PDA

View Full Version : Just disabled the internet...



dtm.exe
30th April 2006, 06:29 AM
OK, so I was installing and configuring Squid on FC5. Everything was going great...that is, until I DISABLED THE INTERNET -_-.

Though I'm not 100% sure, i think it was this that disabled it:


iptables -I FORWARD -o ppp0 -s 192.168.1.0/24 -p tcp -m multiport \
--dports 21,23,70,80,81,82,210,280,443,488,563,591,777,3128 ,8080 -j DROP

Disabling Squid does NOTHING! How do I reverse this?

ccrvic
30th April 2006, 10:01 AM
Though I'm not 100% sure, i think it was this that disabled it:


iptables -I FORWARD -o ppp0 -s 192.168.1.0/24 -p tcp -m multiport \
--dports 21,23,70,80,81,82,210,280,443,488,563,591,777,3128 ,8080 -j DROP

"Please discard any packets running through the box that originate on my local network and are heading for any of those interesting ports". Yep, that'd do it.


How do I reverse this?

Take out that firewall rule, for a start.

Vic.

dtm.exe
30th April 2006, 12:33 PM
"Please discard any packets running through the box that originate on my Take out that firewall rule, for a start.

Vic.


And how might I do that?

ccrvic
30th April 2006, 12:53 PM
And how might I do that?

Remove the line from /etc/sysconfig/iptables

The restart iptables.

Vic.

dtm.exe
30th April 2006, 08:32 PM
Remove the line from /etc/sysconfig/iptables

The restart iptables.

Vic.

It would appear that nothing in that file contains either of those two lines :confused:. It would also appear that disabling the firewall does nothing.

This is bad...

ccrvic
1st May 2006, 07:22 PM
It would appear that nothing in that file contains either of those two lines

...Then your original assertion about what caused the problem can't be right.


It would also appear that disabling the firewall does nothing.

OK, let's do some tracing. What do you get from the following commands?

ifconfig
ifconfig -a
route -n
cat /etc/resolv.conf
ping 72.14.207.99

Vic.

dtm.exe
2nd May 2006, 03:36 PM
OK, sure thing.

ifconfig:

[root@tristifall ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:15:F2:CA:B9:B7
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::215:f2ff:feca:b9b7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64042 errors:0 dropped:0 overruns:0 frame:0
TX packets:61873 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4839904 (4.6 MiB) TX bytes:5269637 (5.0 MiB)
Interrupt:16 Base address:0x400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3029 errors:0 dropped:0 overruns:0 frame:0
TX packets:3029 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4142139 (3.9 MiB) TX bytes:4142139 (3.9 MiB)

ifconfig -a:


[root@tristifall ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:15:F2:CA:B9:B7
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::215:f2ff:feca:b9b7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64245 errors:0 dropped:0 overruns:0 frame:0
TX packets:62067 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4856204 (4.6 MiB) TX bytes:5326022 (5.0 MiB)
Interrupt:16 Base address:0x400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3029 errors:0 dropped:0 overruns:0 frame:0
TX packets:3029 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4142139 (3.9 MiB) TX bytes:4142139 (3.9 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


route -n:


[root@tristifall ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0


cat /etc/resolv.conf returns only one blank line.

72.14.207.99 pings normally.

ccrvic
2nd May 2006, 03:52 PM
ifconfig:

inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0

You have a network interface.


ifconfig:ifconfig -a:


eth0 Link encap:Ethernet HWaddr 00:15:F2:CA:B9:B7
lo Link encap:Local Loopback
sit0 Link encap:IPv6-in-IPv4

You don't have any "unexpected" interfaces.


route -n:


Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0


You have a default gateway. I'm assuming that 192.168.1.1 is a NAT router that handle you Internet connection.


cat /etc/resolv.conf returns only one blank line.

That's a problem - you don't have any DNS resolution.


72.14.207.99 pings normally.

You can send data to Google, and you get replies.

So it looks like just your DNS is borked. Try (as root) :-


echo "nameserver 192.168.1.1" > /etc/resolv.conf

If that works, we need to find out why it was removed; I suspect you're using DHCP, with your router supplying addresses, and you've got a blank space or something in the "primary DNS" config box on the router. But we'll find out for sure later - for now, let's see if that fix works.

Vic.

tscheez
2nd May 2006, 03:54 PM
nothing in resolv.conf? sounds like you need a nameserver line


nameserver <IP>

dtm.exe
2nd May 2006, 04:00 PM
So it looks like just your DNS is borked...

If that works, we need to find out why it was removed; I suspect you're using DHCP, with your router supplying addresses, and you've got a blank space or something in the "primary DNS" config box on the router. But we'll find out for sure later - for now, let's see if that fix works.

Vic.

I can confirm that it's been added; however, I won't be able to test out the internet until I get home (I was using PuTTY from school).

tscheez
2nd May 2006, 04:04 PM
if you want to test, use dig to make sure you are resolving names correctly.



dig www.cnn.com

should come back with some results.

dtm.exe
2nd May 2006, 04:06 PM
if you want to test, use dig to make sure you are resolving names correctly.



dig www.cnn.com

should come back with some results.

After a service network restart, it appears to be working :).



[root@tristifall ~]# dig www.cnn.com

; <<>> DiG 9.3.2 <<>> www.cnn.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14665
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4, ADDITIONAL: 2

;; QUESTION SECTION:
;www.cnn.com. IN A

;; ANSWER SECTION:
www.cnn.com. 133 IN CNAME cnn.com.
cnn.com. 133 IN A 64.236.24.28
cnn.com. 133 IN A 64.236.29.120
cnn.com. 133 IN A 64.236.16.20
cnn.com. 133 IN A 64.236.16.52
cnn.com. 133 IN A 64.236.16.84
cnn.com. 133 IN A 64.236.16.116
cnn.com. 133 IN A 64.236.24.12
cnn.com. 133 IN A 64.236.24.20

;; AUTHORITY SECTION:
cnn.com. 133 IN NS twdns-04.ns.aol.com.
cnn.com. 133 IN NS twdns-01.ns.aol.com.
cnn.com. 133 IN NS twdns-02.ns.aol.com.
cnn.com. 133 IN NS twdns-03.ns.aol.com.

;; ADDITIONAL SECTION:
twdns-03.ns.aol.com. 1196 IN A 207.200.73.85
twdns-04.ns.aol.com. 1202 IN A 64.12.147.120

;; Query time: 31 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 2 11:06:08 2006
;; MSG SIZE rcvd: 302

brunson
2nd May 2006, 07:42 PM
You disabled the internet?!? So it's your fault I couldn't surf the web last night. Please don't do that in the future.

dtm.exe
2nd May 2006, 08:32 PM
You disabled the internet?!? So it's your fault I couldn't surf the web last night. Please don't do that in the future.

Sorry :( ;).

Edit: Just got home...and it works! Thanks guys :).