Linux Help Needed

avwolf · **Posted:** Tue Mar 25, 2008 12:38 pm

I'm still coming up dry. Let's check some of my assumptions.

Code:

ping -c4 -I eth1 www.google.com

This makes sure that eth1 is your wireless connection. We're pinging out eth1 (-I for "use the following interface") and sending four packets (-c4). Unlike Windows ping, Unix ping will keep going until you stop it, unless you give it a specific number.

Code:

cat /proc/sys/net/ipv4/ip_forward

Check that the kernel has IP forwarding enabled.

Code:

ping -c4 68.238.0.12

Make sure you can reach your DNS server. I'm sure you can, actually, but why not check, since we're doing diagnostics now?

Code:

sudo ifconfig eth0

Let's make sure that our eth0 interface is set up right. Maybe it's listening to the wrong IP or something.

Black_Elite1 · **Posted:** Tue Mar 25, 2008 12:45 pm

Code:

PING www.l.google.com (64.233.167.147) from 192.168.1.66 eth1: 56(84) bytes of data.
64 bytes from www.google.com (64.233.167.147): icmp_seq=1 ttl=243 time=43.3 ms
64 bytes from www.google.com (64.233.167.147): icmp_seq=2 ttl=243 time=43.1 ms
64 bytes from www.google.com (64.233.167.147): icmp_seq=3 ttl=243 time=42.0 ms
64 bytes from www.google.com (64.233.167.147): icmp_seq=4 ttl=243 time=42.9 ms

--- www.l.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 42.018/42.893/43.381/0.544 ms

Code:

1

Code:

PING 68.238.0.12 (68.238.0.12) 56(84) bytes of data.
64 bytes from 68.238.0.12: icmp_seq=1 ttl=252 time=39.8 ms
64 bytes from 68.238.0.12: icmp_seq=2 ttl=252 time=40.1 ms
64 bytes from 68.238.0.12: icmp_seq=3 ttl=252 time=40.2 ms
64 bytes from 68.238.0.12: icmp_seq=4 ttl=252 time=39.6 ms

--- 68.238.0.12 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 39.642/39.989/40.291/0.360 ms

Code:

eth0      Link encap:Ethernet  HWaddr 00:16:36:DD:6D:5E  
          inet addr:192.168.63.1  Bcast:192.168.63.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2056 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:138916 (135.6 KB)  TX bytes:9881 (9.6 KB)
          Base address:0x2000 Memory:d0000000-d0020000 

avwolf · **Posted:** Tue Mar 25, 2008 1:10 pm

Hrm. Okay, everything looks good.

*sucks teeth* What could it be... The firewall should be empty save for the commands that let it do the forwarding. Dhcpd should be sending all the right information, and the XBox looks to be getting an IP. I don't have any diagnostic tools on the XBox... What am I missing?

Let's look back over our settings. Maybe there's a typo or I told you something wrong.

Code:

sudo cat /etc/dhcpd.conf
sudo iptables -t filter -L
sudo iptables -t nat -L

Black_Elite1 · **Posted:** Tue Mar 25, 2008 1:21 pm

Code:

# give leases out for a month, by default (30 days -- the value is in seconds)
default-lease-time 2592000;
# or six months at max
max-lease-time 15552000;

# set up the subnet for 192.168.63.x
subnet 192.168.63.0 netmask 255.255.255.0 {
    # give out IPs from 192.168.63.10 - 192.168.63.249
    range 192.168.63.10 192.168.63.249;
    # use these DNS servers
    option domain-name-servers 68.238.0.12, 216.229.16.30;
    # this DHCP server rules this subnet with an iron fist
    authoritative;
    # route packets through this computer (192.168.63.1)
    option routers 192.168.63.1;
}

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  192.168.63.0/24      anywhere            state NEW /* Forward from inside */ 
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED /* Forward from inside */ 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain INBOUND (0 references)
target     prot opt source               destination         

Chain LOG_FILTER (0 references)
target     prot opt source               destination         

Chain LSI (0 references)
target     prot opt source               destination         

Chain LSO (0 references)
target     prot opt source               destination         

Chain OUTBOUND (0 references)
target     prot opt source               destination     

Code:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  0    --  anywhere             anywhere            /* Masquerade Wireless */ 
MASQUERADE  0    --  anywhere             anywhere            /* Masquerade internally */ 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

EDIT:
FRICK!
Just had to Reboot >_<

avwolf · **Posted:** Tue Mar 25, 2008 3:00 pm

Black_Elite1 wrote:

EDIT:
FRICK!
Just had to Reboot >_<

'Sok. It's not like we've got it working yet, and we can refer back to the thread for everything we've done. No worries. Let me stew on this a while.

