Networking woes: remote terminal and web server

[Guest Locke]

This is a new issue to me. I'm sitting on a fresh instal of mandrake 9.2 (and since it was fresh anyway, I reinstalled several times and tried all this again and got the same errors each time), and I'm trying first and foremost to configure a web server.

 

_SETUP_

So, I'm behind a linksys router, but that hasn't been an issue in the past. The router is configured to allow TCP (even selected UDP for fun) from port 80 to port 80 on the linux box (I'm also running a few other OS's as test platforms around this box) and allows anonymous internet requests. I set up with a static IP outside the range of the DHCP network run by the router and once inside as well though I don't think it should matter (the router runs DHCP addresses from 192.168.1.100 to .149, so I've tried 150,10,120, among others).

 

I've tried configuring the eth0 file and network and resolv.conf files by hand as well as with the wizard. I'm happy to report it would seem the wizard is configuring each of these correctly each time and unhappy to report I get the same result whether I do it myself or the wizard does. I also tried to set the router up to point to this box with the DMZ turned on ... no joy.

 

_PROBLEM_

Well, obviously it doesn't work. The first strangeness is that if I set up linux in DHCP, check the address, and then point to /that/ address ... everything is peachy. I have my apache web server and linux can access the web. The other strangeness is that regardless of whether linux is DHCP or Static (or whether it can access the web or other computers can access the server), I can't ping my own NIC (just times out) and I /can/ ping every other machine on the LAN.

 

_SECOND QUESTION_

This may be easy, but I don't see where to begin looking at manuals. I want to set up something like a remote desktop / dumb terminal from other machines regardless of OS (preferably). IE: I'd love to log in (just console, not GUI) to my linux box through a console window from my XP box and be able to work on configuration, perl scripts, source my .bash_profile if I need, etc. Basically, telnet into linux from another platform and watch bash pop up on that console wherever I am. For security, I'd like to limit it initially to the LAN, but moving on towards doing this with some trusted machines in the world would be very useful for my business as well. Anyone point me to some manuals or tell me this is impossible?

 

--Trying to learn everything I can

 

_OUTPUT TEXT_ (while I'm on the net ... so as DHCP)

*ifconfig*

eth0 Link encap:Ethernet HWaddr 00:04:5A:7A:A1:A0

inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3486 errors:0 dropped:0 overruns:0 frame:0

TX packets:4313 errors:1 dropped:0 overruns:0 carrier:2

collisions:0

RX bytes:1320352 (1.2 Mb) TX bytes:554979 (541.9 Kb)

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:1150 errors:0 dropped:0 overruns:0 frame:0

TX packets:1150 errors:0 dropped:0 overruns:0 carrier:0

collisions:0[root@localhost var]# traceroute www.google.com

 

*route -n*

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

0.0.0.0 192.168.1.9 0.0.0.0 UG 0 0 0 eth0

 

*traceroute www.google.com*

traceroute: Warning: www.google.com has multiple addresses; using 66.102.7.147

traceroute to www.google.akadns.net (66.102.7.147), 30 hops max, 38 byte packets

1 192.168.1.9 (192.168.1.9) 2.046 ms 1.632 ms 6.256 ms

2 * * *

3 12.244.26.113 (12.244.26.113) 9.751 ms 11.091 ms 10.074 ms

4 12.125.159.77 (12.125.159.77) 13.121 ms 10.849 ms 11.994 ms

5 gbr2-p70.dvmco.ip.att.net (12.123.36.78) 12.872 ms 11.901 ms 12.475 ms

6 gbr3-p80.dvmco.ip.att.net (12.122.5.25) 11.543 ms 11.951 ms 13.743 ms

RX bytes:177289 (173.1 Kb) TX bytes:177289 (173.1 Kb)

 

*ping 192.168.1.9

--- 192.168.1.9 ping statistics ---

13 packets transmitted, 13 received, 0% packet loss, time 12115ms

rtt min/avg/max/mdev = 1.690/1.749/1.821/0.043 ms

 

*ping 192.168.1.104* /// when I exist as IP .104

--- 192.168.1.104 ping statistics ---

7 packets transmitted, 0 received, 100% packet loss, time 6000ms

 

I get the feeling I'm missing something simple. Hopefully!

[armondf]

Ello

 

Is this your IP Address?

 

*ifconfig*

eth0 Link encap:Ethernet HWaddr 00:04:5A:7A:A1:A0

inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0

 

cos you're trying to ping something completely different....

 

*ping 192.168.1.9

--- 192.168.1.9 ping statistics ---

13 packets transmitted, 13 received, 0% packet loss, time 12115ms

rtt min/avg/max/mdev = 1.690/1.749/1.821/0.043 ms

 

Try this. Leave eth0 to get the DHCP address, create a ifcfg-eth0:1

set up a static host in that, restart networking and try again.... here is how....

