FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-02-2010, 11:28 PM
"Wayne
 
Default {SOLVED}

Stan Hoeppner wrote:

Wayne <linuxtwo@gmail.com> put forth on 1/2/2010 1:53 PM:


As soon as you said firewall, I remembered having this problem before. I
had meant to disable the firewall last night when testing the MiFi
connection, but forgot.


First rule of thumb: Network problem? Disable all firewalls before additional
troubleshooting.


I did it just now and was able to ping, finally, 192.168.1 .1. I then
http'ed to it and connected to the Admin page!!! Entered the passwd and
got to the configuration pages.!!! No firewall running but tried to
connect to Google anyway. No Joy. Checked /etc/resolv.conf. The DNS
from the MiFi are not there so replaced one with the mifi dns but no
joy. I still think my routing is incomplete.


Can you ping any real addresses outside of 192.168.1.x? Try 65.41.216.221. If
you can ping that then your only remaining issue is DNS resolution. Try pinging
www.google.com. Packet timeout and no DNS will return different errors.



Yes and I can connect to the internet with and without the firewall up.
I have more to do on the firewall though. I can't connect to the MiFi
admin page at 192.168.1.1 with the firewall on. So, you are right on
all points. Get the firewall working and 'then' fix everything else.



I checked the firewall script (firehol) and found an obvious error. As I
have been using modems I had ehol) and found an obvious error. I've
been using modems so I had PUBLIC_MYIF="ppp+". Changed it to
PUBLIC_MYIF="ath0", started the firewall, ran iptbles -S, tried to
connect, No, so ran iptables -F, tried to connect, no, do stopped the
firewall and connected to the admin page, but not to the internet.


I bet you have spent, and will spend, more time in your life screwing with
firewall problems on Linux desktop machines that you ever would fixing an
unfirewalled Linux machine that was compromised at the network layer, which is
the only thing packet firewalls prevent. This scenario is true for the vast
majority of desktop Linux users: packet firewalls cause more user problems than
they prevent.


I have seen that. Not to long ago either. I fixed it but can't
remember what I did. I 'think' it was due to an incorrect routing table
or the firewall though


You fixed it unknowingly by changing your iptables rules through firehol.

Do yourself a huge favor. Once you get the dns/routing table issues fixed, turn
off packet firewalling, permanently, or learn to use it correctly.


I hope to be sending this through the 'firewalled' MiFi connection. We
will see. I also have to get the resolvconfig package to fix the DNS
addr's rather them keep doing it myself in resolv.conf.



Anyway, glad to hear you are a few steps closer to getting this all straightened
out.


Stan, thanks to you for hanging on and getting me to check everything
you could think of. If it had not been for you, I would have been f o r
e v e r wondering what was up.


If you do not have a HAPPY and Prosperous New Year it sure will not be
because you didn't stick to it.


My heart felt thanks for you for all of your help.

My BEST Regards to you and yours for the best year ever.

Wayne


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-03-2010, 05:18 AM
Stan Hoeppner
 
Default {SOLVED}

Wayne <linuxtwo@gmail.com> put forth on 1/2/2010 6:28 PM:

> Yes and I can connect to the internet with and without the firewall up.
> I have more to do on the firewall though. I can't connect to the MiFi
> admin page at 192.168.1.1 with the firewall on. So, you are right on
> all points. Get the firewall working and 'then' fix everything else.

No, that's backwards. You must have misspoken. You must have the basic network
stack functioning before you can troubleshoot packet filter problems. This is
exactly what you've just gone through. You didn't know your basic stack was
working _until_ you disabled the f/w. That unmasked the minor problems you
still had with your basic network stack and informed you there was a f/w problem
as well.

> Stan, thanks to you for hanging on and getting me to check everything
> you could think of. If it had not been for you, I would have been f o r
> e v e r wondering what was up.

You're welcome. If I'd have been paying closer attention in the beginning, I'd
have caught that log error about permissions. Sorry I didn't catch that sooner.

> If you do not have a HAPPY and Prosperous New Year it sure will not be
> because you didn't stick to it.

Heheh. Your gratitude has given my new year a good start. I didn't really
do all that much, but I'm glad it helped a little.

> My heart felt thanks for you for all of your help.
>
> My BEST Regards to you and yours for the best year ever.

Ditto. Enjoy that fresh air up there whilst you're surfing reliably with a
little bit better speed. I bet the Verizon service sure beats the latency of
satellite don't it?

--
Stan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-03-2010, 05:57 PM
"Wayne
 
Default {SOLVED}

Stan Hoeppner wrote:

Wayne <linuxtwo@gmail.com> put forth on 1/2/2010 6:28 PM:


Yes and I can connect to the internet with and without the firewall up.
I have more to do on the firewall though. I can't connect to the MiFi
admin page at 192.168.1.1 with the firewall on. So, you are right on
all points. Get the firewall working and 'then' fix everything else.


No, that's backwards. You must have misspoken. You must have the basic network
stack functioning before you can troubleshoot packet filter problems. This is
exactly what you've just gone through. You didn't know your basic stack was
working _until_ you disabled the f/w. That unmasked the minor problems you
still had with your basic network stack and informed you there was a f/w problem
as well.


Stan, thanks to you for hanging on and getting me to check everything
you could think of. If it had not been for you, I would have been f o r
e v e r wondering what was up.


You're welcome. If I'd have been paying closer attention in the beginning, I'd
have caught that log error about permissions. Sorry I didn't catch that sooner.



You underestimate yourself. I had been fighting 4-5 different things
for over a week. When you answered my plea for help I was so far into
the forest I was lost. You got me to back off and troubleshoot the way
I was taught in the AF back in 1956, divide and conqueror, go back till
the symptom goes away then work back towards the problem. After 12-14
hours a day for 8 days I was really lost and forgot all about that until
YOu helped me to got back on the right track.



If you do not have a HAPPY and Prosperous New Year it sure will not be
because you didn't stick to it.


Heheh. Your gratitude has given my new year a good start. I didn't really
do all that much, but I'm glad it helped a little.


My heart felt thanks for you for all of your help.

My BEST Regards to you and yours for the best year ever.


Ditto. Enjoy that fresh air up there whilst you're surfing reliably with a
little bit better speed. I bet the Verizon service sure beats the latency of
satellite don't it?


I wouldn't know about satellite, I was using an AT&T 3G/GSM modem on a
Cell tower about 3 miles away. As At&t as so little 3G coverage here we
had only GSM coverage at ~12 Kbs average. The phone lines here are >25
years old and dialup was ~2.8Kbs avg. I did a big download last night,
688MB, on Verzion 3G, to the same Cell tower an it took less then 1
hour. I am Now IN HEAVEN!! Thanks to your help.


BTW The cost of both AT&T & Verizon is $60/month with a 5.190 Gig of
downloads a month. I wanted a faster connection before I die. :-)

Again, thank you my friend.

Wayne in the Cold, Snowy Catskill Mountains of Northern New York.

Happy New Year to all!


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 03:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org