Black_Elite1 · **Posted:** Tue Mar 25, 2008 3:10 pm

Alright.

avwolf · **Posted:** Mon Mar 31, 2008 1:37 am

Sorry I'm so late getting back to this. I'm still coming up dry, so let's try this again. (If you're wondering why I'm still banging away at the firewall, it's because everything else looks good. The XBox is apparently getting an IP address and forwarding seems to be enabled in the kernel. I'm about at my wits' end, and I know that if there's even a small problem in the firewall configuration, it could well mean nothing works.) Feel free to ignore this all if you've found another way around it since then. This time I'm going to go with the most basic rules, so I'm doing a few less checks. I'm adding one that's a workaround for a problem that I'm aware Microsoft sites have trouble with. Maybe it's one of our issues. (That's the TCPMSS line, and believe me, it's a ridiculously difficult problem to troubleshoot. It felt like the whole Internet worked, except for Microsoft and Weather.com. Very confusing.)

Code:

sudo iptables -t filter -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -A FORWARD -m tcp -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
sudo iptables -A FORWARD -i eth0 -o eth0 -m comment --comment "Forward inside to inside" -j ACCEPT
sudo iptables -A FORWARD -o eth1 -m comment --comment "Forward inside to outside" -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -m comment --comment "Forward outside to inside" -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o eth1 -m comment --comment "Masquerade Wireless" -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -o eth0 -m comment --comment "Masquerade Internally" -j MASQUERADE

Also, let's add some more lines to your dhcpd.conf and see if they help:

Code:

# give leases out for a month, by default (30 days -- the value is in seconds)
default-lease-time 2592000;
# or six months at max
max-lease-time 15552000;

# set up the subnet for 192.168.63.x
subnet 192.168.63.0 netmask 255.255.255.0 {
    # give out IPs from 192.168.63.10 - 192.168.63.249
    range 192.168.63.10 192.168.63.249;
    # use these DNS servers
    option domain-name-servers 68.238.0.12, 216.229.16.30;
    # this DHCP server rules this subnet with an iron fist
    authoritative;
    # route packets through this computer (192.168.63.1)
    option routers 192.168.63.1;
    # set the netmask for the subnet
    option subnet-mask 255.255.255.0;
    # set the broadcast address
    option broadcast-address 192.168.63.255;
}

Then restart dhcpd

Code:

sudo killall dhcpd
sudo dhcpd eth0

Black_Elite1 · **Posted:** Mon Mar 31, 2008 3:27 pm

Got the first clips of coding in, but I forgot the code to get into dhcpd.conf, and my...internet failed, had to reboot.

avwolf · **Posted:** Mon Mar 31, 2008 3:56 pm

Black_Elite1 wrote:

Got the first clips of coding in, but I forgot the code to get into dhcpd.conf, and my...internet failed, had to reboot.

That's fine, that list will nuke existing rules and do everything. Let me know if the Internet dies again after you do all that. It might be getting angry about one of the rules.

Black_Elite1 · **Posted:** Mon Mar 31, 2008 4:11 pm

Right, but I still forget how to get to dhcpd.conf

avwolf · **Posted:** Mon Mar 31, 2008 4:13 pm

Oh, sure. Sorry.

Code:

nano -w /etc/dhcpd.conf

Black_Elite1 · **Posted:** Mon Mar 31, 2008 4:42 pm

Internet Software Consortium DHCP Server 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

Listening on LPF/eth0/00:16:36:dd:6d:5e/192.168.63.0
Sending on LPF/eth0/00:16:36:dd:6d:5e/192.168.63.0
Sending on Socket/fallback/fallback-net

Aaaaand no XBL

avwolf · **Posted:** Mon Mar 31, 2008 5:26 pm

I'm stuck. I don't know what else to try, without something else on the other end that we can actually do some diagnostics on and figure out what's going on.

Black_Elite1 · **Posted:** Mon Mar 31, 2008 5:37 pm

Alright, I'll see if Firestarter helps like my friend said it would.

Black_Elite1 · **Posted:** Wed Jun 11, 2008 3:56 pm

Okay, getting Linux Mint 5 now, just in case, what were the exact things I need to do to get sound working.

And not all the hoopla we tried and did not work...

Twokinds ARCHIVE Forums

Linux Help Needed

Who is online