View previous topic :: View next topic |
Author |
Message |
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sat Aug 26, 2006 7:07 pm Post subject: rooting help needed [SOLVED] |
|
|
VPN is established ok, but I still can't access the internet.
Code: | gentoo daniel1988 # ifconfig
eth0 Link encap:Ethernet HWaddr 00:05:5D:7B:BF:59
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:349 errors:0 dropped:0 overruns:0 frame:0
TX packets:303 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:57053 (55.7 Kb) TX bytes:39212 (38.2 Kb)
Interrupt:11 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:400 (400.0 b) TX bytes:400 (400.0 b)
ppp0 Link encap:Point-to-Point Protocol
inet addr:195.252.xxx.xxx P-t-P:192.168.201.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric
RX packets:83 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:9821 (9.5 Kb) TX bytes:68 (68.0 b)
wlan0 Link encap:Ethernet HWaddr 00:40:F4:9E:0D:F3
inet addr:172.16.xxx.xxx Bcast:172.16.xxx.255 Mask:255.255.192.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Met
RX packets:264 errors:0 dropped:0 overruns:0 frame:0
TX packets:361 errors:13 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29841 (29.1 Kb) TX bytes:28769 (28.0 Kb)
Interrupt:10 Memory:e081a000-e081a100
|
Note: eth0 gets static IP adresses, wlan0 gets dinamic IP addresses from dhcp server
Code: | gentoo daniel1988 # route -nv
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.201.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.192.0 U 0 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 wlan0
|
As you can see from above, default route is set to wlan0.
Current situation: link (one photo, 1000 words )
If you need any information more, ask!
Best regards,
Daniel
Last edited by daniel1988 on Sun Aug 12, 2007 4:02 pm; edited 3 times in total |
|
Back to top |
|
|
aqu Apprentice
Joined: 12 Nov 2005 Posts: 249 Location: Kalisz, Poland
|
Posted: Sat Aug 26, 2006 9:30 pm Post subject: |
|
|
which computers dont have web access?
server or lan network stations? _________________ Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939
adopt an unanswered post |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sun Aug 27, 2006 1:59 am Post subject: |
|
|
Gentoo box & computers from my lan can't access the internet. Connecting Gentoo box is the problem. I think that this iptables rules should share the connection throught lan after the connection is established:
Code: | echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -P INPUT DROP |
--Daniel |
|
Back to top |
|
|
aqu Apprentice
Joined: 12 Nov 2005 Posts: 249 Location: Kalisz, Poland
|
Posted: Sun Aug 27, 2006 9:20 am Post subject: |
|
|
on iptables rules -o must be interface connected to router. but those packets dont have anything to do with this connection.
are you sure that connection between you and router is vpn? if its do so you should emerge openvpn and configure it ;] _________________ Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939
adopt an unanswered post |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sun Aug 27, 2006 1:34 pm Post subject: |
|
|
I don't have a router, I have rtl8180 based wireless PCI card (named wlan0 in ifconfig). VPN connection between me and ISP is up and running (ppp0 in ifconfig). The only thing that remains to be done is that to change the gateway so all internet traffic goes throught VPN tunnel.
In other topic (here) two members told me to use pptp and in other forum one member told me to use openvpn, so I decided to take pptp. |
|
Back to top |
|
|
aqu Apprentice
Joined: 12 Nov 2005 Posts: 249 Location: Kalisz, Poland
|
Posted: Sun Aug 27, 2006 5:01 pm Post subject: |
|
|
default gateaway should be given by dhcp.
try
when do you try to ping or something did you get
or
Code: | ping: Network not available |
? _________________ Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939
adopt an unanswered post |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sun Aug 27, 2006 5:59 pm Post subject: |
|
|
Yes, it's given by DHCP. I can ping ISP's homepage & vpn1.centurion.co.yu. I think that DNS server comes before authentication server because www.google.com gets translated into 66.249.85.104 .
But all packets are lost. This happens (dns name resolvation) even when ppp0 is down.
That's all I can access (with ppp0 down as well ad ppp0 up): ISP's homepage, vpn1.centurion.co.yu and dns server.
