bsyuni Posted June 12, 2004 Report Share Posted June 12, 2004 (edited) I install MDK 10 OE in my desktop. I have been used it with MDK 9.0, 9.1 and 9.2. I have a little problem with internet sharing with all MDK 9.X. After several tries I was succeed. This time it happens again but a little different way. My home networking is as follows, :deal: Cable modem ---> DeskTop ---->Laptop1 and Laptop2 The desktop works fine. Both Laptops have MDK 10 OE. The Laptops can use instant messenger. Even they can access mirroring MDK FTP severs to update patches and ping yahoo.com also works. Even VNC works well. I can access my other remote desktop which is in my office. But I have a problem to access internet in the Laptops. When I use Mozilla, the error message is "access denied". It might be firewall problem but I do not have any idea. Please me. [moved from Installing Mandrake by spinynorman] Edited June 12, 2004 by bsyuni Quote Link to comment Share on other sites More sharing options...
streeter Posted June 13, 2004 Report Share Posted June 13, 2004 First, have you tried another browser? I suspect this could be a proxy problem, so check the settings in Mozilla. Also look at the settings in Mozilla on your desktop - copy them to a laptop. Best work on only one laptop for now. Then, if no proxy is specified in mozilla, have you got a proxy server running on your desktop (eg, squid)? Then, please post output of "iptables -nvL" and "iptables -nvL -t nat" - it is possible all http traffic is being directed to a (non running, or incorrectly set up) proxy by your firewall - I've seen this once or twice. DONT alter any network settings - if you can ftp and ping, basic networking is OK. Chris Quote Link to comment Share on other sites More sharing options...
bsyuni Posted June 13, 2004 Author Report Share Posted June 13, 2004 (edited) Thanks for your quick responding. I tried mozilla, konqueror, w3m, opera but they dose not work so far. I think squid was installed because of the squid failling message during shutdown. But I am not sure how can I figure it out whether it works or not. By the way I have two ethernet card. eth0: for local setting eth1: for internet connection Both of them work under all MDK 9.X. Here is what I have done. I restart network service [root@yuni bsyuni]# service network restart Shutting down interface eth0: [ OK ] Shutting down interface eth1: [ OK ] Shutting down loopback interface: [ OK ] Disabling IPv4 packet forwarding: [ OK ] Setting network parameters: [ OK ] Bringing up loopback interface: [ OK ] Enabling IPv4 packet forwarding [ OK ] Bringing up interface eth0: [FAILED] Bringing up interface eth1: [ OK ] As you see eth0 fails. Bring up eth0 again [root@yuni bsyuni]# ifup eth0 It seems eth0 works. But even I skip 'ifup eth0' I have same ifconfig. [root@yuni bsyuni]# ifconfig eth0 Link encap:Ethernet HWaddr 00:02:44:00:CE:2F inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::202:44ff:fe00:ce2f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:340 errors:0 dropped:0 overruns:0 frame:0 TX packets:334 errors:0 dropped:0 overruns:0 carrier:0 collisions:29 txqueuelen:1000 RX bytes:28092 (27.4 Kb) TX bytes:43582 (42.5 Kb) Interrupt:9 Base address:0x2040 eth1 Link encap:Ethernet HWaddr 00:10:4B:0F:D2:13 inet addr: Bcast: Mask: inet6 addr: fe80::210:4bff:fe0f:d213/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3269 errors:0 dropped:0 overruns:0 frame:0 TX packets:341 errors:0 dropped:0 overruns:0 carrier:0 collisions:9 txqueuelen:1000 RX bytes:223335 (218.1 Kb) TX bytes:27833 (27.1 Kb) Interrupt:11 Base address:0x2080 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:71 errors:0 dropped:0 overruns:0 frame:0 TX packets:71 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4670 (4.5 Kb) TX bytes:4670 (4.5 Kb) For iptables [root@yuni bsyuni]# iptables -nvL Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 71 4670 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 36 6513 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 9 1880 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 261 34312 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 274 17368 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 71 4670 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 20 1255 fw2net all -- * eth1 0.0.0.0/0 0.0.0.0/0 5 208 all2all all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain Drop (1 references) pkts bytes target prot opt in out source destination 16 2456 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0 16 2456 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 16 2456 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 16 2456 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 16 2456 dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 12 2292 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 Chain DropSMB (1 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 Chain DropUPnP (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 Chain Reject (4 references) pkts bytes target prot opt in out source destination 6 1688 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0 6 1688 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 1 48 RejectSMB all -- * * 0.0.0.0/0 0.0.0.0/0 1 48 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 1 48 dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 1 48 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain RejectAuth (2 references) pkts bytes target prot opt in out source destination 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 Chain RejectSMB (1 references) pkts bytes target prot opt in out source destination 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 Chain all2all (2 references) pkts bytes target prot opt in out source destination 4 160 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 6 1688 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 1 48 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 1 48 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dropBcast (2 references) pkts bytes target prot opt in out source destination 5 1640 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast Chain dropNonSyn (2 references) pkts bytes target prot opt in out source destination 4 164 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 Chain dynamic (4 references) pkts bytes target prot opt in out source destination Chain eth0_fwd (1 references) pkts bytes target prot opt in out source destination 72 6004 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 274 17368 loc2net all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 9 1880 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 9 1880 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 261 34312 net2all all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 16 2456 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 36 6513 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 15 939 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 5 316 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (0 references) pkts bytes target prot opt in out source destination Chain loc2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128 5 1640 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2net (1 references) pkts bytes target prot opt in out source destination 202 11364 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 72 6004 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (2 references) pkts bytes target prot opt in out source destination 281 38369 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 16 2456 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 12 2292 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 12 2292 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (11 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 1 48 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain shorewall (0 references) pkts bytes target prot opt in out source destination Chain smurfs (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 Here is another one. [root@yuni bsyuni]# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 76 packets, 9875 bytes) pkts bytes target prot opt in out source destination 64 7659 loc_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 24 packets, 1890 bytes) pkts bytes target prot opt in out source destination 45 3573 eth1_masq all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 17 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain eth1_masq (1 references) pkts bytes target prot opt in out source destination 32 2463 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0 Chain loc_dnat (1 references) pkts bytes target prot opt in out source destination 4 240 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 [root@yuni bsyuni]# Whether eth0 device fail or not the laptops work with FTP, messenger and VNC access. Thank you in advance. :lol: Edited June 13, 2004 by bsyuni Quote Link to comment Share on other sites More sharing options...
