first, i'm not on this list, so please cc me if you think you know what my
problem is.
I have a dlink DI-804 switch/DSL-Router and want to use it without it's
integrated DHCP funktionality.
So i disabled DHCP.
I can ping it, use it's web-interface to configure it or do this via it's
telnet-interface - no problem so far.
192.168.1.0 is my net.
192.168.1.100 is the IP of my PC.
192.168.1.254 is the IP of the dlink.
I have no problem using the DSL-Modem via PPPOE directly - everything works
fine.
But when i try to use the dlink between my PC and the modem - problems arise.
The dlink immediately opens a DSL-connection - so this is ok. He has the IP
and an external gateway.
But i just can't reach any websites - no matter what kind of address.
ping www.debian.de
ping: unknown host www.debian.de
ping 145.253.2.171
PING 145.253.2.171 (145.253.2.171) from 192.168.1.100 : 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 145.253.2.171 ping statistics ---
2 packets transmitted, 0 received, 100% loss, time 1020ms
These are my routes:
route
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.1.254 * 255.255.255.255 UH 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 vmnet8
localnet * 255.255.255.0 U 0 0 0 eth0
localnet * 255.255.255.0 U 0 0 0 irda0
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
My resolv.conf:
cat /etc/resolv.conf
nameserver 145.253.2.171
nameserver 145.253.2.203
With resolv.conf, there is another interesting thing. I don't know what it
means. The nameserver addresses that i got from my provider are different.
When i insert them again, next time i use pppd they change to the ones i send
you now. I don't know if the dlink can do this, too. But it seems not to be
the problem, right?
This is what my dlink says:
WAN MAC Address : 00-05-5D-DB-9B-32
Current IP : 213.23.6.138
Current IP Mask : 255.255.255.0
Current Gateway : 145.253.1.223
Current DNS1 : 145.253.2.11
Current DNS2 : 145.253.2.75
LAN MAC Address : 00-05-5D-DB-9B-31
Current IP : 192.168.1.254
Current Subnet Mask : 255.255.255.0
DHCP : Disable
Starting IP Address : 192.168.0.100
Number of IP Addresses : 100
Can you help me?
What am I doing wrong?
Thanks,
Markus Lechner
--
To UNSUBSCRIBE, email to debian-is...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
> Starting IP Address : 192.168.0.100
Should this be the same?
(Or show us your ifconfig.)
Jeremy C. Reed
...................................................
BSD software, documentation, resources, news...
http://bsd.reedmedia.net/
BTW - i subscribed to the list now.
Anyway, my ifconfig:
ifconfig
eth0 Protokoll:Ethernet Hardware Adresse 00:20:E0:6B:6A:64
inet Adresse:192.168.1.100 Bcast:192.168.1.255 Maske:255.255.255.0
inet6 Adresse: fe80::220:e0ff:fe6b:6a64/10
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:2261036 errors:0 dropped:0 overruns:0 frame:1
TX packets:1861802 errors:0 dropped:0 overruns:2 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:100
RX bytes:1855772469 (1.7 GiB) TX bytes:1152573277 (1.0 GiB)
Interrupt:10 Basisadresse:0xd000
irda0 Protokoll:IrLAP Hardware Adresse 3c:26:43:12
inet Adresse:192.168.1.101 Maske:255.255.255.0
UP RUNNING NOARP MTU:2048 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:78491 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:8
RX bytes:0 (0.0 b) TX bytes:2490293 (2.3 MiB)
Interrupt:3 Basisadresse:0x2f8
lo Protokoll:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:428468 errors:0 dropped:0 overruns:0 frame:0
TX packets:428468 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:95725151 (91.2 MiB) TX bytes:95725151 (91.2 MiB)
This is the output - seems to be completely open:
iptables -L OUTPUT -n -v
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
553K 125M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0