---------------------------------------------------------------------------------------
This is written on other forum:
(will continue later)
Edit to continue:
Quote: | #/sbin/ip route add [ip_of_dns_server] via [ip_router] dev eth0 src [ip_of_your_lan_card]
#ip route replace default dev 'ppp0' |
In my case, I don't have router and lan card to connect it, first line should be:
#/sbin/ip route add [ip_of_dns_server] dev wlan0 src [ip_of_your_lan_card] <<< the ip of my wlan0 card is dynamic... how to make a script for it later (if this will be proved to be true)
second line should be ok...
And I tried:
Code: | ip route add 192.168.200.6 dev wlan0 src 172.16.0.18
ip route replace default dev 'ppp0'
# route -ve
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.201.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.200.6 * 255.255.255.255 UH 0 0 0 wlan0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
172.16.0.0 * 255.255.192.0 U 0 0 0 wlan0
loopback * 255.0.0.0 U 0 0 0 lo
default * 0.0.0.0 U 0 0 0 ppp0 |
routing table changes, but I still can't access the internet & connection breakes after ~30 sec (most probably it can't reach vpn1.centurion.co.yu because default gateway was changed & it can't use the new one)
Code: | ......
rcvd [LCP EchoReq id=0x6 magic=0x12fe7047]
sent [LCP EchoRep id=0x6 magic=0xd272f0ec]
sent [LCP EchoReq id=0xa magic=0xd272f0ec]
rcvd [LCP EchoRep id=0xa magic=0x12fe7047]
rcvd [LCP EchoReq id=0x7 magic=0x12fe7047]
sent [LCP EchoRep id=0x7 magic=0xd272f0ec]
sent [LCP EchoReq id=0xb magic=0xd272f0ec]
rcvd [LCP EchoRep id=0xb magic=0x12fe7047]
sent [LCP EchoReq id=0xc magic=0xd272f0ec]
sent [LCP EchoReq id=0xd magic=0xd272f0ec]
sent [LCP EchoReq id=0xe magic=0xd272f0ec]
sent [LCP EchoReq id=0xf magic=0xd272f0ec]
sent [LCP EchoReq id=0x10 magic=0xd272f0ec]
sent [LCP EchoReq id=0x11 magic=0xd272f0ec]
Script pptp vpn1.centurion.co.yu --nolaunchpppd finished (pid 25670), status = 0x0
Modem hangup
Script /etc/ppp/ip-down started (pid 26090)
Connection terminated.
Connect time 3.1 minutes.
|
Later, I tried a several more combinations... link, but with no success
Last edited by daniel1988 on Sun Aug 27, 2006 7:49 pm; edited 1 time in total |
|
Back to top |
|
|
aqu Apprentice
Joined: 12 Nov 2005 Posts: 249 Location: Kalisz, Poland
|
Posted: Sun Aug 27, 2006 7:32 pm Post subject: |
|
|
maybe try
Code: | ping -I ppp0 google.com |
_________________ Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939
adopt an unanswered post |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Mon Aug 28, 2006 5:10 pm Post subject: |
|
|
& take a look two posts up, the post was edited.
--Daniel |
|
Back to top |
|
|
ova Retired Dev
Joined: 06 Nov 2003 Posts: 120 Location: Russia, Moscow
|
Posted: Mon Aug 28, 2006 7:04 pm Post subject: |
|
|
Daniel.
Before trying to setup routes try to ping the other side of your VPN connection.
Quote: | ppp0 Link encap:Point-to-Point Protocol
inet addr:195.252.xxx.xxx P-t-P:192.168.201.1 Mask:255.255.255.255 |
In your case:
If you can than you should check that your VPN server is in the subnet which is accessible without default route. Just do `host vpn1.centurion.co.yo` to determine IP address of vpn1.centurion.co.yo and look at your `route -n`. If IP address is not among explicit routes then your guess
Quote: | connection breakes after ~30 sec (most probably it can't reach vpn1.centurion.co.yu because default gateway was changed & it can't use the new one) |
may be right. Then you should add route to that server. Use default route you received from dhcp as a next hope router for this route:
Code: |
route add vpn1.centurion.co.yo gw 172.16.0.1
|
and only now you should
Code: | ip route replace default dev 'ppp0' |
If nothing works try from the very begining and drop you local LAN from consideration while you do not have internet access from your gentoo box. |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Wed Aug 30, 2006 12:13 am Post subject: |
|
|
Code: | # ping 192.168.201.1
PING 192.168.201.1 (192.168.201.1) 56(84) bytes of data.
