On Wed,23.Jul.08, 14:35:31, Csanyi Pal wrote:

> Like I sed this problem is still here if I clear the iptables with
> 'shorewall clear' command. So I think this is not shorewall issue.

If you enabled IP forwarding in shorewall (vs. sysctl.conf) then
clearing shorewall will disable the forwarding for sure.

Regards,
Andrei
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

Andrei Popescu <andreimpopescu@gmail.com> writes:

> On Wed,23.Jul.08, 14:35:31, Csanyi Pal wrote:
>
>> Like I sed this problem is still here if I clear the iptables with
>> 'shorewall clear' command. So I think this is not shorewall issue.
>
> If you enabled IP forwarding in shorewall (vs. sysctl.conf) then
> clearing shorewall will disable the forwarding for sure.

$ sudo shorewall clear
Clearing Shorewall...
IP Forwarding Enabled
done.

Well, you can see that that IP Forwarding is Enabled when I clear
iptables with shorewall, right?

--
Regards, Paul


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Jul 23, 2008 at 8:35 AM, Csanyi Pal <csanyipal@gmail.com> wrote:
> >From desktop I can to open web page on my apache web server, but only
> with IP address: 192.168.2.100. If I try to access it with FQDN:
> csanyi-pal.info then I can't open it.

Then it sounds like a DNS issue. Changed the settings in there recently?

Brian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Brian McKee" <brian.mckee@gmail.com> writes:

> On Wed, Jul 23, 2008 at 8:35 AM, Csanyi Pal <csanyipal@gmail.com> wrote:
>> >From desktop I can to open web page on my apache web server, but only
>> with IP address: 192.168.2.100. If I try to access it with FQDN:
>> csanyi-pal.info then I can't open it.
>
> Then it sounds like a DNS issue. Changed the settings in there recently?

Yes, I think so too, but I don't changed DNS settings recently.

--
Regards, Paul Csanyi
http://www.freewebs.com/csanyi-pal/index.htm


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Andrei Popescu <andreimpopescu@gmail.com> writes:

> On Wed,23.Jul.08, 13:31:13, Csányi Pál wrote:
> Posting your entire shorewall config could be a bit much, but maybe you
> know *exactly* what you changed from the default config and could post
> here.

Here is the shorewall rules



--
Regards, Paul Csanyi
http://www.freewebs.com/csanyi-pal/index.htm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/23/08 08:46, Csanyi Pal wrote:
> "Brian McKee" <brian.mckee@gmail.com> writes:
>
>> On Wed, Jul 23, 2008 at 8:35 AM, Csanyi Pal <csanyipal@gmail.com> wrote:
>>> >From desktop I can to open web page on my apache web server, but only
>>> with IP address: 192.168.2.100. If I try to access it with FQDN:
>>> csanyi-pal.info then I can't open it.
>> Then it sounds like a DNS issue. Changed the settings in there recently?
>
> Yes, I think so too, but I don't changed DNS settings recently.

Maybe your ISP changed it's DNS addresses?

- --
Ron Johnson, Jr.
Jefferson LA USA

"Kittens give Morbo gas. In lighter news, the city of New New
York is doomed."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiHYbAACgkQS9HxQb37XmdoigCghRrlSYmB5d AP10KtkNmpDd0s
tXcAoLEyp7kzLP6FYCxpOwdu11BauoO/
=MFwI
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Ron Johnson <ron.l.johnson@cox.net> writes:

> On 07/23/08 08:46, Csanyi Pal wrote:
>> "Brian McKee" <brian.mckee@gmail.com> writes:
>>
>>> On Wed, Jul 23, 2008 at 8:35 AM, Csanyi Pal <csanyipal@gmail.com> wrote:
>>>> >From desktop I can to open web page on my apache web server, but only
>>>> with IP address: 192.168.2.100. If I try to access it with FQDN:
>>>> csanyi-pal.info then I can't open it.
>>> Then it sounds like a DNS issue. Changed the settings in there recently?
>>
>> Yes, I think so too, but I don't changed DNS settings recently.
>
> Maybe your ISP changed it's DNS addresses?

I look for that too, but my gateway get DNS IPs with dhclient.conf so
if my ISP changed it's DNS addresses then my gateway get the right DNS
IP addresses too, right?

--
Regards, Paul Csanyi
http://www.freewebs.com/csanyi-pal/index.htm


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Jul 23, 2008 at 02:35:31PM +0200, Csanyi Pal wrote:
> Andrei Popescu <andreimpopescu@gmail.com> writes:
>
> > On Wed,23.Jul.08, 13:31:13, Csányi Pál wrote:
> >> I have at home a small LAN with Debian GNU/Linux Etch boxes.
> >>
> >> The gateway/router can to access the internet but server and desktop
> >> can't.
> >>
> >> I have setup shorewall (iptables) on every three system and so far it
> >> works but today it works not.
> >>
> >> I tried with command 'shorewall clear' to clear firewall but still
> >> can't reach internet from server and desktop box.
> >>
> >> What could cause this behavior and how can I solve this problem?
> >
> > Can the server and desktop access the gateway? Can they access each
> > other?
>
> Yes, I can to access gateway and server with SSH from desktop, and
> from server the gateway again with SSH.
>
> >From desktop I can to open web page on my apache web server, but only
> with IP address: 192.168.2.100. If I try to access it with FQDN:
> csanyi-pal.info then I can't open it.
>
> > Posting your entire shorewall config could be a bit much, but maybe you
> > know *exactly* what you changed from the default config and could post
> > here.
>
> Like I sed this problem is still here if I clear the iptables with
> 'shorewall clear' command. So I think this is not shorewall issue.
>
> I think that that this is a network setup problem.. but I don't
> understand that that I don't changed anything but the problem came up
> today.

please provide us the output of

/sbin/route

when executed on the gateway machine.

