[ale] Internet Connection

Dow Hurst dhurst at kennesaw.edu
Tue Mar 12 15:53:41 EST 2002 

Actually, your ipchain policy is accept so ping should work as it is not
explicitly denied.

This sets a "default" route in the kernel's routing table for any packet
that the kernel doesn't have a direct path to the correct destination to
send the packet to.

route add default gw 192.168.123.254

This is done usually for a static unchanging network in the startup
scripts.  For a ppp connection it is done in the ip-up scripts after the
pppd daemon at the ISP has passed the right info to your ppp program.
Dow


Dow Hurst wrote:
> 
> Drew,
> I know that this seems very frustrating but reinstalling would not
> help.  In fact, changing the values in a few text files that configure
> parts of the system is all that is needed.
> 
> >From the output below I can see you have a default route set as:
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 0.0.0.0         192.168.123.254 0.0.0.0         UG       40 0          0
> eth0
> 
> I am wondering why you have a subnet of xxx.xxx.123.xxx showing up when
> your eth0 interface is probably set to: 192.168.1.xxx?  Why don't you
> post the output of ifconfig -a on the list and I'll take a looksee.  To
> set your machine to rights, you have already done much that is right.
> 
> Putting your ISPs nameservers in the /etc/resolv.conf file is correct.
> Making your default route point to the cable modem's inside interface is
> correct.  Is your cable modem's inside interface 192.168.123.254? (Same
> question as what I asked above just stated differently)
> 
> If you can ping your cable modem's inside interface:
> ping 192.168.123.254
> 
> then that is a start.  Your ifconfig -a command should show your eth0
> interface as 192.168.123.xxx.  If it doesn't then your subnetting is
> screwed up.  Your netmask is what divides up your network and should be
> 255.255.255.0 for your situation.  Jerry Yu is probably right that your
> cable modem isn't truly connected if your other machines can't get out
> either.  You don't need a SEARCH command in your /etc/resolv.conf since
> the /etc/nsswitch.conf takes precedence in configuring the nscd, name
> service caching daemon.  At this point, I would just make sure that all
> your home networked machines have the same subnetting scheme and netmask
> such as 192.168.1.x and 255.255.255.0 to start with.  After this, I
> would test pinging the cable modem's inside interface from each
> machine.  Then test to see which machines can ping beyond the cable
> modem.  Does your cable modem have a default firewall built into it to
> prevent the outside world from reaching into your home?  If not then I
> would leave the ipchains running on the Linux machine.  You should
> duplicate for the ipchain's output chain what you have for the input
> chain or you won't pass packets properly.  After looking at older posts
> below I can see your chain rules are pretty restrictive so you can't use
> ping but must use "telnet IP port#", such as telnet 192.168.1.5 80 to
> test your connectivity.  If you put in an ICMP rule for ping then you
> could use it.  I am coming in late to this so I hope I haven't
> duplicated other posts too much.
> Dow
> 
> "ChangingLINKS.com" wrote:
> >
> > ALE, 03-12-02 1407
> > Ok, I have tried the following 10 things (per advice from this list), and my
> > Internet connection still does not work. Is there a way that I can remove
> > -everything- related to networking and internet connection and reinstall the
> > rpms from the CD? Normally, when I have a problem like this I do a re-install
> > of the entire OS, but I am hoping that if I learn to fix this problem, then I
> > will have to do less re-installs in the future and save time on computer
> > upkeep.
> >
> > 1. [root at tb1200 root]# ipchains -F
> > ipchains: Incompatible with this kernel
> >
> > 2. [root at tb10 root]# netstat -nr
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> > 192.168.123.254 0.0.0.0         255.255.255.255 UH       40 0          0 eth0
> > 192.168.1.0     0.0.0.0         255.255.255.0   U        40 0          0 eth0
> > 127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
> > 0.0.0.0         192.168.123.254 0.0.0.0         UG       40 0          0 eth0
> >
> > 3. [root at tb10 root]# ping 216.239.51.101
> > PING 216.239.51.101 (216.239.51.101) from 192.168.1.130 : 56(84) bytes of