64 bytes from 192.168.201.1: icmp_seq=1 ttl=64 time=38.9 ms
64 bytes from 192.168.201.1: icmp_seq=2 ttl=64 time=19.0 ms
64 bytes from 192.168.201.1: icmp_seq=3 ttl=64 time=56.0 ms
64 bytes from 192.168.201.1: icmp_seq=4 ttl=64 time=5.57 ms
64 bytes from 192.168.201.1: icmp_seq=5 ttl=64 time=7.62 ms
64 bytes from 192.168.201.1: icmp_seq=6 ttl=64 time=87.3 ms
64 bytes from 192.168.201.1: icmp_seq=7 ttl=64 time=105 ms
64 bytes from 192.168.201.1: icmp_seq=8 ttl=64 time=38.5 ms
64 bytes from 192.168.201.1: icmp_seq=9 ttl=64 time=5.08 ms
64 bytes from 192.168.201.1: icmp_seq=10 ttl=64 time=121 ms
64 bytes from 192.168.201.1: icmp_seq=11 ttl=64 time=13.3 ms
--- 192.168.201.1 ping statistics ---
11 packets transmitted, 11 received, 0% packet loss, time 10002ms
rtt min/avg/max/mdev = 5.085/45.343/121.800/40.199 ms
|
Code: | # host vpn1.centurion.co.yu
bash: host: command not found |
The IP of vpn1.centurion.co.yu could be found while pinging it.
Code: | $ ping vpn1.centurion.co.yu
PING ns1.centurion.co.yu (192.168.200.6) 56(84) bytes of data.
64 bytes from ns1.centurion.co.yu (192.168.200.6): icmp_seq=1 ttl=62 time=8.19 ms
64 bytes from ns1.centurion.co.yu (192.168.200.6): icmp_seq=2 ttl=62 time=129 ms
--- ns1.centurion.co.yu ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 8.193/68.971/129.749/60.778 ms |
Code: | # route add vpn1.centurion.co.yu gw 172.16.0.1
# ip route replace default dev 'ppp0'
# route -nv
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.201.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.200.6 172.16.0.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.192.0 U 0 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 |
Code: | $ ping www.google.com
PING www.l.google.com (72.14.221.99) 56(84) bytes of data.
64 bytes from 72.14.221.99: icmp_seq=1 ttl=238 time=61.0 ms
64 bytes from 72.14.221.99: icmp_seq=2 ttl=238 time=59.4 ms
64 bytes from 72.14.221.99: icmp_seq=3 ttl=238 time=78.3 ms
64 bytes from 72.14.221.99: icmp_seq=4 ttl=238 time=94.7 ms
64 bytes from 72.14.221.99: icmp_seq=5 ttl=238 time=319 ms
64 bytes from 72.14.221.99: icmp_seq=6 ttl=238 time=53.1 ms
64 bytes from 72.14.221.99: icmp_seq=7 ttl=238 time=62.3 ms
64 bytes from 72.14.221.99: icmp_seq=8 ttl=238 time=38.5 ms
64 bytes from 72.14.221.99: icmp_seq=9 ttl=238 time=54.9 ms
64 bytes from 72.14.221.99: icmp_seq=10 ttl=238 time=39.8 ms
64 bytes from 72.14.221.99: icmp_seq=11 ttl=238 time=54.2 ms
64 bytes from 72.14.221.99: icmp_seq=12 ttl=238 time=31.7 ms
64 bytes from 72.14.221.99: icmp_seq=13 ttl=238 time=38.0 ms
64 bytes from 72.14.221.99: icmp_seq=14 ttl=238 time=43.8 ms
--- www.l.google.com ping statistics ---
14 packets transmitted, 14 received, 0% packet loss, time 13005ms
rtt min/avg/max/mdev = 31.718/73.531/319.178/70.038 ms
|
Ping works!
