>>>> >> > >>>>> >> > -Saidas Servidor >>>>> >> > server:/home/normal#route -n >>>>> >> > Kernel IP routing table >>>>> >> > Destination Gateway Genmask Flags Metric Ref >>>>> >> > Use >>>>> >> > Iface >>>>> >> > 192.168.1.0 0.0.0.0 255.255.255.0 U 203 >>>>> >> > 0 0 >>>>> >> > eth0 >>>>> >> > 192.168.110.0 0.0.0.0 255.255.255.0 U 0 >>>>> >> > 0 0 >>>>> >> > eth1 >>>>> >> > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 >>>>> >> > 0 0 >>>>> >> > lo >>>>> >> > 0.0.0.0 192.168.1.254 0.0.0.0 UG 203 >>>>> >> > 0 0 >>>>> >> > eth0 >>>>> >> > >>>>> >> > #ping 192.168.2.7 >>>>> >> > Destination host Unreachable >>>>> >> > >>>>> >> > #ping 8.8.8.8 >>>>> >> > >>>>> >> > 3 packets transmitted, 3 received, 0% packet loss, time 2001ms >>>>> >> > rtt min/avg/max/mdev = 27.963/28.370/29.065/0.530 m >>>>> >> > >>>>> >> > #ping www.gmail.com >>>>> >> > PING googlemail.l.google.com (64.233.163.83) 56(84) bytes of data. >>>>> >> > 64 bytes from bs-in-f83.1e100.net (64.233.163.83): icmp_req=1 >>>>> >> > ttl=55 >>>>> >> > time=27.8 ms >>>>> >> > 64 bytes from bs-in-f83.1e100.net (64.233.163.83): icmp_req=2 >>>>> >> > ttl=55 >>>>> >> > time=27.4 m >>>>> >> > >>>>> >> > #ping 192.168.2.7 >>>>> >> > PING 192.168.2.7 (192.168.2.7) 56(84) bytes of data. >>>>> >> > ^C >>>>> >> > --- 192.168.2.7 ping statistics --- >>>>> >> > 131 packets transmitted, 0 received, 100% packet loss, time >>>>> >> > 129999ms >>>>> >> > >>>>> >> > Entrei com os comados >>>>> >> > iptables -t nat -F >>>>> >> > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >>>>> >> > >>>>> >> > >>>>> >> > #vi /etc/rc.d/rc.inet1.conf >>>>> >> > # Config information for eth0: >>>>> >> > IPADDR[0]="" >>>>> >> > NETMASK[0]="" >>>>> >> > USE_DHCP[0]="yes" >>>>> >> > DHCP_HOSTNAME[0]="" >>>>> >> > >>>>> >> > # Config information for eth1: >>>>> >> > IPADDR[1]="192.168.2.1" >>>>> >> > NETMASK[1]="255.255.255.0" >>>>> >> > USE_DHCP[1]="" >>>>> >> > DHCP_HOSTNAME[1]="" >>>>> >> > # Default gateway IP address: >>>>> >> > GATEWAY="" >>>>> >> > >>>>> >> > >>>>> >> > >>>>> >> > -Saidas da Estacao >>>>> >> > >>>>> >> > # Config information for eth0: >>>>> >> > IPADDR[0]="192.168.2.7" >>>>> >> > NETMASK[0]="255.255.255.0" >>>>> >> > USE_DHCP[0]="" >>>>> >> > DHCP_HOSTNAME[0]="" >>>>> >> > >>>>> >> > # Config information for eth1: >>>>> >> > IPADDR[1]="" >>>>> >> > NETMASK[1]="" >>>>> >> > USE_DHCP[1]="" >>>>> >> > DHCP_HOSTNAME[1]="" >>>>> >> > # Default gateway IP address: >>>>> >> > GATEWAY="192.168.2.1" >>>>> >> > >>>>> >> > >>>>> >> > Nameserver: 200.149.55.140 so` estou usando o DNS prim`ario , pois >>>>> >> > estou >>>>> >> > configurando pelo netconfig >>>>> >> > Em 1 de novembro de 2010 15:48, Alcir <[email protected]> >>>>> >> > escreveu: >>>>> >> >> >>>>> >> >> Melhorando: >>>>> >> >> >>>>> >> >> E na workstation ? Atribui no Netconfig da Worstation o Gateway >>>>> >> >> sendo o >>>>> >> >> mesmo ip usado na eth1 do servidor ( 192.168.110.50) `e isso? >>>>> >> >> Essa >>>>> >> >> classe >>>>> >> >> de ips fica correta >>>>> >> >> >>>>> >> >> Em 1 de novembro de 2010 15:36, Alcir <[email protected]> >>>>> >> >> escreveu: >>>>> >> >> Ellington Santos >>>>> >> >> >>>>> >> >> >Deixe o campo GATEWAY vazio, pois ele será populado pelo dhcp. >>>>> >> >> >>>>> >> >> E na workstation ? Atribui o mesmo ip usado na eth1 do servidor ( >>>>> >> >> 192.168.110.50) `e isso? Essa classe de ips fica correta? >>>>> >> >> >>>>> >> >> Em 1 de novembro de 2010 15:36, Alcir <[email protected]> >>>>> >> >> escreveu: >>>>> >> >>> >>>>> >> >>> Ellington Santos >>>>> >> >>> >>>>> >> >>> >Deixe o campo GATEWAY vazio, pois ele será populado pelo dhcp. >>>>> >> >>> >>>>> >> >>> E na workstation ? Atribui o mesmo ip usado na eth1 do servidor ( >>>>> >> >>> 192.168.110.50) `e isso? Essa classe de ips fica correta? >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> Em 31 de outubro de 2010 12:39, Guilherme Lima >>>>> >> >>> <[email protected]> >>>>> >> >>> escreveu: >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> Em 30 de outubro de 2010 20:41, Alcir <[email protected]> >>>>> >> >>>> escreveu: >>>>> >> >>>>> >>>>> >> >>>>> Guilherme, boa noite! >>>>> >> >>>>> >>>>> >> >>>> >>>>> >> >>>> opa... bom dia! >>>>> >> >>>> >>>>> >> >>>> Então ... como vi abaixo sua eth0 e eth1 se encontram na mesma >>>>> >> >>>> subrede >>>>> >> >>>> 192.168.1.0, sugiro mudar a subrede de ip do modem >>>>> >> >>>> (192.168.0.254 por >>>>> >> >>>> exemplo) e adicionar na interface externa um ip da mesma rede. >>>>> >> >>>> Caso >>>>> >> >>>> não >>>>> >> >>>> possa fazê-lo terá que trabalhar com bridge... desta forma o >>>>> >> >>>> roteamento >>>>> >> >>>> funcionará. >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>>> >>>>> >> >>>>> >Caso persista informe. Sempre é bom tentar explicar seu >>>>> >> >>>>> > procedimento. >>>>> >> >>>>> > >Entendi mais lendo um e-mail raivoso que o calmo ... >>>>> >> >>>>> > > hehehehehe >>>>> >> >>>>> >>>>> >> >>>>> >>>>> >> >>>>> Realmente, o mail foi raivoso. Ja` passou! A mansidao e >>>>> >> >>>>> humildade >>>>> >> >>>>> sao >>>>> >> >>>>> minha praia. E, com essa mesma humildade, informo-lhe que >>>>> >> >>>>> segui >>>>> >> >>>>> exatamente >>>>> >> >>>>> AS SUAS dicas. >>>>> >> >>>>> >>>>> >> >>>>> Vou informar um pouco mais sobre a duvida do gateway que foi a >>>>> >> >>>>> porta >>>>> >> >>>>> desse problema, ok! >>>>> >> >>>>> Continuo errando em algum ponto... Estou usando um modem >>>>> >> >>>>> Thomsom em >>>>> >> >>>>> Bridge, um switch Dlink DES-1024 e conectando na eth0 do >>>>> >> >>>>> futuro >>>>> >> >>>>> servidor >>>>> >> >>>>> dinamicamente ( dhcp ). >>>>> >> >>>>> Meus passos foram: >>>>> >> >>>>> 1) Na eth1 ( rede interna ) do Servior fixei o ip em >>>>> >> >>>>> 192.168.1.50 >>>>> >> >>>>> atraves do >>>>> >> >>>>> /etc/rc.d/rc.inet1.conf e subi o ifconfig eth1 192.168.1.50 up >>>>> >> >>>>> , >>>>> >> >>>>> deixando o Gateway vazio >>>>> >> >>>>> >>>>> >> >>>>> 2) ifconfig eht0 restart e eht1 d'ao: >>>>> >> >>>>> Host name lookup failure >>>>> >> >>>>> >>>>> >> >>>>> 3) Na estacao rodei netconfig pondo o ip fixo 192.168.1.4 e o >>>>> >> >>>>> Gateway >>>>> >> >>>>> que esta amarrado na eth1 do Servidor ( 192.168.1.50 ). Entendi >>>>> >> >>>>> que >>>>> >> >>>>> essa >>>>> >> >>>>> seria a forma de ver o servidor. >>>>> >> >>>>> >>>>> >> >>>>> 4) Rodei o etc/rc.d/rc.ip_forward dando permissao de execucao e >>>>> >> >>>>> start >>>>> >> >>>>> >>>>> >> >>>>> 5) Tentei uma regrinha de iptables e nat em eth0. Aqui bolei, >>>>> >> >>>>> pois >>>>> >> >>>>> nao >>>>> >> >>>>> consegui