Re: network configuration for Eth0
On Fri, 1 May 2009 05:36:06 -0400 Paul Cartwright wrote: > I seemed to have a problem with my static setup of eth0 that stopped my > debian > lenny setup from coming up correctly. I kept getting errors in logs. > To redo my network config, just eth0, what is the best way to do it. I tried > dpkg-reconfigure ifupdown, but that didn't change the interfaces file. > this is what I had that didn't work: > #static setup > #auto eth0 > #iface eth0 inet static > #address 192.168.10.103 > #netmask 255.255.255.0 > #broadcast 192.168.10.255 > here is what I have now: > > what's wrong with it? Something's missing here; what did you have, and what do you have now? Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri, 01 May 2009 05:36:06 -0400, Paul Cartwright posted: > I seemed to have a problem with my static setup of eth0 that stopped my > debian lenny setup from coming up correctly. This doesn't tell us anything that we could use to troubleshoot. Do you mean the system doesn't come up or just doesn't come up the way you want it? > I kept getting errors in logs. If you would detail the errors, it might be easier to make a troubleshooting decision of what to check first. > To redo my network config, just eth0, what is the best way to do it. > I tried dpkg-reconfigure ifupdown, but that didn't change the interfaces > file. this is what I had that didn't work: > #static setup > #auto eth0 > #iface eth0 inet static > #address 192.168.10.103 > #netmask 255.255.255.0 > #broadcast 192.168.10.255 > here is what I have now: > > what's wrong with it? Do you by any chance have network-manager running on the system? I agree with Celejar, did you leave part of your description out or do you mean that it is now blank? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri, May 01, 2009 at 05:36:06 -0400, Paul Cartwright (a...@pcartwright.com) wrote: > I seemed to have a problem with my static setup of eth0 that stopped my > debian > lenny setup from coming up correctly. I kept getting errors in logs. > To redo my network config, just eth0, what is the best way to do it. I tried > dpkg-reconfigure ifupdown, but that didn't change the interfaces file. > this is what I had that didn't work: > #static setup > #auto eth0 > #iface eth0 inet static > #address 192.168.10.103 > #netmask 255.255.255.0 > #broadcast 192.168.10.255 > here is what I have now: > > what's wrong with it? As others have commented Paul, there's not a lot here to go on. Your setup which didn't work is all commented out and the rest is just blank. What I would expect to see is something a bit like this: auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.10.103 netmask 255.255.255.0 gateway 192.168.10.1 network 192.168.10.0 broadcast 192.168.10.255 (assuming you have a router of that IP address of course). If you *do* have network-manager installed then this could be the cause of many of your woes. -- Bob Cox. Stoke Gifford, near Bristol, UK. Please reply to the list only. Do NOT send copies directly to me. http://bobcox.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri,01.May.09, 15:11:17, Bob Cox wrote: > What I would expect to see is something a bit like this: > > auto lo > iface lo inet loopback > > auto eth0 > iface eth0 inet static > address 192.168.10.103 > netmask 255.255.255.0 > gateway 192.168.10.1 > network 192.168.10.0 > broadcast 192.168.10.255 Nitpick: 'network' and 'broadcast' are optional and gateway is necessary only if this interface is used to connect to the internet. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: network configuration for Eth0
On Fri, May 01, 2009 at 19:04:25 +0300, Andrei Popescu
(andreimpope...@gmail.com) wrote:
[snip]
> Nitpick: 'network' and 'broadcast' are optional and gateway is necessary
> only if this interface is used to connect to the internet.
Good points. I like nitpicking ;-)
As an aside, I use static IPs on everything here with no wireless and
all manually configured as per my example.
The only exception to this is a recently acquired laptop with which I
wanted to use both wireless and DHCP and be able to control it all from
a GUI interface; something I have not done before. I tried and failed
with the kde front-end to network manager and in the end purged all
traces of them and installing wicd ("aptitude show wicd" describes it
well). It is really excellent and just works, seamlessly restoring
networking after suspending and so on and allowing easy switching from
wired to wireless and so on.
--
Bob Cox. Stoke Gifford, near Bristol, UK.
