Fedora 16 internet access failed

[zharkikh]

Hello, guys,
I am new to this forum, although work with Linux for many years, already, on and off (standard package: Apache, Mysql, Perl, PHP, etc).
Few months ago, I switched from Ubuntu to Fedora 16 (I was dimayed with their new completely uncustomizable desktop environment - only to find the same thing happenning on Fedora - I can fume and steam infinitely about this) and worked with the new system more or less satisfactorily until few days ago when I powered down my box for vacation and found it completely uncommunicable after turning it back on: no external access (FTP and HTTP), no internal HTTP working, no access to the internet, except for fedoraproject.com ().

One thing I discovered was new to me - SELinux suddenly revealed itself with its mandatory restrictions. I turned it off with disgust but this did not help. When I learned that this is a NSA child, I figured out that it is here forever and I have to surrender an once. I turned it with permissive mode, added few suggested permissions and the internal HTTP access start working (almost).

Another resolution came with turning off the firewall (temporarily, until I figure out what is wrong and how to make it work. So far, I coud not find any advises out there that would work for me). This allowed the external FTP and HTTP access.

Now, what is left - internet access. Here, I stuck! Neither firefox, nor wget can resolve the host name for anything except fedoraproject.com. Other commands, ping, host, yum seems to be working ok.

I ran strace with wget and ping which showed both reading the same files (nsswitch.conf,host.conf,resolve.conf,ld.so.cache,hosts) and talking to the same DHCP server (192.168.0.1 port 53, CenturyLink=Qwest DSL modem). The manners of talking are different, however. In case of ping, there is one sendto and one recvfrom (as it should be). In wget, however, there are two sendto commands followed by two recvfrom commands. The entire dialog is attempted twice with small differences in the phrases.

Could you please advise me where to go next? I doubt going back to Ubuntu will make me happy. You cannot outrun the NSA...

Thanks,
Andrey

The lines in red - those that I added trying to fix the problem with no success.

cat /etc/host.conf
order hosts,bind
multi on
nospoof on

cat /etc/hosts
127.0.0.1 localhost.localdomain localhost localhost4 localhost4.localdomain4
::1 localhost6.localdomain6 localhost6

cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.1

cat /etc/nsswitch.conf

passwd: files
shadow: files
group: files
initgroups: files
hosts: files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliaces: files nisplus

strace -o o ping -c 1 www.redhat.com --> 72.247.15.214
(only the part of the output containing the name resolution dialog is shown)

socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16) = 0
poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
sendto(4, "E5\1\0\0\1\0\0\0\0\0\0\3www\6redhat\3com\0\0\1\0\ 1", 32, MSG_NOSIGNAL, NULL, 0) = 32
poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
ioctl(4, FIONREAD, [191]) = 0
recvfrom(4, "\f\377\201\200\0\1\0\4\0\0\0\0\3www\6redhat\3com\ 0\0\1\0\1\300\f\0\5\0\1\0\0\0001\0!\10wildcard\6re dhat\3com\7edgekey\3net\0\300,\0\5\0\1\0\0-\354\0005\10wildcard\6redhat\3com\7edgekey\3net\vg lobalredir\6akadns\300H\300Y\0\5\0\1\0\0\0|\0\25\5 e1890\1b\nakamaiedge\300H\300\232\0\1\0\1\0\0\0\t\ 0\4H\367\17\326", 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, [16]) = 191
close(4) = 0

strace -o o1 -s 2000 wget http://www.redhat.com/

socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16) = 0
poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "\340E\1\0\0\1\0\0\0\0\0\0\3www\6redhat\3com\0\0\1 \0\1", 32, MSG_NOSIGNAL, NULL, 0) = 32
poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "\26\356\1\0\0\1\0\0\0\0\0\0\3www\6redhat\3com\0\0 \34\0\1", 32, MSG_NOSIGNAL, NULL, 0) = 32
poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [191]) = 0
recvfrom(3, "\340E\201\200\0\1\0\4\0\0\0\0\3www\6redhat\3com\0 \0\1\0\1\300\f\0\5\0\1\0\0\0<\0!\10wildcard\6redha t\3com\7edgekey\3net\0\300,\0\5\0\1\0\0KC\0005\10w ildcard\6redhat\3com\7edgekey\3net\vglobalredir\6a kadns\300H\300Y\0\5\0\1\0\0\1\36\0\25\5e1890\1b\na kamaiedge\300H\300\232\0\1\0\1\0\0\0\24\0\4H\367\1 7\326", 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, [16]) = 191
poll([{fd=3, events=POLLIN}], 1, 4927) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [32]) = 0
recvfrom(3, "\26\356\200\0\0\1\0\0\0\0\0\0\3www\6redhat\3com\0 \0\34\0\1", 1857, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, [16]) = 32
close(3) = 0

socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16) = 0
poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "/\233\1\0\0\1\0\0\0\0\0\0\3www\6redhat\3com\0\0\1\0 \1", 32, MSG_NOSIGNAL, NULL, 0) = 32
poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "\264k\1\0\0\1\0\0\0\0\0\0\3www\6redhat\3com\0\0\3 4\0\1", 32, MSG_NOSIGNAL, NULL, 0) = 32
poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [191]) = 0
recvfrom(3, "/\233\201\200\0\1\0\4\0\0\0\0\3www\6redhat\3com\0\0 \1\0\1\300\f\0\5\0\1\0\0\0<\0!\10wildcard\6redhat\ 3com\7edgekey\3net\0\300,\0\5\0\1\0\0KC\0005\10wil dcard\6redhat\3com\7edgekey\3net\vglobalredir\6aka dns\300H\300Y\0\5\0\1\0\0\1\36\0\25\5e1890\1b\naka maiedge\300H\300\232\0\1\0\1\0\0\0\24\0\4H\367\17\ 326", 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, [16]) = 191
poll([{fd=3, events=POLLIN}], 1, 4978) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [32]) = 0
recvfrom(3, "\264k\200\0\0\1\0\0\0\0\0\0\3www\6redhat\3com\0\0 \34\0\1", 1857, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, [16]) = 32
close(3) = 0

[JEO]

Have you changed your internet router lately? Some routers have a problem dealing with ipv6. The symptoms are what you describe, can only connect to fedoraproject and thats it. In firefox you can test this by typing about:config in the address bar and searching for ipv6. Double click the line that says disable to set it to true and see if this works. If it does work there is a kernel command line option you can add to disable ipv6 globally.

[zharkikh]

Quote:

Originally Posted by JEO

Have you changed your internet router lately? Some routers have a problem dealing with ipv6. The symptoms are what you describe, can only connect to fedoraproject and thats it. In firefox you can test this by typing about:config in the address bar and searching for ipv6. Double click the line that says disable to set it to true and see if this works. If it does work there is a kernel command line option you can add to disable ipv6 globally.

Thanks, JEO,

no, nothing was changed, recently. I work with this hardware for few years and with Fedora for about four months. I think the automatic security updates are to blame.

I changed firefox as you advised and it works now.

I disabled ipv6 globally as described in http://www.g-loaded.eu/2008/05/12/ho...ra-and-centos/ and made sure no ip6tables service is running.
This did not restore wget, however, which still cannot resolve anything but fedoraproject.
At this time, I can at least start working, but eventually, I need to make all stuff available.
One thing at a time...

Andrey

[JEO]

Blacklisting or adding options for the ipv6 kernel module does not work for F16 since ipv6 is now built into the kernel. You have to disable it on the kernel command line. (the date on the procedure you used was 2008).

Add "ipv6.disable=1" to the kernel command line in /boot/grub2/grub.cfg

[zharkikh]

Thanks, JEO,
it took a while to figure out how to do this, because /boot/grub2/grub.cfg is created automatically from sepatare components.
Eventually, I added option ipv6.disable=1 into GRUB_CMDLINE_LINUX parameter in file /etc/default/grub and recreated grub.cfg with command grub2-mkconfig -o /boot/grub2/grub.cfg
After rebooting, /var/log/messages showed that this option was applied to the kernel:
Kernel command line: BOOT_IMAGE=/vmlinuz-3.3.1-5.fc16.x86_64 root=/dev/mapper/vg_fedora-lv_root ro rd.md=0 rd.dm=0 rd.lvm.lv=vg_fedora/lv_swap KEYTABLE=us quiet SYSFONT=latarcyrheb-sun16 rhgb rd.lvm.lv=vg_fedora/lv_root rd.luks=0 LANG=en_US.UTF-8 ipv6.disable=1

Few lines later, the message which I don't quite understand:
IPv6: Loaded, but administratively disabled, reboot required to enable

and after all these manipulations, wget still cannot resolve the hosts:

wget http://www.hotmail.com
--2012-04-18 22:39:36-- http://www.hotmail.com/
Resolving www.hotmail.com... failed: Name or service not known.
wget: unable to resolve host address “www.hotmail.com”

[RHamel]

Lets see, the last time I talked to Qwest's customer service, the airhead on the phone insisted that they had to set up my Microsoft IE. So for the third time I explained that I was not running a machine with a Microsoft OS, and in addition the problem was at their end not mine. She said she was afraid that she couldn't help me, and I agreed.

So getting back to your problem, this sounds like a DNS issue. In your case resolv.conf is not pointing at a real DNS server, but at your century link modem.

Change your settings like in the file I'm attaching, and see if that fixes the problem.

8.8.8.8 and 8.8.4.4 are Google's public DNS servers.

[zharkikh]

Thanks, RHamel,
this really works for me. I am not sure that Qwest DSL is at fault, because my Windows PC works ok with it and Fedora 16 worked nicely before rebooting. I think something have changed in the manner Fedora talks to the DSL. Well, as long as the static DNS servers work, I am satisfied with this setting. This is an internal server machine which I dont actively use for internet communication, only for updates and installation of new programs.
Thanks to all,

Andrey

[RHamel]

You're welcome.

As to windows and your modem, they are not working to specification. No doubt Microsoft would call this a feature.

[george_toolan]

Did you try to reboot your modem?

Which DNS server is windows using? Try

Code:

ipconfig /all

[zharkikh]

Hi, George,

ipconfig /all on Windows shows same DNS address (192.168.0.1) as it was on Linux before I redirected it to the google DNS.
I did not try to reboot my DSL modem.