| Steven Hook 2004-10-15, 8:46 pm |
|
"Bill Unruh" <unruh@string.physics.ubc.ca> wrote in message
news:ckjhc8$a21$1@nntp.itservices.ubc.ca...
> "Steven Hook" <shook@NOTbowens.co.za> writes:
>
> ]I'm setting up a new dial-in server using RH9, nice new intel server
board
> ]and an eicon diva server bri card
> ]everything seems to be ok with the dialin, the call is answered and the
> ]caller's uname and password is authenticated right, but they can't see
> ]anything past that box;
> ]from comms I can ping any machine on the network, but from a machine that
> ]dialed into comms I can only ping comms.
> ]is it maybe a mgetty config thing?
>
>
> You probably want to make sure you have proxyarp as an option in
> /etc/ppp/options.
it is
> You also want to make sure that IP forwarding is enabled
> on the server (/etc/sysctl.conf net.ipv4.ip_forward = 1)
it is
> Make sure that the firewall is configured properly. etc
> The assumption is that '/sbin/ifconfig -an' and '/sbin/route -n' on the
>dialin "server" does show a working ppp connection.
'/sbin/ifconfig -an' doesn't work, but /sbin/ifconfig -a looks right:
eth0 Link encap:Ethernet HWaddr 00:11:11:5F:59:B5
inet addr:192.168.10.219 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39587 errors:0 dropped:0 overruns:0 frame:0
TX packets:527 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2408510 (2.2 Mb) TX bytes:54227 (52.9 Kb)
Interrupt:20 Base address:0xbc00 Memory:feafe000-feafe038
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4032 (3.9 Kb) TX bytes:4032 (3.9 Kb)
>
>On the dialin "client" - does the routing table show a _default route_
>to the world using the dialin "server" IP address as the gateway?
>
>On the dialin "client" - does /etc/resolv.conf OR IT'S WINDOZE EQUIVALENT
>have entries for one to three (ONLY) working nameservers?
>
>On the dialin "server" - is it set for IPv4 forwarding? 'cat' the
contents
>of /proc/sys/net/ipv4/ip_forward (should be a '1'). Setting a variable
>in /etc/sysconfig/network will set this on boot or network restart.
>
>On the dialin "server" - did you set 'proxyarp' as an option to pppd? If
>not, do the rest of the hosts on your LAN know to send packets to the
>dialin "server" as a local gateway when they want to reach the dialin
>"client".
>
that[vbcol=seagreen]
>
>On the dialin "server" run 'tcpdump' to see what packets are going
through
>the server, and what might be happening with any replies.
>
>
>The usual error is 'proxyarp' on the "server". There could also be a
proxyarp IS in /etc/ppp/options
>firewall problem - try /sbin/iptables -L to see what rules might be in
>place.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:10000
ACCEPT tcp -- anywhere anywhere tcp dpt:20000
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT udp -- anywhere anywhere udp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT udp -- anywhere anywhere udp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:squid
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:5800
ACCEPT tcp -- anywhere anywhere tcp dpt:5900
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABL
ISHED
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.10.0/24 anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABL
ISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
>
>Note: The reason I'm quoting "server" and "client" is that ppp is a Peer
>to Peer connection, and there is no server or client - there are only
>peers. Here, I'm using the word "client" as the one who initiates the
>connection - the one who dialed in. The "server" is the one who answered
>the call.
>
> Old guy
>
|