carregar: modprobe iptable_nat >>>>> >> >>>>> >>>>> >> >>>>> #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ( pus >>>>> >> >>>>> eth0 por >>>>> >> >>>>> ser a chegada da intenet ) >>>>> >> >>>>> >>>>> >> >>>>> Consigo pingar para eth1 ( 192.168.1.50 ) e para o google, mas >>>>> >> >>>>> nunca >>>>> >> >>>>> para a estacao com ip 192.168.1.4! >>>>> >> >>>>> >>>>> >> >>>>> O vi /etc/udev/rules.d/70- persistent-net.rules >>>>> >> >>>>> mostra as duas placas ethernet com o MAC e o NAME >>>>> >> >>>>> correspondentes. >>>>> >> >>>>> >>>>> >> >>>>> Apos segui os passos de: >>>>> >> >>>>> >>>>> >> >>>>> #route -n >>>>> >> >>>>> Destination Gateway Genmask Flags Metric >>>>> >> >>>>> Ref >>>>> >> >>>>> Use >>>>> >> >>>>> Iface >>>>> >> >>>>> 192.168.1.0 0.0.0.0 255.255.255.0 U 202 >>>>> >> >>>>> 0 0 >>>>> >> >>>>> eth0 >>>>> >> >>>>> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 >>>>> >> >>>>> 0 0 >>>>> >> >>>>> lo >>>>> >> >>>>> 0.0.0.0 192.168.1.254 0.0.0.0 UG 202 >>>>> >> >>>>> 0 0 >>>>> >> >>>>> eth0 >>>>> >> >>>> >>>>> >> >>>> Veja que a rota da eth1 não foi reconhecida.. pois se encontra >>>>> >> >>>> no >>>>> >> >>>> mesma >>>>> >> >>>> subrede. Os pacotes saem, mas não voltam!.... =) >>>>> >> >>>> Com certeza a primeira interface que voce configurou foi a eth0, >>>>> >> >>>> por >>>>> >> >>>> isso toda rota aponta pra ela. >>>>> >> >>>> >>>>> >> >>>> Para usar bridge use as configurações apresentadas no outro >>>>> >> >>>> e-mail. >>>>> >> >>>> Sugiro que tente não usar!.. >>>>> >> >>>> >>>>> >> >>>> =P >>>>> >> >>>> >>>>> >> >>>>> >>>>> >> >>>>> e depois: >>>>> >> >>>>> >>>>> >> >>>>> route del default >>>>> >> >>>>> route add defult eth0 >>>>> >> >>>>> route del 192.168.1.50 e fiz um teste usando 192.168.1.254 >>>>> >> >>>>> >>>>> >> >>>>> Infelizmente ainda nao tenho bons resultados. : ( >>>>> >> >>>>> >>>>> >> >>>>> Mas, ja`grato pela ajuda de todos! >>>>> >> >>>> >>>>> >> >>>> Peço desculpas se fui mal (com "L" hehehehe) interpretado no >>>>> >> >>>> e-mail >>>>> >> >>>> inicial. =( >>>>> >> >>>> >>>>> >> >>>> Poste resultados. >>>>> >> >>>> >>>>> >> >>>> =D >>>>> >> >>>>> >>>>> >> >>>>> -- >>>>> >> >>>>> GUS-BR - Grupo de Usuários de Slackware Brasil >>>>> >> >>>>> http://www.slackwarebrasil.org/ >>>>> >> >>>>> http://groups.google.com/group/slack-users-br >>>>> >> >>>>> >>>>> >> >>>>> Antes de perguntar: >>>>> >> >>>>> http://www.istf.com.br/perguntas/ >>>>> >> >>>>> >>>>> >> >>>>> Para sair da lista envie um e-mail para: >>>>> >> >>>>> [email protected] >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> -- >>>>> >> >>>> Guilherme de Lima Gontijo >>>>> >> >>>> -- >>>>> >> >>>> code green - network & it >>>>> >> >>>> Econtec - www.econtecbrasil.com.br >>>>> >> >>>> pQui Linux - www.pquilinux.org >>>>> >> >>>> >>>>> >> >>>> -- >>>>> >> >>>> GUS-BR - Grupo de Usuários de Slackware Brasil >>>>> >> >>>> http://www.slackwarebrasil.org/ >>>>> >> >>>> http://groups.google.com/group/slack-users-br >>>>> >> >>>> >>>>> >> >>>> Antes de perguntar: >>>>> >> >>>> http://www.istf.com.br/perguntas/ >>>>> >> >>>> >>>>> >> >>>> Para sair da lista envie um e-mail para: >>>>> >> >>>> [email protected] >>>>> >> >> >>>>> >> > >>>>> >> > -- >>>>> >> > GUS-BR - Grupo de Usuários de Slackware Brasil >>>>> >> > http://www.slackwarebrasil.org/ >>>>> >> > http://groups.google.com/group/slack-users-br >>>>> >> > >>>>> >> > Antes de perguntar: >>>>> >> > http://www.istf.com.br/perguntas/ >>>>> >> > >>>>> >> > Para sair da lista envie um e-mail para: >>>>> >> > [email protected] >>>>> >> >>>>> >> Você tem uma rota maluca aí para a rede 192.168.110.0. Ela deve estar >>>>> >> bagunçando tudo. E me parece q falta a saída da rede 192.168.2.0 pela >>>>> >> eth1. >>>>> >> Pelas configurações, parece que vc tem alguma opção perdida aí em >>>>> >> algum >>>>> >> lugar. >>>>> >> Verifique se não ficou nada no rc.local e reboota a máquina para >>>>> >> garantir que não ficou nada de configurações anteriores. >>>>> >> >>>>> >> -- >>>>> >> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >>>>> >> >> necropresto - Slackware User << >>>>> >> >> [email protected] << >>>>> >> >> [email protected] << >>>>> >> >>>>> >> -- >>>>> >> GUS-BR - Grupo de Usuários de Slackware Brasil >>>>> >> http://www.slackwarebrasil.org/ >>>>> >> http://groups.google.com/group/slack-users-br >>>>> >> >>>>> >> Antes de perguntar: >>>>> >> http://www.istf.com.br/perguntas/ >>>>> >> >>>>> >> Para sair da lista envie um e-mail para: >>>>> >> [email protected] >>>>> > >>>>> > -- >>>>> > GUS-BR - Grupo de Usuários de Slackware Brasil >>>>> > http://www.slackwarebrasil.org/ >>>>> > http://groups.google.com/group/slack-users-br >>>>> > >>>>> > Antes de perguntar: >>>>> > http://www.istf.com.br/perguntas/ >>>>> > >>>>> > Para sair da lista envie um e-mail para: >>>>> > [email protected] >>>>> >>>>> Agora o ping deve funcionar. Antes, ele achava que a saída pela eth1 >>>>> era da rede 192.168.110.0: >>>>> >>>>> 192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 >>>>> eth1 >>>>> >>>>> Agora quem saí pela eth1 é a rede certa: >>>>> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 >>>>> eth1 >>>>> >>>>> Testa de novo os pings e tudo mais. >>>>> >>>>> >>>>> -- >>>>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >>>>> >> necropresto - Slackware User << >>>>> >> [email protected] << >>>>> >> [email protected] << >>>>> >>>>> -- >>>>> GUS-BR - Grupo de Usuários de Slackware Brasil >>>>> http://www.slackwarebrasil.org/ >>>>> http://groups.google.com/group/slack-users-br >>>>> >>>>> Antes de perguntar: >>>>> http://www.istf.com.br/perguntas/ >>>>> >>>>> Para sair da lista envie um e-mail para: >>>>> [email protected] >>>> >>> >> >> -- >> GUS-BR - Grupo de Usuários de Slackware Brasil >> http://www.slackwarebrasil.org/ >> http://groups.google.com/group/slack-users-br >> >> Antes de perguntar: >> http://www.istf.com.br/perguntas/ >> >> Para sair da lista envie um e-mail para: >> [email protected] > > Cola aqui a saída dos comandos: > > iptables -L > iptables -t nat -L > cat /proc/sys/net/ipv4/ip_forward > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >>> necropresto - Slackware User << >>> [email protected] << >>> [email protected] << >
Ah! Também coloca a saída do comando route -n executado na estação. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >> necropresto - Slackware User << >> [email protected] << >> [email protected] << -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.istf.com.br/perguntas/ Para sair da lista envie um e-mail para: [email protected]