> > data.
> > --- 216.239.51.101 ping statistics ---
> > 9 packets transmitted, 0 packets received, 100% packet loss
> > You have new mail in /var/spool/mail/root
> > [root at tb1200 root]#
> >
> > 4. Check and see what your /etc/resolv.conf looks like to make sure it isn't
> > looking for a nameserver that isn't there.
> > resolv.conf contained no text
> >
> > 5. [root at tb10 root]# rpm -qa ipch*
> > ipchains-1.3.10-10
> >
> > 6. [root at tb10 root]# rpm -e ipchains-1.3.10-10
> > error: removing these packages would break dependencies:
> >         ipchains is needed by lokkit-0.50-6
> >         ipchains is needed by firewall-config-0.95-4
> >         ipchains is needed by gnome-lokkit-0.50-6
> >
> > 7. [root at tb10 root]# rpm -e ipchains-1.3.10-10 lokkit-0.50-6
> > firewall-config.0.95
> > -4 gnome-lokkit-.50-6
> > error: package lokkit-0.50-6 is not installed
> > error: package firewall-config.0.95-4 is not installed
> > error: package gnome-lokkit-.50-6 is not installed
> >
> > 8. [root at tb10 root]# /etc/rc.d/init.d/network stop &&
> > /etc/rc.d/init.d/ipchains stop \
> > > && modprobe -r ipchains && /etc/rc.d/init.d/iptables start && iptables -L -n
> > Shutting down interface eth0:                              [  OK  ]
> > bash: /etc/rc.d/init.d/ipchains: No such file or directory
> > [root at tb1200 root]#
> >
> > 9.[root at tb10 root]# /etc/rc.d/init.d/network start
> > Setting network parameters:                                [  OK  ]
> > Bringing up interface lo:                                  [  OK  ]
> > Bringing up interface eth0:                                [  OK  ]
> > [root at tb1200 root]# ping 216.239.51.101
> > PING 216.239.51.101 (216.239.51.101) from 192.168.1.130 : 56(84) bytes of
> > data.
> >
> > --- 216.239.51.101 ping statistics ---
> > 23 packets transmitted, 0 packets received, 100% packet loss
> > [root at tb1200 root]#
> >
> > 10. Added the following to /etc/resolv.conf I decided to make the file like
> > the computer that works, however, this didn't work either after starting and
> > stopping /init.d/network and even rebooting.
> > /etc/resolv.conf file:
> > domain home.here
> > nameserver 66.56.65.7
> > nameserver 66.56.65.8
> > search home.here
> >
> > RE: [ale] Installfest Success / Internet Connection
> > From: "Adrin" <haswes at mindspring.com>
> > To: <x3 at changinglinks.com>
> > Date: Tue, 12 Mar 2002 08:13:45 -0500
> >
> > I am an amateur, but I think you last 2 ipchain rules are
> > stopping the Internet surfing.    I think you can do a
> > ipchains -F  and clear those rules.  Which is almost as good
> > as it being removed.   Personally I have been using
> > Iptables.
> >
> > Adrin
> >
> > RE: [ale] Installfest Success / Internet Connection
> > From: "Adrin" <haswes at mindspring.com>
> > To: <x3 at changinglinks.com>
> > Date: Tue, 12 Mar 2002 08:15:51 -0500
> >
> > Opps forgot something
> >
> > Before you say that your internet connection doesn't work.
> > Try pinging a known address.   Also try nslookup or dig.
> >
> > If you do    and ip route show you can see
> > your default gateway.
> >
> > Adrin
> >
> > Re: [ale] Installfest Success / Internet Connection
> > From: Mike Still <StillWaxin at Yahoo.com>
> >  To: x3 at ChangingLINKS.com
> >  Date: 12 Mar 2002 08:15:19 -0500
> >
> > You sure this isn't a name service problem?  Can you ping an IP address
> > out on the internet?  Check and see what your /etc/resolv.conf looks
> > like to make sure it isn't looking for a nameserver that isn't there.
> >
> > An IP address to try and ping would be www.google.com (216.239.51.101).
> >
> > RE: [ale] Installfest Success / Internet Connection
> > From: "Chris Farris" <chrisf at primeharbor.com>
> >  To: <x3 at ChangingLINKS.com>
> >  Date: Tue, 12 Mar 2002 08:15:03 -0500
> >
> > Each one of those lines that begins w/ ACCEPT or REJECT is a firewall
> > rule.
> >
> > Dump them with "ipchains -F" and see if your network works.....
> >
> > Then go out and get a book on firewalls and reimplement it correctly, or
> > do without a firewall, but I don't recommend that.
> >
> > Chris
> >
> > --
> > Chris Farris
> > Sr. Consultant
> > PrimeHarbor Technologies
> > http://www.primeharbor.com
> > chrisf at primeharbor.com
> >
> > Re: [ale] Installfest Success / Internet Connection
> > From: Keith Hopkins <hne at hopnet.net>
> > To: x3 at changinglinks.com