But there is almost no traffic throught ppp0. Afet 5 mins:
ppp0 RX bytes:529956 (517.5 Kb) TX bytes:182401 (178.1 Kb)
Don't know why, only google works, I can search anything I wish on google. But when I want to open any other page Opera stucks at "Sending request to www.benchmark.co.yu" (as example), Firefox stucks at "Waiting for www.benchmark.co.yu"... tried about 10 most frequently accessed sites and noone worked (except google). Jabber couldn't connect too.
Any idea how to solve this?
Thank you for help!
Best regards,
Daniel |
|
Back to top |
|
|
ova Retired Dev
Joined: 06 Nov 2003 Posts: 120 Location: Russia, Moscow
|
Posted: Wed Aug 30, 2006 7:35 am Post subject: |
|
|
Well. Looking at you vpn server IP address you definilty need to add it to your routing table.
Things you can try:
1. Disable completely firewall. You do not need it now. Output of
Code: |
for table in nat filter mangle
do
iptables -t $table -L -n
done
|
should be policy ACCEPT and no rules everywhere.
2. try to run `ip route replace default via IP_ADDRESS_OF_PPP_PEER dev 'ppp0'` or `ip route replace default via IP_ADDRESS_OF_PPP_PEER`. You can find IP_ADDRESS_OF_PPP_PEER in ifconfig output.
3. Try to ping www.gentoo.org and www.google.com and look with tcpdump -ni wlan0 and tcpdump -ni ppp0 where traffic actually is? |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Fri Sep 01, 2006 6:20 pm Post subject: |
|
|
1.
Code: | $su
# /etc/init.d/iptables stop
# /etc/init.d/net.ppp0 start
# route add vpn1.centurion.co.yu gw 172.16.0.1
# ip route replace default dev 'ppp0'
# cd /usr/bin
# nano -w temp_exe_fw
# chmod +r temp_exe_fw
# chmod +x temp_exe_fw
# ./temp_exe_fw
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
|
# cat temp_exe_fw
Code: | # /bin/bash
for table in nat filter mangle
do
iptables -t $table -L -n
done
|
2.
Code: | # ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:195.252.74.99 P-t-P:192.168.201.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric:1
RX packets:2145 errors:0 dropped:0 overruns:0 frame:0
TX packets:2164 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:500328 (488.6 Kb) TX bytes:243519 (237.8 Kb)
|
IP_ADDRESS_OF_PPP_PEER is here 192.168.201.1, right? The other one (195.252.74.99) changes every time the ppp0 is established. And what about mask? Maybe there resides the problem...
And tried:
Code: | gentoo daniel1988 # ip route replace default via 192.168.201.1
gentoo daniel1988 # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.201.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.200.6 172.16.0.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.192.0 U 0 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.201.1 0.0.0.0 UG 0 0 0 ppp0
|
ping works
Code: | gentoo daniel1988 # ip route replace default via 192.168.201.1 dev 'ppp0'
gentoo daniel1988 # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.201.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.200.6 172.16.0.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.192.0 U 0 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.201.1 0.0.0.0 UG 0 0 0 ppp0 |
the same situation: ping works, but no major traffic (firefox still displays: waiting for [host])
Code: | gentoo daniel1988 # ip route replace default via 195.252.74.99
gentoo daniel1988 # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.201.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.200.6 172.16.0.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.192.0 U 0 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 195.252.74.99 0.0.0.0 UG 0 0 0 ppp0
|
same as above, ping works, no traffic
Code: | gentoo daniel1988 # ip route replace default via 192.168.200.6
RTNETLINK answers: Network is unreachable |
192.168.200.6 is the IP of DNS server & the IP of vpn1.centurion.co.yu
despite of that it is unreachable, I can ping it
3. wlan0 has tons of traffics: here are some of the last lines of
Code: | # tcpdump -ni wlan0
