[leaf-user] PPPoE difficulty
Hello. I'm trying out Bering for a remote office, mostly because I've been using (and loving!) Tom Eastep's Shorewall. This remote office has SBC Ameritech DSL, which uses PPPoE. I used a CoyoteLinux floppy, and everything worked fine. Using Bering, though, I fail to connect to the DSL. I read this message in the archives: http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg07764.html which seems like my problem, as evidenced by these lines from the syslog: Sep 20 16:57:41 firewall pppd[12169]: Plugin /usr/lib/pppd/pppoe.so loaded. Sep 20 16:57:41 firewall pppd[12169]: PPPoE Plugin Initialized Sep 20 16:57:41 firewall pppd[30223]: pppd 2.4.1 started by root, uid 0 Sep 20 16:57:42 firewall pppd[30223]: Serial connection established. Sep 20 16:57:42 firewall pppd[30223]: Couldn't get channel number: Input/output error Sep 20 16:57:42 firewall pppd[30223]: ioctl(PPPIOCGFLAGS): Bad file descriptor Sep 20 16:57:42 firewall pppd[30223]: Exit. Sep 20 16:57:43 firewall pppd[17649]: Connection terminated. Sep 20 16:57:43 firewall pppd[17649]: Doing disconnect Sep 20 16:58:13 firewall pppd[17649]: Sending PADI Sep 20 16:58:13 firewall pppd[17649]: HOST_UNIQ successful match Sep 20 16:58:13 firewall pppd[17649]: HOST_UNIQ successful match Sep 20 16:58:13 firewall pppd[17649]: Got connection: 1614 Sep 20 16:58:13 firewall pppd[17649]: Connecting PPPoE socket: 00:10:67:00:1c:25 1416 eth0 0x807c260 Sep 20 16:58:13 firewall pppd[17649]: using channel 2 Sep 20 16:58:13 firewall pppd[17649]: Using interface ppp0 Sep 20 16:58:13 firewall pppd[17649]: Connect: ppp0 <--> eth0 Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MTU to 1500. Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MRU to 1500 Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MRU to 1500 Sep 20 16:58:13 firewall pppd[17649]: LCP terminated by peer Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MTU to 1500. Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MRU to 1500 Sep 20 16:58:16 firewall pppd[17649]: Connection terminated. Sep 20 16:58:16 firewall pppd[17649]: Doing disconnect I tried using all three of the pre-configured options in dsl-provider: pty "pppoe -I eth0 -T 80 -m 1452" pty "pppoe -I eth0 -T 80" pty "pppoe -I eth0 -T 80 -m 1412" but none of these worked. Thanks in advance for any suggestions! Cheers, Scott --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: wisp-dist and additional NIC modules
Newer images place modules in /modules, and in this directory you can modules both from LRP and CFS. [EMAIL PROTECTED] wrote: > Vladimir, > Am I to assume that there's no way on a WISP box to add modules to the > root.cfs? > > I want to copy some modules into /lib/modules and I just can't get there > from here. > > Suggestions? > > --Pat > > On Wed, 21 Aug 2002, Vladimir I. wrote: > > >>Brock Nanson wrote: >> >>>OK, I'm feeling a little stupid... and I'm not getting any useful hits from >>>the archives. >>> >>>How can I copy a NIC module to /lib/modules in wisp-dist? I keep getting >>>'unable to open '/lib/modules/3c509.o': Permission denied.' >>> >>>Apparently there is more to this than meets the eye... I saw a mention of >>>read-only file systems but the explanation was a little too sketchy for my >> >> >>Yep, for now you have to update root.cfs, which is a CramFS partition. On LEAF's >>website there are scripts to make WISP-Dist style packages, take a look at them. >> >> >>>abilities. Do I need to use the upgrade script to add a single module? >>> >>>I'm using 2290 (by the way, where is the 2312 I see mentioned on the list - >>>I don't see it at sourceforge...) >> >>It's on http://www.hazard.maks.net/wisp-dist/downloads for now (it takes me too >>much time to upload to SF). I will make a new release on sourceforge soon. >> >> >> > > > > > --- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > -- Best Regards, Vladimir Systems Engineer (RHCE) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Cisco Aironet PCI cards and wisp-dist
