a little network problem

[toukie]

I would like to know what the problem is when b3 works properly with SSH but not as a router so that I could use it with a browser. There is no contact to server with them.

network-test:

INFO: This system is configured to use nameserver 127.0.0.1
INFO: Host 127.0.0.1 answers to ICMP pings
INFO: Dns server 127.0.0.1 resolved correctly www.debian.org
INFO: The nameserver configured for this system works properly
INFO: System can reach Internet host www.debian.org
INFO: System can access web server at Internet host www.debian.org

[Gordon]

That either means that:

1. Your workstation is not configured to use the B3 as the default route
2. The firewall on the B3 is not masquerading (no internet server can reply if your origin is 192.168.x.x)

[toukie]

It is not the firewall, I can use surfraw with screen from B3.
Default route is set as the LAN IP of B3, as it was before. I can't ping the router from my workstation and not my workstation from B3. SSH works and the B3 admin page, but B3 as router doesn't. I don't know why I lost it, and I don't know how to get it back.
My workstation is OK but B3 doesn't like it anymore. The funny thing is that it seems to change settings on its own. The settings done in the GUI don't hold. Wireless interface is up but it is impossible to contact etc. etc.

[Gordon]

The functionality of the firewall is not limited to blocking traffic alone. It is also about translating either source or destination addresses. When you use the B3 as your router (and in fact your ISP router does the same) it changes the source address of your traffic to its own WAN address, so that any answers will travel the same route back. It is likely that the rule required for this function is missing, or that in fact your firewall is not started at all (which will mean that this vital rule is also not activated).

Verify that the output of `iptables-save` has a line for table POSTROUTING with target MASQ

[toukie]

I get this with iptables-save:

# Generated by iptables-save v1.4.8 on Tue Jan 22 12:07:52 2013
*nat
REROUTING ACCEPT [846:63478]
:INPUT ACCEPT [8:444]
:OUTPUT ACCEPT [1565:82951]
OSTROUTING ACCEPT [23:4064]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

my workstation sends packages but doesn't receive any when used with B3, that's what I see with iftop on my Mac. The arrows that point back have all 0b.
Network-test from B3 shows that everything is fine and I can use internet from B3 with surfraw+screen.
It is the LAN connection that doesn't work other than SSH plus the admin page on B3, there is no internet.
( funny how the P's are read above, I didn't put in any smilies)

[Gordon]

That actually seems to be in order.

Let's recapture this:

1. If you're on the B3 you can ping an outside server by name, so DNS must be working and it can route towards the internet
2. On the LAN you can access the B3 by both SSH and the Webadmin page (is that all?)
3. Traffic leaving the B3 on eth0 is masqueraded

Can you actually do a DNS lookup on your workstation? Did you also try to ping a server by its IP address, e.g. OpenDNS at 208.67.220.220? You didn't reverse LAN and WAN by any chance, did you?

[toukie]

1. I have access to internet from B3 (screen+surfraw)
2. From LAN I get SSH connection to B3 plus the Webadmin page but no Internet.
3. iptables-save says that I have: -A POSTROUTING -o eth0 -j MASQUERADE

I can't ping anything else than 127.0.0.1 from my workstation, not OpenDNS at 208.67.220.220, and not my LAN IP.

How could LAN and WAN be reversed? I have LAN IP as Router. DNS server is 127.0.0.1 plus two others. IP address is 192.168.10.xyz

[Gordon]

If you can SSH and access web pages on the B3 but you can not ping it, then that is a strong indication that there is some kind of firewall operating somewhere between your desktop and the B3.

Do check your cabling and verify that LAN is in fact connected to the LAN port on the B3 (the one that is closest to the center). Verify that your firewall includes the following settings:

WiFi version:

Code: Select all

-A INPUT -i br0 -j ACCEPT
-A FORWARD -i br0 -j ACCEPT

Non-WiFi version:

Code: Select all

-A INPUT -i eth1 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT

Is your Mac the only station you can use to test network/internet connectivity?

[toukie]

The ports and cables have been OK all the time, there wouldn't have been SSH to B3 if not. I had firewall off on Mac but it didn't change things.
I have a laptop with Debian on it. The problem is the same there.

This is the network setup that doesn't work:

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.10.1 UGSc 4 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 14 171568 lo0
169.254 link#4 UCS 0 0 en0
192.168.10 link#4 UCS 2 0 en0
192.168.10.1 06b:7e:6a:fb UHLWI 4 0 en0 1061
192.168.10.245 127.0.0.1 UHS 0 0 lo0
192.168.10.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en0

Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UH lo0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
fe80::%en0/64 link#4 UC en0
fe80::21b:63ff:feac:6f%en0 0:1b:63:ac:0:6f UHL lo0
ff01::/32 ::1 Um lo0
ff02::/32 ::1 UmC lo0

[toukie]

This was very strange. The thing went down on its own and came back on its own with the same settings. Maybe the reboots did it or whatever.

I think that changes in network settings (the bind9 and resolvconf thing) had an effect on the system even after the removal of those programs.

Too much experimenting can mess up things.

[Gordon]

I don't see any relation between experimenting with different DNS services and not being able to access a machine by its IP number. It must have been something else.

But all's well that ends well. Cheers.