255.255.255.255
0 0 ACCEPT all -- * irda0 0.0.0.0/0
255.255.255.255
0 0 ACCEPT all -- * vmnet8 0.0.0.0/0
255.255.255.255
4757 575K ACCEPT all -- * eth0 0.0.0.0/0
192.168.1.0/24
0 0 ACCEPT all -- * irda0 0.0.0.0/0
192.168.1.0/24
2655 340K ACCEPT all -- * vmnet8 0.0.0.0/0
192.168.2.0/24
0 0 ACCEPT !tcp -- * eth0 0.0.0.0/0
224.0.0.0/4
0 0 ACCEPT !tcp -- * irda0 0.0.0.0/0
224.0.0.0/4
0 0 ACCEPT !tcp -- * vmnet8 0.0.0.0/0
224.0.0.0/4
0 0 LOG all -- * ppp0 0.0.0.0/0
192.168.1.0/24 LOG flags 0 level 4
0 0 DROP all -- * ppp0 0.0.0.0/0
192.168.1.0/24
0 0 LOG all -- * ppp0 0.0.0.0/0
192.168.1.0/24 LOG flags 0 level 4
0 0 DROP all -- * ppp0 0.0.0.0/0
192.168.1.0/24
0 0 LOG all -- * ppp0 0.0.0.0/0
192.168.2.0/24 LOG flags 0 level 4
0 0 DROP all -- * ppp0 0.0.0.0/0
192.168.2.0/24
0 0 ACCEPT all -- * ppp0 0.0.0.0/0
255.255.255.255
1239K 1108M ACCEPT all -- * ppp0 212.144.221.8 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>route
>Kernel IP Routentabelle
>Ziel Router Genmask Flags Metric Ref Use Iface
>192.168.1.254 * 255.255.255.255 UH 0 0 0 eth0
>192.168.2.0 * 255.255.255.0 U 0 0 0 vmnet8
>localnet * 255.255.255.0 U 0 0 0 eth0
>localnet * 255.255.255.0 U 0 0 0 irda0
>default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
( If I understand you, you are not using pppoe, you are trying to route the
packets, is it ok? ).
You should have a rule in the output chain that ACCEPT packets to the
destination ( 0.0.0.0 or what you want ) for the interface eth0.
In your output chain you only accept packets with output interface eth0 to
255.255.255.255 ( broadcast ), to 224.0.0.0 ( multicast ) and to 192.168.1.0/24
( this is why you can ping and manage your dlink ).
That I can't understand is why you have a 0 in the drop packets count, do you
reset the counters before list the output?
Regards,
Matias Lambert
> ( If I understand you, you are not using pppoe, you are trying to route the
> packets, is it ok? ).
>
Yes.
> You should have a rule in the output chain that ACCEPT packets to the
> destination ( 0.0.0.0 or what you want ) for the interface eth0.
> In your output chain you only accept packets with output interface eth0 to
> 255.255.255.255 ( broadcast ), to 224.0.0.0 ( multicast ) and to
> 192.168.1.0/24 ( this is why you can ping and manage your dlink ).
>
Ok, i did this. But it did not work. I forgot that i used ipmasq, too, so i
disabled it. Maybe this interfered, don't know. And i changed the INPUT chain
in the same manner (which may be wrong, because then all the benefits of
packet filtering are gone).
Now the situation is the following:
I can ping the interface itself (the ppp-link held by the dlink) and i can
ping the gateway for this interface (which is already an outside address). I
can ping all the addresses outside - not by their names, but only by their
numerical addresses. So this is now a nameserver problem. The strange part is
that i can't reach those numerical addresses with any browser.
My resolv.conf looks like this:
search mydomain.net
nameserver 127.0.0.1
nameserver 192.168.1.254 (this is the dlink)
nameserver ... (of my provider)
nameserver ... (of my provider)
I read that the resolv.conf does only accept 3 addresses and played around a
bit. But no matter what combination i tried, i can't ping addresses by their
names but only by their numerical addresses. I disabled the internal firewall
and filter of the dlink completely just to make sure that this is not the
problem.
What am i doing wrong?
What's with the hosts,deny or hosts.allow files? Are they the ones i have to
modify?
> That I can't understand is why you have a 0 in the drop packets count, do
> you reset the counters before list the output?
>
Either i did a reboot or it's simply because i used pppoe without the dlink.
Thanks so far,
Mac