Please reply to the list only. Do NOT send copies directly to me.
http://bobcox.com/
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri May 1 2009, Celejar wrote: > > this is what I had that didn't work: > > #static setup > > #auto eth0 > > #iface eth0 inet static > > #address 192.168.10.103 > > #netmask 255.255.255.0 > > #broadcast 192.168.10.255 > > here is what I have now: # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet dhcp > > > > what's wrong with it? > > Something's missing here; what did you have, and what do you have now? I hit SEND a bit too fast.. -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri May 1 2009, Andrei Popescu wrote: > > auto lo > > iface lo inet loopback > > > > auto eth0 > > iface eth0 inet static > > address 192.168.10.103 > > netmask 255.255.255.0 > > gateway 192.168.10.1 > > network 192.168.10.0 > > broadcast 192.168.10.255 > > Nitpick: 'network' and 'broadcast' are optional and gateway is necessary > only if this interface is used to connect to the internet. yes gateway is my router that my PC is connected to. router connected to DSL modem. -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri May 1 2009, Bob Cox wrote: > What I would expect to see is something a bit like this: > > auto lo > iface lo inet loopback > > auto eth0 > iface eth0 inet static > address 192.168.10.103 > netmask 255.255.255.0 > gateway 192.168.10.1 > network 192.168.10.0 > broadcast 192.168.10.255 > > (assuming you have a router of that IP address of course). > > If you *do* have network-manager installed then this could be the cause > of many of your woes. rc network-manager 0.6.5-3 network management framework daemon rc network-manager-gnome 0.6.5-3 network management framework (GNOME frontend) -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri May 1 2009, Bob Cox wrote:
> > Nitpick: 'network' and 'broadcast' are optional and gateway is necessary
> > only if this interface is used to connect to the internet.
>
> Good points. I like nitpicking ;-)
>
> As an aside, I use static IPs on everything here with no wireless and
> all manually configured as per my example.
that is what I am trying to do, take away the DHCP and make them static. I
have my desktop, a laptop that I connect using a wired connection, and my
wifes laptop. I also have some other test servers that get turned on every so
often..
I am using dyndns and port forwarding to my desktop for http.. so I want a
static IP in my network for my desktop.
>
> The only exception to this is a recently acquired laptop with which I
> wanted to use both wireless and DHCP and be able to control it all from
> a GUI interface; something I have not done before. I tried and failed
> with the kde front-end to network manager and in the end purged all
> traces of them and installing wicd ("aptitude show wicd" describes it
> well). It is really excellent and just works, seamlessly restoring
> networking after suspending and so on and allowing easy switching from
> wired to wireless and so on.
--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Fri,01.May.09, 05:36:06, Paul Cartwright wrote: > I seemed to have a problem with my static setup of eth0 that stopped my > debian > lenny setup from coming up correctly. I kept getting errors in logs. > To redo my network config, just eth0, what is the best way to do it. I tried > dpkg-reconfigure ifupdown, but that didn't change the interfaces file. > this is what I had that didn't work: > #static setup > #auto eth0 > #iface eth0 inet static > #address 192.168.10.103 > #netmask 255.255.255.0 > #broadcast 192.168.10.255 > here is what I have now: Please re-enable this part (and comment out the dhcp parts) and post the output of 'ifup -v eth0' (if it's complaining that it's already configured then do a 'ifdown eth0' first). Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: network configuration for Eth0
On Sat May 2 2009, Andrei Popescu wrote: > > #static setup > > #auto eth0 > > #iface eth0 inet static > > #address 192.168.10.103 > > #netmask 255.255.255.0 > > #broadcast 192.168.10.255 > > here is what I have now: > > Please re-enable this part (and comment out the dhcp parts) and post the > output of 'ifup -v eth0' (if it's complaining that it's already > configured then do a 'ifdown eth0' first). # ifup -v eth0 Configuring interface eth0=eth0 (inet) run-parts --verbose /etc/network/if-pre-up.d run-parts: executing /etc/network/if-pre-up.d/bridge run-parts: executing /etc/network/if-pre-up.d/iptables Restoring iptables rules... run-parts: executing /etc/network/if-pre-up.d/uml-utilities run-parts: executing /etc/network/if-pre-up.d/vde2 ifconfig eth0 192.168.10.103 netmask 255.255.255.0 broadcast 192.168.10.255 up route add default gw 192.168.10.1 eth0 run-parts --verbose /etc/network/if-up.d run-parts: executing /etc/network/if-up.d/000resolvconf run-parts: executing /etc/network/if-up.d/50firestarter Stopping the Firestarter firewall Starting the Firestarter firewall run-parts: executing /etc/network/if-up.d/avahi-daemon run-parts: executing /etc/network/if-up.d/bind9 run-parts: executing /etc/network/if-up.d/clamav-freshclam-ifupdown run-parts: executing /etc/network/if-up.d/mountnfs run-parts: executing /etc/network/if-up.d/ntp run-parts: executing /etc/network/if-up.d/ntpdate run-parts: executing /etc/network/if-up.d/openntpd run-parts: executing /etc/network/if-up.d/openssh-server run-parts: executing /etc/network/if-up.d/postfix run-parts: executing /etc/network/if-up.d/uml-utilities well, that seems to work. # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:16:76:bc:3f:af inet addr:192.168.10.103 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::216:76ff:febc:3faf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4743323 errors:0 dropped:0 overruns:0 frame:0 TX packets:4512344 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:3929836675 (3.6 GiB) TX bytes:1192756579 (1.1 GiB) Memory:dffe-e000 part of the problem was 2 files I had worked on that did give me errors, and I removed them. 1 was ipv6, the other was an iptables entry. I was trying to add an iptables entry to allow ssh & http ports. I can get this to work from a shell script, but I don't know where to put it to make it start on boot: iptables -I INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT iptables -I INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT /sbin/iptables -N ssh-connection /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force " /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP /sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Sat,02.May.09, 05:38:38, Paul Cartwright wrote: > well, that seems to work. ... > part of the problem was 2 files I had worked on that did give me > errors, and I removed them. 1 was ipv6, Do yo mean the module? If you don't want it loaded (though I have it and there are no problems) just blacklist it in a file (ex. 00local.conf) under /etc/modprobe.d/ with blacklist ipv6 > the other was an iptables entry. I was trying to add an iptables entry > to allow ssh & http ports. I can get this to work from a shell script, I saw in the (sniped) output above that you also use firestarter. I don't think it's a good idea to mix firewall frontends with custom rules in some script. Pick one and stick to it. If firestarter can't do what you need (or don't know how to configure it) just ask for help, there are many others (personally I prefer shorewall, it's quite easy to setup and very powerful). Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: network configuration for Eth0
On Sat May 2 2009, Andrei Popescu wrote: > > part of the problem was 2 files I had worked on that did give me > > errors, and I removed them. 1 was ipv6, > > Do yo mean the module? If you don't want it loaded (though I have it and > there are no problems) just blacklist it in a file (ex. 00local.conf) > under /etc/modprobe.d/ with > > blacklist ipv6 actually, I was trying to setup IPv6, but I don't think my router supports it. So it isn't necessary. I'm not sure anything is loaded for ipv6.. how would I check? > > > the other was an iptables entry. I was trying to add an iptables entry > > to allow ssh & http ports. I can get this to work from a shell script, > > I saw in the (sniped) output above that you also use firestarter. I > don't think it's a good idea to mix firewall frontends with custom rules > in some script. Pick one and stick to it. > > If firestarter can't do what you need (or don't know how to configure > it) just ask for help, there are many others (personally I prefer > shorewall, it's quite easy to setup and very powerful). ok, so I have firestarter installed: ii firestarter1.0.3-6gtk program for managing and observing your what I want is a rule tht allows http for my web page to port forward from my router to my desktop, and also allow me to ssh into my desktop from my laptops. Right now I have it setup to use ssh keys for security, and I have to run that script every time i boot, to get my http ports open. How do I get that done with iptables automatically at boot? right now this is my script, but I'm not at all sure this is exactly what i need to run: iptables -I INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT iptables -I INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT /sbin/iptables -N ssh-connection /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force " /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP /sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Sat,02.May.09, 06:15:04, Paul Cartwright wrote: > On Sat May 2 2009, Andrei Popescu wrote: > > > part of the problem was 2 files I had worked on that did give me > > > errors, and I removed them. 1 was ipv6, > > > > Do yo mean the module? If you don't want it loaded (though I have it and > > there are no problems) just blacklist it in a file (ex. 00local.conf) > > under /etc/modprobe.d/ with > > > > blacklist ipv6 > > actually, I was trying to setup IPv6, but I don't think my router supports > it. > So it isn't necessary. I'm not sure anything is loaded for ipv6.. how would I > check? You don't need to worry about it. > > > the other was an iptables entry. I was trying to add an iptables entry > > > to allow ssh & http ports. I can get this to work from a shell script, > > > > I saw in the (sniped) output above that you also use firestarter. I > > don't think it's a good idea to mix firewall frontends with custom rules > > in some script. Pick one and stick to it. > > > > If firestarter can't do what you need (or don't know how to configure > > it) just ask for help, there are many others (personally I prefer > > shorewall, it's quite easy to setup and very powerful). > > ok, so I have firestarter installed: > > ii firestarter1.0.3-6gtk program for managing and observing your > > what I want is a rule