streeter Posted June 13, 2004 Report Share Posted June 13, 2004 (edited) Quick reply - got to go out - sorry! 1) eth1 doesn't have an Ip address assigned 2) >>Chain loc_dnat (1 references) >>pkts bytes target prot opt in out source destination >> 4 240 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 port 3128 is the squid proxy port - any http request getting to this rule will get redirected to squid - if it's no working.... Chris Edited June 13, 2004 by streeter Quote Link to comment Share on other sites More sharing options...
streeter Posted June 13, 2004 Report Share Posted June 13, 2004 (edited) Back again :) So, do you need to use squid? I suspect not, but if so, you will need to configure it. Try the wizard, but they can be dodgy at times, and you seem to get a very long iptables list... select allow access to the local network. If this doesn't work, try webmin, or ask here - I have it working OK here. If not, remove it with the package manager (preferred option). You should then remove the jump to the entry relating to the proxy from the PREROUTING table. Chain PREROUTING (policy ACCEPT 76 packets, 9875 bytes) pkts bytes target prot opt in out source destination 64 7659 loc_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 This entry jumps to the entry in my last post if any packet comes in on eth0, then the loc_dnat table will match http packets (destination port 80) - which is most requests from your laptop browsers!! It is possible that the proxy server wizard (found in mcc->server wizards->configure proxy) does this for you - anybody know about this? You can remove the entry manually with (should work...): iptables -t nat -D PREROUTING -i eth0 -j loc_dnat Check with "iptables -nvL -t nat" and compare to the output of your last post. If you needed to use the manual command, and your browsers now work, you could put the command at the end of /etc/rc.d/rc.local Chris Edited June 13, 2004 by streeter Quote Link to comment Share on other sites More sharing options...
streeter Posted June 13, 2004 Report Share Posted June 13, 2004 Right - I have just used the Mandrake wizards on my laptop, so I now know a little more about them... I have always set things up by hand before, as I don't trust the wizards :) The internet connection sharing wizard sets up a dhcp server, squid and a caching nameserver. You don't always need these - on a home network these servers are just an added complication and more opportunity for things to go wrong.... And if squid (a proxy server) is not set up correctly, you get exactly the results you are getting - the firewall redirects all http requests to squid. So my last post should be right - either try setting up squid again, or set things up manually. Chris Quote Link to comment Share on other sites More sharing options...
bsyuni Posted June 15, 2004 Author Report Share Posted June 15, 2004 Thanks again. :lol: I can understand a little of your recommendation but I tried to follow you instruction. I removed squid. I do not have any idea for webmin or modification of ROUTING table. I just did as follows, iptables -t nat -D PREROUTING -i eth0 -j loc_dnat It seems the definition has a conflict. I remove iptables package. and reinstall iptables package. Than I have a little different message. [root@yuni bsyuni]# iptables -t nat -D PREROUTING -i eth0 -j loc_dnat iptables v1.2.9: Couldn't load target `loc_dnat':/lib/iptables/libipt_loc_dnat.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. [root@yuni bsyuni]# iptables -t nat -D PREROUTING -i eth0 -j loc_dnat iptables v1.2.9: Couldn't load target `loc_dnat':/lib/iptables/libipt_loc_dnat.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. [root@yuni bsyuni]# Sorry for bothering and thank you for your help. Quote Link to comment Share on other sites More sharing options...
bsyuni Posted June 15, 2004 Author Report Share Posted June 15, 2004 Hello again. :D I install webmin that was one of the recommendations of yours. I am facing huge control panel in mozilla. It looks easy because of GUI but I am not familiar with it at all. Could you possibly help me out? Any tips are appreciated. Quote Link to comment Share on other sites More sharing options...
streeter Posted June 15, 2004 Report Share Posted June 15, 2004 All "iptables -t nat -D PREROUTING -i eth0 -j loc_dnat " does is remove a table entry - if the entry is no longer there (the result we want) you will get the error. So the result is the same - the entry is gone. Did you put the "iptables -t nat -D PREROUTING -i eth0 -j loc_dnat " at the end of /etc/rc.d/rc.local? If not, do it now and reboot. Then try it out. Then post output of "iptables -nvl -t nat". Forget webmin and squid for now - you don't need them. What we are trying to do is stop your PC from automatically redirecting http requests to squid. The above command should do that, if I got the syntax right... Chris Quote Link to comment Share on other sites More sharing options...
bsyuni Posted July 19, 2004 Author Report Share Posted July 19, 2004 :lol: I just would like to say thank you, Chris. It has been a month to fix my problem. Right now, I just sove the problem. :D Thnak you for your big help again. :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.