Hi, Please try the latest test image from http://www.hazard.maks.net/wisp-dist. John van Oppen wrote: > All - > > I could not find this exact issue being addressed in the archives so I > figured that someone subscribed to this list might know the answer. I > have two computers with cisco aironet 350 PCI cards running wisp-dist > and I am having trouble getting wisp-dist to recognize the cisco cards. > It seems from the documentation that the aironet cards are supported but > I can't find where to enable the module. My other wisp-dist box with a > lucent card just recognized it on boot up. > > > I am sure this is an obvious problem and any help getting the cisco > cards running would be greatly appreciated. > > Thanks, > > John van Oppen > www.vanoppen.biz > Fast & reliable internet hosting! > > > --- > This SF.NET email is sponsored by: AMD - Your access to the experts > on Hammer Technology! Open Source & Linux Developers, register now > for the AMD Developer Symposium. Code: EX8664 > http://www.developwithamd.com/developerlab > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > -- Best Regards, Vladimir Systems Engineer (RHCE) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] PPPoE difficulty
Hello Scott
Comments inline
> I'm trying out Bering for a remote office, mostly because I've been using (and
> loving!) Tom Eastep's Shorewall.
>
> This remote office has SBC Ameritech DSL, which uses PPPoE. I used a
> CoyoteLinux floppy, and everything worked fine. Using Bering, though, I fail
> to connect to the DSL.
I assume you use the pppoe like described in the installation guide
> I read this message in the archives:
> http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg07764.html
> which seems like my problem, as evidenced by these lines from the syslog:
The message "Couldn't increase MTU or MRU to 1500" has no
effect on your ability to connect.
There seems to be a problem with the login sequence
Comments inline
>
> Sep 20 16:57:41 firewall pppd[12169]: Plugin /usr/lib/pppd/pppoe.so loaded.
> Sep 20 16:57:41 firewall pppd[12169]: PPPoE Plugin Initialized
> Sep 20 16:57:41 firewall pppd[30223]: pppd 2.4.1 started by root, uid 0
OK
> Sep 20 16:57:42 firewall pppd[30223]: Serial connection established.
This is a rather strange message for me.
try to comment out all pty *
> Sep 20 16:57:42 firewall pppd[30223]: Couldn't get channel number:
> Input/output error
> Sep 20 16:57:42 firewall pppd[30223]: ioctl(PPPIOCGFLAGS): Bad file descriptor
> Sep 20 16:57:42 firewall pppd[30223]: Exit.
> Sep 20 16:57:43 firewall pppd[17649]: Connection terminated.
> Sep 20 16:57:43 firewall pppd[17649]: Doing disconnect
Now your computer tries again.
> Sep 20 16:58:13 firewall pppd[17649]: Sending PADI
> Sep 20 16:58:13 firewall pppd[17649]: HOST_UNIQ successful match
User name in options and pap-secrets match
> Sep 20 16:58:13 firewall pppd[17649]: HOST_UNIQ successful match
> Sep 20 16:58:13 firewall pppd[17649]: Got connection: 1614
> Sep 20 16:58:13 firewall pppd[17649]: Connecting PPPoE socket:
> 00:10:67:00:1c:25 1416 eth0 0x807c260
> Sep 20 16:58:13 firewall pppd[17649]: using channel 2
> Sep 20 16:58:13 firewall pppd[17649]: Using interface ppp0
> Sep 20 16:58:13 firewall pppd[17649]: Connect: ppp0 <--> eth0
> Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MTU to 1500.
> Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MRU to 1500
> Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MRU to 1500
Until here everything seems ok
> Sep 20 16:58:13 firewall pppd[17649]: LCP terminated by peer
Now your provider cut the connection .
> Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MTU to 1500.
> Sep 20 16:58:13 firewall pppd[17649]: Couldn't increase MRU to 1500
> Sep 20 16:58:16 firewall pppd[17649]: Connection terminated.