> > Cc: ale at ale.org
> > Date: Tue, 12 Mar 2002 18:45:59 +0900
> >
> > I think you'll have to actually reboot (gasp!) to make the kernel quit using
> > ipchains.  make sure your startup scripts don't try to initialize ipchains
> > again on boot.
> >
> > does the rpm -e actually remove anything?
> >
> > shm is a shared memory device
> > proc is ... proc ... reports live info from the kernel about different parts
> > of your computer
> > pts is for ttys
> >
> > huh? What does DVD have to do with MIDI?
> > proc probably gets involved in both.  shm might get involved in DVD.  I don't
> > think pts would involve either.
> > --
> > Lost in Tokyo,
> >    Keith
> >      Jack of All Trades, Anarchist
> >
> > [ale] Installfest Success / Internet Connection
> > From: "ChangingLINKS.com" <ChangingLINKS.com at bigfoot.com>
> > To: ale at ale.org
> > Date: Fri, 12 Mar 2010 03:33:13 -0500
> >
> > I ran this:
> > /etc/rc.d/init.d/network stop && /etc/rc.d/init.d/ipchains stop \
> > && modprobe -r ipchains && /etc/rc.d/init.d/iptables start && iptables -L -n
> >
> > rpm -e ipchains
> >
> > and now I get this:
> >
> > [root at tb1200 root]# ipchains -L -n
> > Chain input (policy ACCEPT):
> > target     prot opt     source                destination           ports
> > ACCEPT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   22
> > ACCEPT     udp  ------  0.0.0.0/0            0.0.0.0/0             67:68 ->
> > 67
> > :68
> > ACCEPT     udp  ------  0.0.0.0/0            0.0.0.0/0             67:68 ->
> > 67
> > :68
> > ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
> > REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   *
> > REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   *
> > Chain forward (policy ACCEPT):
> > Chain output (policy ACCEPT):
> >
> > but my Internet connection still doesn't work. Lan card still pings itself
> > okay, and the router but not anything else. Please help. Thanks in advance.
> > By the way, I also noticed that I have three new directories mounted under
> > disk managment.
> >
> > /dev/shm        /proc   /dev/pts
> >
> > /proc would not "unmount" either. Does anyone have a clue as to why there are
> > new folders and such? Do these have to do with DVD playing of midi sequencers?
> > --
> >
> > Re: [ale] Installfest Success / Internet Connection
> > From: "Jerry Z. Yu" <z.yu at ptek.com>
> >  To: <x3 at changinglinks.com>
> >  Cc: "'Atlanta Linux User Group (E-mail)'" <ale at ale.org>
> >  Date: Mon, 11 Mar 2002 16:46:16 -0500 (EST)
> >
> >         conflicts with ipchains which is active by default?
> >         "ipchains -L -n"
> >         /etc/rc.d/init.d/network stop && /etc/rc.d/init.d/ipchains stop \
> > && modprobe -r ipchains && /etc/rc.d/init.d/iptables start && iptables -L
> > -n
> >         if it works now, `rpm -e ipchains`
> >
> > On Thu, 11 Mar 2010, ChangingLINKS.com wrote:
> >
> > #I ran iptables -L -n as root on my daily use machine (that works) and my test
> > #drive, and got the exact same error message. I usually select "high" as the
> > #firewall setting during install because I found that if I don't my networked
> > #games (D3 UT) will not work right. (Thanx for your help the other day Chris,
> > #and your help now.)
> > --
> > Wishing you Happiness, Joy and Laughter,
> > Drew
> > http://www.ChangingLINKS.com
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > sent to listmaster at ale dot org.
> 
> --
> __________________________________________________________
> Dow Hurst                   Office: 770-499-3428
> Systems Support Specialist  Fax:    770-423-6744
> 1000 Chastain Rd.
> Chemistry Department SC428  Email:dhurst at kennesaw.edu
> Kennesaw State University         Dow.Hurst at mindspring.com
> Kennesaw, GA 30144
> *********************************
> *Computational Chemistry is fun!*
> *********************************
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.

-- 
__________________________________________________________
Dow Hurst                   Office: 770-499-3428
Systems Support Specialist  Fax:    770-423-6744
1000 Chastain Rd.
Chemistry Department SC428  Email:dhurst at kennesaw.edu
Kennesaw State University         Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*********************************
*Computational Chemistry is fun!*
*********************************

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list