03:43:36.354953 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, seq 960226, length 1053: IP 70.53.194.87.60064 > 195.252.74.89.37276: P 154557:155545(988) ack 74992 win 4191 <nop,nop,timestamp 509217327[|tcp]>
03:43:36.356418 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, seq 960227, length 69: IP 84.137.28.110.61745 > 195.252.74.89.37276: P 4:8(4) ack 5 win 2715 <nop,nop,timestamp 509217857[|tcp]>
03:43:36.396605 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403498, ack 416034, length 72: IP 201.123.89.135.11113 > 195.252.74.109.20044: UDP, length 27
03:43:36.423963 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, ack 909659, no-payload, length 12
03:43:36.426463 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403499, length 1413: IP 83.156.105.7.2520 > 195.252.74.109.37841: . 157010:158358(1348) ack 91854 win 6392 <nop,nop,timestamp 509209458[|tcp]>
03:43:36.430549 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403499, length 1413: IP 83.156.105.7.2520 > 195.252.74.109.37841: . 157010:158358(1348) ack 91854 win 6392 <nop,nop,timestamp 509209458[|tcp]>
12626 packets captured
25254 packets received by filter
0 packets dropped by kernel
|
Bigger part of the output of # tcpdump -ni wlan0 >> file is here (the whole file is bigger than 400KB).
And the same thing for ppp0, here < this one is much shorter
3:2.
And tcpdump while pinging and "accessing" pages via firefox
Code: | $ ping www.gentoo.org
PING www.gentoo.org (38.99.64.201) 56(84) bytes of data.
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=1 ttl=31 time=247 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=2 ttl=31 time=247 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=3 ttl=31 time=268 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=4 ttl=31 time=220 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=5 ttl=31 time=281 ms
--- www.gentoo.org ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3997ms
rtt min/avg/max/mdev = 220.729/253.079/281.233/20.647 ms
# tcpdump -ni ppp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
03:45:49.369252 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 1, length 64
03:45:49.616738 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 1, length 64
03:45:50.368259 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 2, length 64
03:45:50.615751 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 2, length 64
03:45:51.367264 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 3, length 64
03:45:51.635463 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 3, length 64
03:45:52.367066 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 4, length 64
03:45:52.587699 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 4, length 64
03:45:53.367126 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 5, length 64 |
and while trying to open www.gentoo.org in firefox
Code: | # tcpdump -ni ppp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
04:16:56.951563 IP 195.252.74.99.48797 > 66.219.59.46.80: F 59344874:59344874(0) ack 1435234269 win 960 <nop,nop,timestamp 844758 514739596>
04:16:57.036462 IP 195.252.74.99.37184 > 66.219.59.46.80: S 152606809:152606809(0) win 3840 <mss 960,sackOK,timestamp 844781 0,nop,wscale 2>
04:16:57.217416 IP 66.219.59.46.80 > 195.252.74.99.48797: . ack 1 win 6432 <nop,nop,timestamp 514746828 844758>
04:16:57.227345 IP 66.219.59.46.80 > 195.252.74.99.37184: S 1525357612:1525357612(0) ack 152606810 win 5792 <mss 1460,sackOK,timestamp 514746834 844781,nop,wscale 0>
04:16:57.227436 IP 195.252.74.99.37184 > 66.219.59.46.80: . ack 1 win 960 <nop,nop,timestamp 844828 514746834>
04:16:57.227929 IP 195.252.74.99.37184 > 66.219.59.46.80: P 1:399(398) ack 1 win 960 <nop,nop,timestamp 844829 514746834>
04:16:57.397996 IP 66.219.59.46.80 > 195.252.74.99.37184: . ack 399 win 6432 <nop,nop,timestamp 514746851 844829>
7 packets captured
14 packets received by filter
0 packets dropped by kernel |
This is the trickiest thing I've ever done in Gentoo until now.