tht allows http for my web page to port forward from my > router to my desktop, and also allow me to ssh into my desktop from my > laptops. Right now I have it setup to use ssh keys for security, and I have > to run that script every time i boot, to get my http ports open. > How do I get that done with iptables automatically at boot? > right now this is my script, but I'm not at all sure this is exactly what i > need to run: > iptables -I INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT > iptables -I INPUT -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT > /sbin/iptables -N ssh-connection > /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m > recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j > LOG --log-prefix "SSH_brute_force " > /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m > recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP > /sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW -m > recent --set --name SSH -j ACCEPT Sorry, I'm not familiar with either iptables or firestarter. You might want to start a new thread about this. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: network configuration for Eth0
On Sat, 02 May 2009 06:15:04 -0400, Paul Cartwright posted: [...] > what I want is a rule tht allows http for my web page to port forward from > my router to my desktop, and also allow me to ssh into my desktop from my > laptops. If I understand correctly what you asking: You will need to option your router to port forward port 80 requests from the WAN interface to the static IP Address of the computer on your LAN you want them to go to. If those "laptops" are in your LAN, you will have to option firestarter on the computer in question to allow connections on service port 22 from your laptops in your LAN IP Address range. If those "laptops" are on the WAN (Internet), you will have to option the router to port forward port 22 requests to the static IP Address of the computer on your LAN you want them to go to. In case I misunderstood you, I agree with Andrei, this thread has strayed far enough from the original topic to be worthy of starting a new thread. In any case, I advise you do that to make sure enough people look at it for good peer review. [...] -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Sat May 2 2009, Thorny wrote: > If I understand correctly what you asking: > > You will need to option your router to port forward port 80 requests > from the WAN interface to the static IP Address of the computer on your > LAN you want them to go to. I have done that and it works. > > If those "laptops" are in your LAN, you will have to option firestarter > on the computer in question to allow connections on service port 22 from > your laptops in your LAN IP Address range. I have also done that, and it works. > > In case I misunderstood you, I agree with Andrei, this thread has strayed > far enough from the original topic to be worthy of starting a new thread. > In any case, I advise you do that to make sure enough people look at it > for good peer review. so far, so good. Now I guess I need to start a new thread about IPTABLES.. right now I forgot that I had firestart installed, but I just wanted to create some rules to port forward to a static IP for HTTP web access. Firestarter might work, but i really wanted to be able to add my own entry to some file somewhere:) command-line junky :) thanks! -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Sat,02.May.09, 16:32:44, Paul Cartwright wrote: > Firestarter might work, but i really wanted to be able to add my own > entry to some file somewhere:) command-line junky :) Sounds like shorewall to me ;) Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: network configuration for Eth0
On Sat May 2 2009, Andrei Popescu wrote: > > need to run: > > iptables -I INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j > > ACCEPT iptables -I INPUT -p tcp -m state --state NEW --dport 22 -i eth0 > > -j ACCEPT /sbin/iptables -N ssh-connection > > /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m > > recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j > > LOG --log-prefix "SSH_brute_force " > > /sbin/iptables -A ssh-connection -i eth0 -p tcp --dport 22 -m > > recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP > > /sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW > > -m recent --set --name SSH -j ACCEPT > > Sorry, I'm not familiar with either iptables or firestarter. You might > want to start a new thread about this. I'm not familiar with firestarter either, that's why I tried to create a shell script.. I'm better when I can work with plain old config files.. and VI :) -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: network configuration for Eth0
On Sun May 3 2009, Andrei Popescu wrote: > > Firestarter might work, but i really wanted to be able to add my own > > entry to some file somewhere:) command-line junky :) > > Sounds like shorewall to me ;) ahhh, I might have to look at it. thanks! per the INTRO page: http://www.shorewall.net/ Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and there is no “Shorewall process” left running in your system. The /sbin/shorewall program can be used at any time to monitor the Netfilter firewall. this is what I am looking for. -- Paul Cartwright Registered Linux user # 367800 Registered Ubuntu User #12459 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