 

cd /etc/sysconfig/network-scripts/
vi ifcfg-eth0:1
#### You're in vi, use insert to to get writeable prompt
DEVICE=eth0:1
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
ONBOOT=yes
#### hit [esc],  wq!  to write and quit

restart your network...

do ifconfig, should pick up 2 eth devices (first is eth0, next is virtual, eth0:1)

 

P.S. If it still doesn't work, check your netmask, try setting all netmasks to 255.255.255.240 instead of .0 ... you can then add your route to use the virtual as the gw for this machine....

 

 

Remote admin, from whatever windoze to whatever linux.... Ur best bet, putty, it's a nice, simple SSH client that works straight and immediately, no installers required. Fire up tucows, search for Putty and voila. SSH will give you access to a full console, no GUI. Tight VNC is an option for those interested in a gui interface.

 

Regards,

Armond

[Guest Locke]

First and foremost, thanks for the help so far. My web server is up and running thanks to your idea with the virtual static ip address!

 

Now to answer your questions because I've still got one:

Is this your IP Address?

 

*ifconfig*

eth0 Link encap:Ethernet HWaddr 00:04:5A:7A:A1:A0

inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0

 

Yes, this is my IP address on the LAN when DHCP assigns it (usually, of course).

 

cos you're trying to ping something completely different....

 

*ping 192.168.1.9

--- 192.168.1.9 ping statistics ---

13 packets transmitted, 13 received, 0% packet loss, time 12115ms

rtt min/avg/max/mdev = 1.690/1.749/1.821/0.043 ms

 

True, I pinged this IP as a test. If you look just below, I also pinged 192.168.1.104. I get no response from 104 and do get a response from 109. To me this says (among other tests) that the NIC is functioning correctly ... the machine is on the network and on the web (I can ping google as well), but the strangeness resides in that I can't ping my own box.

 

*ping 192.168.1.104* /// when I exist as IP .104

--- 192.168.1.104 ping statistics ---

7 packets transmitted, 0 received, 100% packet loss, time 6000ms

 

Here's where my question comes in. I still can't ping myself. Let me be more concrete ... the only thing I've changed is added the virtual eth1 at a static address for my web hosting, so nothing really has changed. Linix is running at 192.168.1.104 (and now virtually at 192.168.1.150). From that box (or any other box on the network), I try to ping either of those IP addresses and get the same thing as above, total packet loss. It's as if the machine isn't declaring itself anywhere on the LAN but is still able to open connections ... which doesn't make sense to me ... it has to be declared somewhere or I couldn't route internet (port 80) traffic to it.

 

And thank you for the information on SSH, I'll be reading up on that and I've downloaded PuTTY to try out ... but currently it doesn't work ... and I suspect the two cases are related. If I can't ping the machine, I couldn't assume SSH would be able to find it (in fact, PuTTY opens a term window and then the term window closes after about 2 seconds with no information on it).

[Guest Locke]

I've found some solutions but still have some problems. First off, I managed to solve the DHCP problem. I think if I had been a bit more specific, you guys might have caught me in my stupidity as well. My router / gateway was set up on 192.168.1.9, and when I was configuring the static IP, I kept configuring the gateway as 192.168.1.1, which didn't work. So now I've got a static IP configured at 192.168.1.150 and working well for net traffic.

 

As to pinging myself, I managed to catch a ping from a network computer in /var/logs/messages and found this:

localhost kernel: Shorewall:net2all:DROP:IN=eth0

 

So I started reading up on shorewall and made some changes. I can now ping 127.0.0.1 and other iterations of my own machine, as well as the outside world, traceroute works properly, etc. Now I'm left with two problems. I still can't ping this box from another LAN box and I still can't SSH into it (localhost sshd[26221]: refused connect from 192.168.1.107 (192.168.1.107))

 

I'm now set up as follows:

*rules*

ACCEPT  net     fw      tcp     80,443,22       -
ACCEPT  loc     fw      tcp     22,137
ACCEPT  loc     fw      udp     138,139,445
ACCEPT  loc     fw      icmp    echo-request
#ACCEPT  loc     fw      icmp    8,0      #Tried this with no luck

 

 

*policy*

fw      net     ACCEPT
net     all     DROP    info
all     all     REJECT  info
#fw      loc    ACCEPT     #Tried this with no luck, also tried --loc fw accept

 

I'm trying to set up so I can be a web server (working), but also for SSH from (initially) local machines and (eventually) net machines, and will be setting up SAMBA next.

 

Am I as close as I feel? (the more frustrated you are, the closer you are to the answer). It seems like this is the golden key solution to the problem, but I'm messing up the configuration somewhere.

[armondf]

Hello

 

Sounds like you're well on your way. Can you SSH from a local machine to your server yet? Samba is pretty straight forward. You will obviously need to set up your firewall to allow connections via SSH and Samba.

 

Shout if you need any more help.

 

Regards,

Armond

[Gowator]

also your default route was a little funny...

technically 0.0.0.0 should work but the syntax is

route add default gw <DEV> <IP> <MASK>

 

in your case the default GW should be 192.168.1.9

 

Ive never tried using 0.0.0.0 with a null netmask but always used the default gw syntax...