--Daniel |
|
Back to top |
|
|
ova Retired Dev
Joined: 06 Nov 2003 Posts: 120 Location: Russia, Moscow
|
Posted: Fri Sep 01, 2006 6:41 pm Post subject: |
|
|
Good
You can ping but firefox freeze? I think that's MTU problem. You should supply mtu and mru options to pppd. Something like
Or may be lower. I've heard a lot of about this problem but never experienced it by myself. May be you'll manage to debug problem with `ping www.gentoo.org -s 1500`. May be that does not work, then you should lower `-s value` while it works and supply that ( value - 60 ) to mtu... I'm not sure about minus 60, but IIRC it's the size of ppp header and it should be subtracted.
HTH. |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sun Sep 03, 2006 1:05 pm Post subject: |
|
|
YAYAYAYYA, it works!!!!!
THANK YOU A LOT!!!!
mtu & mru solved the problem now. mtu & mru were set at 1000 in /etc/ppp/options.VPNNAME, as written on gentoo-wiki. With value of 1460 it works!
IP Forwarding is done with:
Code: | iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT |
I think I need something much better than this, and the last thing for now, to secure my box with adequate iptables roules (google will help me for this )
Thank you once again!
Best regards,
Daniel |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sun Sep 03, 2006 6:48 pm Post subject: |
|
|
One question more: how to configure /etc/ppp/ip-up file to execute those two lines:
Code: | route add vpn1.centurion.co.yo gw 172.16.0.1
ip route replace default dev 'ppp0' |
?
TIA |
|
Back to top |
|
|
mark_lagace Tux's lil' helper
Joined: 19 Nov 2002 Posts: 77 Location: Ottawa, Canada
|
Posted: Mon Sep 04, 2006 1:10 am Post subject: |
|
|
ip-up is a script file... you should be able to add those two lines to the end of the file and they will run each time ppp connects. Or I suppose a more elegant way to do it would be to create an ip-up.local script (set to executable) that is called from the default ip-up script.
M. |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sun Sep 10, 2006 12:19 pm Post subject: |
|
|
ip-up.local works, thank you.
Time to add [solved] to the topic name
Thank you all once again.
--Daniel |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Fri Aug 10, 2007 5:47 pm Post subject: |
|
|
My ISP switched from VPN to PPPoE. Internet connection works perfectly on Gentoo box, but with my local windows station experience problems with opening pages: ping works, opening google works, playing CS works, but everything else fails... like here: https://forums.gentoo.org/viewtopic-p-3548043.html#3548043 < Waiting for {site}... stuff (just to mention one more time: on host machine (gentoo) everything works, the problem is only at other workstation on my lan)
LAN interfaces are ok, copy/paste files over samba works at >4MB/s
Is this mtu/mru problem one more time? And how to solve it (workstations are under windows....)? Something with iptables or?
(
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
)
/etc/conf.d/net:
Code: | iface_eth0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0"
essid_wlan0="centurion"
config_centurion=( "dhcp" )
dhcp_wlan0="nogateway nosendhost"
config_ppp0=("ppp")
link_ppp0="wlan0"
plugins_ppp0=( "pppoe" )
username_ppp0="manesku"
password_ppp0="123456"
pppd_ppp0=(
"noauth"
"defaultroute"
"usepeerdns"
"default-asyncmap"
"ipcp-accept-remote"
"ipcp-accept-local"
"lcp-echo-interval 15"
"lcp-echo-failure 8"
"persist"
"holdoff 2"
"mru 1460"
"mtu 1460"
"lock"
)
|
TIA,
Daniel |
|
Back to top |
|
|
mrness Retired Dev
Joined: 17 Feb 2004 Posts: 375 Location: bucharest.ro
|
Posted: Sat Aug 11, 2007 12:11 pm Post subject: |
|
|
daniel1988 wrote: | Is this mtu/mru problem one more time? And how to solve it (workstations are under windows....)? Something with iptables or? |
Yes and yes.
Search for TCPMSS in this forum. |
|
Back to top |
|
|
daniel1988 Tux's lil' helper
Joined: 24 Aug 2005 Posts: 88 Location: Serbia
|
Posted: Sun Aug 12, 2007 3:59 pm Post subject: |
|
|
TY for the tip.
Code: | iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | done it all.
Multumesc mult. Salutari din Serbia
[SOLVED] (2nd time) |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|