> Sep 20 16:58:16 firewall pppd[17649]: Doing disconnect
>
> I tried using all three of the pre-configured options in dsl-provider:
> pty "pppoe -I eth0 -T 80 -m 1452"
> pty "pppoe -I eth0 -T 80"
> pty "pppoe -I eth0 -T 80 -m 1412"
> but none of these worked.
comment them all out. (it works here without all of them)
> Thanks in advance for any suggestions!
1. check your shorewall setting ppp0 is external interface ( not eth0)
add the line debug 7 in your dsl pppd options
now you will have additional messages:
Like:
The messages are shortened to stay readable
sent [LCP ConfReq id=0x1 ]
rcvd [LCP ConfReq id=0xb3 ] 00 ...
sent [LCP ConfAck id=0xb3 ]
rcvd [LCP ConfAck id=0x1 ] 00 00 00 .
sent [LCP EchoReq id=0x0 magic=0x32x]
Now follows the authentication request
sent [PAP AuthReq id=0x1
user="[EMAIL PROTECTED]"password=]
rcvd [LCP EchoRep id=0x0 magic=0xc04yy] 00 00 00 00 00 00
00 00 00 00 00 00
rcvd [PAP AuthAck id=0x1 ""] 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 0
--- OK your authentication is succesfull notice the change of the
protocoll
what follows now is the debate about what ip number you will get.
sent [IPCP ConfReq id=0x1 ]
rcvd [IPCP ConfReq id=0xf3 ] 00 00 00 00 00
00 00 00 00 00
sent [IPCP ConfAck id=0xf3
OK you take this IP ;)
Now the same happens for the peers IP
]
I hope this will help you to find the cause ,
Some frequent problems are:
1. including special characters in name and or password and not
putting the name and or password in Quotes ("")
2. wrong external interface eth0 and not ppp0 as it should be
3. automatically dialing of pppd to serial with a file in /etc/ppp see
manual.
Regards Eric Wolzak
member of the bering crew
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-606429 ] Problems whit SSH and FTP, using Bering
Support Requests item #606429, was opened at 2002-09-08 13:16 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=606429&group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Tom Harr Jakobsen (harjakob) Assigned to: Mike Noyes (mhnoyes) Summary: Problems whit SSH and FTP, using Bering Initial Comment: I have a router whith Bering, and now I try to get access to it throug SSH - but I do experience some problems -I can' t get through the Shorewall with FTP either - I follow the installation guide, and the Users guide, but it don't seem to work anyway - are ther any known issues around this? -- >Comment By: Matt Schalit (rogermatt) Date: 2002-09-20 12:17 Message: Logged In: YES user_id=144016 1. Check that sshd is running on the LEAF box, using the command ps from the command line. You should see something like 15392 root 4344 R/usr/sbin/sshd If sshd is not running, then type at the # prompt: # /usr/sbin/sshd If it returns to a command prompt with no messages, you're set. If it dies with an error like special user not found, read the docs that jnilo has in his sections for sshd. 2. vi /etc/shorewall/rules and add lines like these above the LAST LINE. # Accept DNS connections from the firewall to the network ACCEPT fw net tcp 53 ACCEPT fw net udp 53 # Accept SSH connections from the local network for administration ACCEPT loc fw tcp 22 # Accept DNS queries from local network to the firewall (dnscache/tinydns) ACCEPT loc fw tcp 53 ACCEPT loc fw udp 53 # Accept Web queries from local network to firewall (weblet) ACCEPT loc fw tcp 80 Either the process wasnt' running, or you were blocked. If you were blocked it would show up in your syslog. It should work now. Let us know so we can close this or get you some more help :) Matthew -- Comment By: Manfred Schuler (mschuler) Date: 2002-09-09 18:25 Message: Logged In: YES user_id=490757 It seems that sshd is not running. sshd is not enabled in inetd.conf and the file /etc/init.d/sshd contains this lines: #Comment out and edit /etc/inetd.conf to run as a stand alone server echo "Secure Shell server via inetd: sshd" exit 0 So sshd is not started. You have to decide, if you start sshd by inetd or by initscript. When started by inted, connecting to LEAF takes more time, because the session key must be generated by sshd before connecting. Starting by initscript consumes some memory, because sshd is always running, even when you are not logged in. You must either comment the echo and exit line in /etc/init.d/sshd or uncomment the #ssh line in /etc/inetd.conf. Manfred -- Comment By: Tom Harr Jakobsen (harjakob) Date: 2002-09-09 09:41 Message: Logged In: YES user_id=607432 I'm only trying to connect using ssh from a local machine on the network, using Putty...I only recive "connection refused" -- Comment By: Jacques Nilo (jnilo) Date: 2002-09-09 05:22 Message: Logged In: YES user_id=150195 Aren't you trying to ssh of ftp from the outside network by any chance ? If so you need to adjust Shorewall rules file and /etc/hosts.allow If not more info about the type of error you get would help... -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=606429&group_id=13751 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering LEAF Intermittent downtime
Hi, I'm having some problems with a machine running Bering 1.0-rc2 with Shorewall 1.2.13 (running from a hard drive) and I'm not sure how to tell if it's hardware or software related. My ISP claims that our cable modem has been up for over two weeks and are saying they're not the problem. For the first month we had the connection, we didn't have any problems. Then the ISP changed their network around and we've had problems ever since. The latest problems started about a month ago - several times throughout the day, the clients will be unable to connect to the Internet. After about 5 minutes, they are able to reconnect again without any changes being made. There are only about 15 users and they only surf the web and pop their email - there are no massive downloads or any other intensive traffic going on. Since our ISP is insisting that it's not a problem on their end I'd like to examine everything on our end. The machine is a 200MHz Pentium with 64MB of RAM and two 3com 3c905 NICs. I didn't make any modifications to the Shorewall 2-interface settings. The only setting changes I made were in the Network configuration menu for: 1) Interfaces - set eth0 to the static address given by our ISP and eth1 to the internal address of our firewall. 2) hosts - added the internal IP address and name of the router 3) hostname - changed the hostname to match hosts 4) resolv.conf - added 2 nameserver lines: one pointing to the internal IP address and one pointing to our ISP's DNS server I also modified the modules in the Packages configuration menu to include just the 3c59x modules. I'm going to replace the network cards with a couple of Intel PRO/100 cards. If that doesn't fix the problem, what log files can I check for potential problems, e.g., what log file do I check for errors with the network cards? My ISP told me to check my ARP tables for excessive entries. Is that a possibility? Also, if I want to upgrade some of the packages, e.g., Shorewall, what's the easiest way to do it and still preserve my settings? Thanks! -sr --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering LEAF Intermittent downtime
The place to start is with a more systematic examination of the connectivity failures. You describe the problem as clients being "unable to connect to the Internet. After about 5 minutes, they are able to reconnect again without any changes being made." You also say the users "only surf the web and pop their email". So ... 1. Do you see the problem with both Web connections -AND- pop downloads? 2. As regards the Web problems, where in the connection process do they occur? (That is, what message does the browser display down at the bottom when it is not connecting? In particular, is DNS resolving or not?) 3. How do you provide DNS resolution to the clients? 4. During the failure times, if you log into the LEAF router, can you ping some host on the LAN? the gateway IP address? all nameserver IP addresses? an Internet site by FQN? an Internet site by IP address? (and, if the problems affect mail downloads too ...) the POP server by FQN? the POP server by IP address? (For any NOs, how do the pings fail?) 5. During the failure times, are the clients connecting to the LEAF router? (Can they ping it?) While there really isn't enough information in your description to tell where the problem is, the first place I'd look is at DNS, to see if whatever nameserver the clients use (or the forwarder if you run a local resolver that uses, say, the ISP's DNS server as forwarder) is periodically failing to respond. Mind you, this is just a guess ... based partly on your description of the problem, partly on your saying it started when "the ISP changed their network around". BTW, the list you posted of the changes you made to settings is surely incomplete. If you use a static external address, then you will have needed to enter both its netmask (probably) and the router's external gateway address (certainly) as well. You probably had to do something to make the on-router DNS server work too. Might you have entered yet other things that you left off your list? The ISP's arp-table suggestion is almost surely nonsense; don't waste time on it. At 05:22 PM 9/20/02 -0700, sr wrote: >Hi, > >I'm having some problems with a machine running Bering 1.0-rc2 with >Shorewall 1.2.13 (running from a hard drive) and I'm not sure how to tell if >it's hardware or software related. My ISP claims that our cable modem has >been up for over two weeks and are saying they're not the problem. For >the first month we had the connection, we didn't have any problems. Then the >ISP changed their network around and we've had problems ever since. The >latest problems started about a month ago - several times throughout the >day, the clients will be unable to connect to the Internet. After about 5 >minutes, they are able to reconnect again without any changes being made. >There are only about 15 users and they only surf the web and pop their >email - there are no massive downloads or any other intensive traffic going >on. Since our ISP is insisting that it's not a problem on their end I'd >like to examine everything on our end. > >The machine is a 200MHz Pentium with 64MB of RAM and two 3com 3c905 NICs. >I didn't make any modifications to the Shorewall 2-interface settings. The >only setting changes I made were in the Network configuration menu for: >1) Interfaces - set eth0 to the static address given by our ISP and eth1 to >the internal address of our firewall. >2) hosts - added the internal IP address and name of the router >3) hostname - changed the hostname to match hosts >4) resolv.conf - added 2 nameserver lines: one pointing to the internal IP >address and one pointing to our ISP's DNS server > >I also modified the modules in the Packages configuration menu to include >just the 3c59x modules. > >I'm going to replace the network cards with a couple of Intel PRO/100 cards. >If that doesn't fix the problem, what log files can I check for potential >problems, e.g., what log file do I check for errors with the network cards? >My ISP told me to check my ARP tables for excessive entries. Is that a >possibility? Also, if I want to upgrade some of the packages, e.g., >Shorewall, what's the easiest way to do it and still preserve my settings? -- ---"Never tell me the odds!" Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering LEAF Intermittent downtime
Thanks for the reply, Ray. Below are my reponses to your questions. > 1. Do you see the problem with both Web connections -AND- pop >downloads? Yes. > 2. As regards the Web problems, where in the connection process do they > occur? (That is, what message does the browser display down at the bottom > when it is not connecting? In particular, is DNS resolving or not?) DNS is not resolving but that's because we can't connect to the servers (we can't connect to anything beyond the external NIC in the router). When we can connect, DNS resolves fine. I use the same DNS servers at home and don't run into any problems with DNS resolution, so I think their DNS servers are quite stable. > 3. How do you provide DNS resolution to the clients? Using dnscache and the ISPs DNS servers. > 4. During the failure times, if you log into the LEAF router, can you ping > some host on the LAN? Yes > the gateway IP address? Yes > all nameserver IP addresses? No external addresses. > an Internet site by FQN? No. > an Internet site by IP address? No. Basically, we can't ping anything external, including the ISPs gateway or DNS servers. The ISP claims that the cable modem has been up for over two weeks and he was running constant pings today and said there was 1% packet loss. However, we can't ping their gateway - at least not from and internal machine - I'll have to check if I can ping it from the router. > (For any NOs, how do the pings fail?) "Request timed out" > 5. During the failure times, are the clients connecting to the LEAF router? > (Can they ping it?) Yes. Both NICs in the LEAF router can be pinged but nothing beyond that. > While there really isn't enough information in your description to tell > where the problem is, the first place I'd look is at DNS, to see if > whatever nameserver the clients use (or the forwarder if you run a local > resolver that uses, say, the ISP's DNS server as forwarder) is > periodically failing to respond. This doesn't appear to be the case since we can't ping beyond the second NIC, even by IP address. > BTW, the list you posted of the changes you made to settings is surely > incomplete. If you use a static external address, then you will have >needed > to enter both its netmask (probably) and the router's external gateway > address (certainly) as well. Yes, sorry if I was vague. I meant the IP information for eth0 and eth1, not just the IP address. For eth0, I have the address, masklen, broadcast and gateway. For eth1, I have the address, masklen, and broadcast. > You probably had to do something to make the > on-router DNS server work too. Might you have entered yet other things > that > you left off your list? I have the ISPs DNS IP addresses in resolv.conf (as well as the internal address of the router). In the dnscache settings, I have the "LRP box internal IP" set to the internal address. > The ISP's arp-table suggestion is almost surely nonsense; don't waste time > on it. Thanks, I'll ignore their comments about this. Please let me know if you need any additional information. -sr > At 05:22 PM 9/20/02 -0700, sr wrote: > >Hi, > > > >I'm having some problems with a machine running Bering 1.0-rc2 with > >Shorewall 1.2.13 (running from a hard drive) and I'm not sure how to tell if > >it's hardware or software related. My ISP claims that our cable modem has > >been up for over two weeks and are saying they're not the problem. For > >the first month we had the connection, we didn't have any problems. Then the > >ISP changed their network around and we've had problems ever since. The > >latest problems started about a month ago - several times throughout the > >day, the clients will be unable to connect to the Internet. After about 5 > >minutes, they are able to reconnect again without any changes being made. > >There are only about 15 users and they only surf the web and pop their > >email - there are no massive downloads or any other intensive traffic going > >on. Since our ISP is insisting that it's not a problem on their end I'd > >like to examine everything on our end. > > > >The machine is a 200MHz Pentium with 64MB of RAM and two 3com 3c905 NICs. > >I didn't make any modifications to the Shorewall 2-interface settings. The > >only setting changes I made were in the Network configuration menu for: > >1) Interfaces - set eth0 to the static address given by our ISP and eth1 to > >the internal address of our firewall. > >2) hosts - added the internal IP address and name of the router > >3) hostname - changed the hostname to match hosts > >4) resolv.conf - added 2 nameserver lines: one pointing to the internal IP > >address and one pointing to our ISP's DNS server > > > >I also modified the modules in the Packages configuration menu to include > >just the 3c59x modules. > > > >I'm going to replace the network cards with a couple of Intel PRO/100 cards. > >If that doesn't fix the problem, what log files can I check f
[leaf-user] VPN Static Routes
I have a Dachstein LRP with this routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.50.50.0 68.2.2.1255.255.255.0 UG0 0 0 ipsec0 192.168.38.00.0.0.0 255.255.255.0 U 0 00 eth1 68.2.2.00.0.0.0 255.255.255.0 U 0 0 0 eth0 68.2.2.00.0.0.0 255.255.252.0 U 0 0 0 ipsec0 0.0.0.0 68.2.2.10.0.0.0 UG0 00 eth0 The subnet 10.50.50.0/24 on the right-hand side of the IPSec tunnel has a hub router at 10.50.50.1 that has routes to the other VPN subnets. My '38 network is one of the spokes of a hub & spoke topology. I'd like to add a single static route here (left-hand side, spoke end) and be able to reach the far-flung spoke networks via the hub router at 10.50.50.1 (e.g., those up-state wahoos over on the 192.168.4.0/24 spoke). So I tried: # route add -net 192.168.0.0 netmask 255.255.0.0 gw 10.50.50.1 SIOCADDRT: Network is unreachable Unfortunately, I cannot ping hosts in 10.50.50.0/24 from the LRP, although I can ping any host in 10.50.50.0/24 from another host in my '38 network. How might I be able to configure my spoke, and the other spokes, to use the hub router? - Bill --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-609807 ] unable to browse internet thru client
Support Requests item #609807, was opened at 2002-09-16 00:23 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=609807&group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: unable to browse internet thru client Initial Comment: i tried to save the text file as suggested but it only created garbage folders..so unable to include the files.. eth0 = 202.187.248.3 (public ip) am able to ping to the web from the router pc.. eth1 = 196.9.200.1 am able to ping this ip from a client pc.. but when i browse the internet from the client pc i will get error 404 file not found.. -- >Comment By: Matt Schalit (rogermatt) Date: 2002-09-20 12:40 Message: Logged In: YES user_id=144016 Try the commands: ip addr show > /tmp/output echo >> /tmp/output ip route show >> /tmp/output mount -t msdos /dev/fd0u1680 /mnt cp /tmp/output /mnt umount /mnt Then remove the floppy and put it in a windows box that has access to the net, open the output file in wordpad and copy and paste the output into here so we can see your setup. Also tell us your LEAF flavor, version, if you're using the 196.9.200.0 network that belongs to Dimension Data in South Africa for a reason, what modifications you've done to your LEAF to make it work with that public network, and any relevant messages in your syslog. Regards, Matthew -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=609807&group_id=13751 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering LEAF Intermittent downtime
Sorry I dragged you through that initial review. It's clear from your replies that you've worked on this more than I realized from reading your first message. Still, I am having trouble understanding what you wrote. It *appears* that you are saying that when an outage occurs, you *can* ping the ISP's gateway from the LEAF router, but you *cannot* ping it from a LAN client. I get that from this combination of responses: > > 4. During the failure times, if you log into the LEAF router, can you ping >[...] > > the gateway IP address? >Yes ... and ... >Basically, we can't ping anything external, including the ISPs gateway or >DNS servers. The ISP claims that the cable modem has been up for over two >weeks and he was running constant pings today and said there was 1% packet >loss. However, we can't ping their gateway - at least not from and internal >machine - I'll have to check if I can ping it from the router. Now I may still be minunderstanding you ... but this part is important to get exactly right. Specifically, during an outage, can the router itself ping the ISP's gateway? If is can, but the LAN clients cannot, then the problem lies somewhere in the interaction between the LAN clients and the LEAF router. Where? Well, the fact that the clients do not lose contect with the router itself (or, I presume, one another) rules out a lot of possibilities on the LAN side (including failure of the eth1 interface). If the ISP can regularly ping the router's external interface, that rules out any problems at that end (including failure of the eth0 interface). Almost the only thing in between these two interfaces is the Linux kernel itself -- most directly its iptables ruleset, as configured by Shorewall. I'm no Shorewall expert, so I'll leave it to Tom to suggest any possibilities here. All I can think to suggest is that you examine your logs (in /var/log/) for any kernel messages from iptables. OTOH, if I have misunderstood you and the router *cannot* ping the ISP's gateway at these times, then we need to understand why your ISP thinks it *can* ping you. On that score ... if we are talking about close-by pings, the 1% packet loss the ISP reports seeing is quite a lot. A system with negligible packet loss normally, and 3 5-minute outages during a day, would *average* 1% packet loss over the day. So I hope the ISP was doing a more exact test than this summary conveys. (I mention this concern because I have way too much experience with ISP sloppiness to trust ambiguous replies from ISPs.) More to the point, what is he pinging? Your external IP address (the one on the LEAF router)? If so, is his experience consistent with yours -- that is, if he pings you, and no other traffic is running, do the RX and TX packet count increase on the external interface? Or does the ISP ping some address on the interface it provides (the cable modem itself)? If that device has an IP address, can the router ping it? Even more to the point, where is the ISP pinging *from*? Get the IP address of the machine the ISP is using to do the ping test, then see if you can ping *it* (from the router) next time you have a failure. If you can, then the problem lies in the ISP"s gateway machine, specifically its connection to the network your LEAF router is on. At 07:23 PM 9/20/02 -0700, sr wrote: >Thanks for the reply, Ray. Below are my reponses to your questions. [details deleted] -- ---"Never tell me the odds!" Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering LEAF Intermittent downtime