Also check the contents of /etc/resolv.conf on all your machines.

A

Andrew Sackville-West <andrew@farwestbilliards.com> writes:

> On Wed, Jul 23, 2008 at 02:35:31PM +0200, Csanyi Pal wrote:
>> Andrei Popescu <andreimpopescu@gmail.com> writes:
>>
>> > On Wed,23.Jul.08, 13:31:13, Csányi Pál wrote:
>> >> I have at home a small LAN with Debian GNU/Linux Etch boxes.
>> >>
>> >> The gateway/router can to access the internet but server and desktop
>> >> can't.
>> >>
>> >> I have setup shorewall (iptables) on every three system and so far it
>> >> works but today it works not.
>> >>
>> >> I tried with command 'shorewall clear' to clear firewall but still
>> >> can't reach internet from server and desktop box.
>> >>
>> >> What could cause this behavior and how can I solve this problem?
>> >
>> > Can the server and desktop access the gateway? Can they access each
>> > other?
>>
>> Yes, I can to access gateway and server with SSH from desktop, and
>> from server the gateway again with SSH.
>>
>> >From desktop I can to open web page on my apache web server, but only
>> with IP address: 192.168.2.100. If I try to access it with FQDN:
>> csanyi-pal.info then I can't open it.
>>
>> > Posting your entire shorewall config could be a bit much, but maybe you
>> > know *exactly* what you changed from the default config and could post
>> > here.
>>
>> Like I sed this problem is still here if I clear the iptables with
>> 'shorewall clear' command. So I think this is not shorewall issue.
>>
>> I think that that this is a network setup problem.. but I don't
>> understand that that I don't changed anything but the problem came up
>> today.
>
> please provide us the output of
>
> /sbin/route
>
> when executed on the gateway machine.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
91.102.231.32 * 255.255.255.240 U 0 0 0 eth2
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 46-231-102-91.r 0.0.0.0 UG 0 0 0 eth2

> Also check the contents of /etc/resolv.conf on all your machines.

gateway:
nameserver 62.108.117.6
nameserver 213.244.255.2

desktop:
search csanyi-pal.info
nameserver 62.108.117.6
nameserver 213.244.255.2

server:
search csanyi-pal.info
nameserver 62.108.117.6
nameserver 213.244.255.2


--
Regards, Paul Csanyi
http://www.freewebs.com/csanyi-pal/index.htm


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Jul 23, 2008 at 08:02:58PM +0200, Csanyi Pal wrote:
> Andrew Sackville-West <andrew@farwestbilliards.com> writes:
>
> > On Wed, Jul 23, 2008 at 02:35:31PM +0200, Csanyi Pal wrote:
> >> Andrei Popescu <andreimpopescu@gmail.com> writes:
> >>
> >> > On Wed,23.Jul.08, 13:31:13, Csányi Pál wrote:
> >> >> I have at home a small LAN with Debian GNU/Linux Etch boxes.
> >> >>
[snip]

> > /sbin/route
> >
> > when executed on the gateway machine.
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 91.102.231.32 * 255.255.255.240 U 0 0 0 eth2
> 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
> default 46-231-102-91.r 0.0.0.0 UG 0 0 0 eth2
[snip]

can I suggest that internet not working is a very vague problem that it
could be many things. There have been a few suggestions on what it
could be. Try from the bottom up. ssh into the gateway machine.

Is it is connected to the internet, try ip connectivity first ping from
the gateway machine to the default gateway. try then pinging some other
address say for example your isp's dns server, try to just use ip
addresses so it will only test ip connectivity if you use names then dns
gets involved. No guarantee that your isp's dns servers listen to ping,
I like pinging google.com (64.233.167.99) I know they reply, if this is
all working then next thing to try from the gateway machine is pinging
names, this will test weather the dns is working, its a bit harder to
watch, you will need tcpdump.

looking at your route table I would suggest something like

tcpduump -pni eth2 port 53 or host <insert the isps dns ip address here,
the first one in the resolv.conf file>

this will show you all the packets leaving via eth2 that are on port 53
(dns) or are destined or have come from you isp's dns server.

if this is working from the gateway, try it from one of the remote
machines, the tcpdump should be still run on the gateway machine

Alex


>
> --
> Regards, Paul Csanyi
> http://www.freewebs.com/csanyi-pal/index.htm
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

--
"It's very important for folks to understand that when there's more trade, there's more commerce."

- George W. Bush
04/21/2001
Quebec City, Canada
at the Summit of the Americas