[K12OSN] [OT]router howto
Dale Sykora
dalen at czexan.net
Sun Jul 24 19:40:04 UTC 2005
see reply below...
Terrell Prudé, Jr. wrote:
> First, we've got to see if your routing parameters in your DHCP scope
> are right. Have your DHCP clients ping the router that is upstream
> from your GNU/Linux router; this will be your ISP's router, probably a
> Cisco or Juniper router of some sort. I'm assuming here that your
> GNU/Linux router is directly connected to your ISP with nothing else
> (cable modem, DSL router, other firewall, etc.) in between. If that
> doesn't work, then make sure that your GNU/Linux router can get to it;
> if it can't, then nothing will be able to. If it can, though, then
> check your IP Masquerading rules. This assumes you're using RFC 1918
> "private" IP addresses; if not, then don't worry about masquerading rules.
>
> Once all that's working, then we've got to try connectivity past your
> ISP's router. Try pinging an IP address instead of a domain name. A
> good one is 198.6.1.2, which is one of UUNet's main DNS servers. If you
> can, then the problem probably is the DNS server parameters in your DHCP
> scope.
Terrell,
My client and server can ping 198.6.1.2 and 66.94.234.13(a yahoo.com
address) but my client cannot ping yahoo.com. Thus it appears to be a
dns issue. Below is a copy of my dhcpd.conf, iptables, and route. What
other info would be useful to post?
Thanks,
Dale
[root at rlm ~]# cat /etc/dhcpd.conf
ddns-update-style ad-hoc;
subnet 10.0.0.0 netmask 255.255.255.0
{
option broadcast-address 10.0.0.255;
deny bootp;
option domain-name "robert.morton";
option domain-name-servers 10.0.0.1;
default-lease-time 86400;
max-lease-time 604800;
option subnet-mask 255.255.255.0;
range 10.0.0.10 10.0.0.100;
option routers 10.0.0.1;
}
[root at rlm ~]# service iptables status
Table: nat
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 MARK match 0x9
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Table: mangle
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x9
Table: filter
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
[root at rlm ~]#
[root at rlm ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.177.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default tux.stannecc.or 0.0.0.0 UG 0 0 0 eth0
[root at rlm ~]#
More information about the K12OSN
mailing list