> Still, I am having trouble understanding what you wrote. It *appears* that > you are saying that when an outage occurs, you *can* ping the ISP's gateway > from the LEAF router, but you *cannot* ping it from a LAN client. I get > that from this combination of responses: > Now I may still be minunderstanding you ... but this part is important to > get exactly right. Specifically, during an outage, can the router itself > ping the ISP's gateway? Sorry, my response was sloppy on that point. When the connection is down, the internal clients can ping the router's internal IP (the "internal" gateway - eth1) but cannot ping the ISP's gateway (the internal clients can also ping the external NIC - eth0). I don't think the router can ping the ISP's gateway either, but I'll double-check on Monday (I have SSH disabled so I don't have remote access). > If is can, but the LAN clients cannot, then the problem lies somewhere in > the interaction between the LAN clients and the LEAF router. Where? Well, > the fact that the clients do not lose contect with the router itself (or, I > presume, one another) rules out a lot of possibilities on the LAN side > (including failure of the eth1 interface). If the ISP can regularly ping > the router's external interface, that rules out any problems at that end > (including failure of the eth0 interface). >From my understanding of what the ISP was doing, they were pinging the cable modem rather than the external interface (eth0). I'll double check this with them on Monday. > Almost the only thing in between these two interfaces is the Linux kernel > itself -- most directly its iptables ruleset, as configured by Shorewall. > I'm no Shorewall expert, so I'll leave it to Tom to suggest any > possibilities here. All I can think to suggest is that you examine your > logs (in /var/log/) for any kernel messages from iptables. Thanks, I'll check the log files on Monday too. > OTOH, if I have misunderstood you and the router *cannot* ping the ISP's > gateway at these times, then we need to understand why your ISP thinks it > *can* ping you. On that score ... if we are talking about close-by pings, > the 1% packet loss the ISP reports seeing is quite a lot. A system with > negligible packet loss normally, and 3 5-minute outages during a day, would > *average* 1% packet loss over the day. So I hope the ISP was doing a more > exact test than this summary conveys. (I mention this concern because I > have way too much experience with ISP sloppiness to trust ambiguous replies > from ISPs.) Agreed. He said he had been pinging all day and averaged 1% loss. > More to the point, what is he pinging? Your external IP address (the one on > the LEAF router)? If so, is his experience consistent with yours -- that > is, if he pings you, and no other traffic is running, do the RX and TX > packet count increase on the external interface? Or does the ISP ping some > address on the interface it provides (the cable modem itself)? If that > device has an IP address, can the router ping it? These are all great questions. I wish I had SSH enabled so I could check, but I'll have to wait until Monday. Regarding the RX and TX packet counts: Forgive my ignorance with regard to LEAF, but how do I do this? With Red Hat, I use ifconfig, but that's not on my LEAF disk. The only thing close I could find was ifupdown. Can that be used? I also use ifconfig in Red Hat to check for errors on the network interfaces and would like to be able to do that with LEAF, if possible. > Even more to the point, where is the ISP pinging *from*? Get the IP address > of the machine the ISP is using to do the ping test, then see if you can > ping *it* (from the router) next time you have a failure. If you can, then > the problem lies in the ISP"s gateway machine, specifically its connection > to the network your LEAF router is on. Will do. Thanks for the great suggestions and pointing me in the right direction. I'll update you on Monday. -sr > At 07:23 PM 9/20/02 -0700, sr wrote: > >Thanks for the reply, Ray. Below are my reponses to your questions. > [details deleted] > > > -- > ---"Never tell me the odds!" > Ray Olszewski -- Han Solo > Palo Alto, California, USA [EMAIL PROTECTED] > -- - > --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering LEAF Intermittent downtime
On Fri, 20 Sep 2002 21:34:43 MST sr wrote: [big snip] > Regarding the RX and TX packet counts: > Forgive my ignorance with regard to LEAF, but how do I do this? With Red > Hat, I use ifconfig, but that's not on my LEAF disk. The only thing close I > could find was ifupdown. Can that be used? I also use ifconfig in Red Hat to > check for errors on the network interfaces and would like to be able to do > that with LEAF, if possible. "ip -s link" should do the trick. Good luck diagnosing your connection problems. It sounds like you and Ray are closing in on the problem. --Brad --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
