Re: Internet stops working right after startup
Hi Ajitabh,
I attached the information you asked. Apologies for the mail I just sent
to your address instead of to the mailing list.
Frank
Ajitabh Pandey wrote:
Hi Frank,
2009/1/21 Frank Razenberg <frank@zzattack.org <mailto:frank@zzattack.org>>
[snipped....]
Some details that might help identify my problem:
- I set ipmasq to start after services have been started using
dpkg-reconfigure
- in /etc/network/interfaces, for eth0 I execute a script after
eth0 is brought up. This script initializes iptables rules and ip
masquerading.
- I use dnsmasq as DHCP and DNS server.
- The eth0 interface gets it's IP from a DHCP server by my ISP,
eth1 has a static ip.
To start with, it will be helpful if you could send the following:
(1.) The iptables rule-set
(2.) Output of ifconfig
(3.) Output of route -n
(4.) Contents of /etc/hosts and /etc/resolv.conf
(5.) DNSMASQ configuration file.
Regards.
--
Ajitabh Pandey
http://www.ajitabhpandey.info/ | http://www.unixclinic.net/
ICQ - 150615062
Registered Linux User - 240748
(1) iptables rule-set
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- loopback/8 anywhere LOG level warning
DROP all -- loopback/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 10.31.45.0/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- 10.31.45.0/24 anywhere LOG level warning
DROP all -- 10.31.45.0/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 241-78-ftth.onsneteindhoven.nl
ACCEPT all -- anywhere 255-79-ftth.onsneteindhoven.nl
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere frank-laptop.zzattack.org udp dpt:22925
ACCEPT tcp -- anywhere frank-laptop.zzattack.org tcp dpt:22925
ACCEPT tcp -- anywhere frank-laptop.zzattack.org tcp dpt:57396
ACCEPT udp -- anywhere frank-laptop.zzattack.org udp dpt:57396
ACCEPT all -- 10.31.45.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere 10.31.45.0/24 LOG level warning
DROP all -- anywhere 10.31.45.0/24
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 10.31.45.0/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- anywhere 10.31.45.0/24 LOG level warning
DROP all -- anywhere 10.31.45.0/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 241-78-ftth.onsneteindhoven.nl anywhere
ACCEPT all -- 255-79-ftth.onsneteindhoven.nl anywhere
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain Badflags (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `Badflags: '
DROP all -- anywhere anywhere
Chain Firewall (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `Firewall: '
DROP all -- anywhere anywhere
Chain Rejectwall (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `Rejectwall: '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
(2) ifconfig
frank-server:/etc# ifconfig
eth0 Link encap:Ethernet HWaddr 00:22:15:bb:6d:6f
inet addr:88.159.78.241 Bcast:88.159.79.255 Mask:255.255.252.0
inet6 addr: fe80::222:15ff:febb:6d6f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:694617 errors:0 dropped:0 overruns:0 frame:0
TX packets:1323736 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:337817588 (322.1 MiB) TX bytes:1742968716 (1.6 GiB)
Interrupt:251 Base address:0xe000
eth1 Link encap:Ethernet HWaddr 00:1e:2a:b6:3b:84
inet addr:10.31.45.10 Bcast:10.31.45.255 Mask:255.255.255.0
inet6 addr: fe80::21e:2aff:feb6:3b84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1326290 errors:0 dropped:0 overruns:0 frame:0
TX packets:695988 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1738118012 (1.6 GiB) TX bytes:334718500 (319.2 MiB)
Interrupt:16 Base address:0x8c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:625 errors:0 dropped:0 overruns:0 frame:0
TX packets:625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:59565 (58.1 KiB) TX bytes:59565 (58.1 KiB)
(3) output of route -n (when working correctly)
frank-server:/etc# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.31.45.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
88.159.76.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
0.0.0.0 88.159.76.1 0.0.0.0 UG 0 0 0 eth0
(4) /etc/hosts
127.0.0.1 localhost
127.0.0.1 frank-server.zzattack.org frank-server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
/etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
(5) dnsmasq configuration file
domain=zzattack.org
#domain-needed
#expand-hosts
#bogus-priv
#filterwin2k
#no-hosts
#addn-hosts=
#no-negcache
#cache-size=
#log-queries
local-ttl=86400
#
#listen-address=0.0.0.0
dhcp-range=10.31.45.100,10.31.45.199 86400
#
dhcp-host=00:23:47:48:72:c0,procurve,10.31.45.2
dhcp-host=00:1e:37:d9:6a:c2,frank-laptop,,10.31.45.20
dhcp-host=00:1e:52:0c:59:07,frank-iphone,10.31.45.22
Reply to: