Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
rooting help needed [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sat Aug 26, 2006 7:07 pm    Post subject: rooting help needed [SOLVED] Reply with quote

VPN is established ok, but I still can't access the internet.
Code:
gentoo daniel1988 # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:05:5D:7B:BF:59 
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:349 errors:0 dropped:0 overruns:0 frame:0
          TX packets:303 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:57053 (55.7 Kb)  TX bytes:39212 (38.2 Kb)
          Interrupt:11 Base address:0xe000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:400 (400.0 b)  TX bytes:400 (400.0 b)

ppp0      Link encap:Point-to-Point Protocol 
          inet addr:195.252.xxx.xxx  P-t-P:192.168.201.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric
          RX packets:83 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:9821 (9.5 Kb)  TX bytes:68 (68.0 b)

wlan0     Link encap:Ethernet  HWaddr 00:40:F4:9E:0D:F3 
          inet addr:172.16.xxx.xxx  Bcast:172.16.xxx.255  Mask:255.255.192.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Met
          RX packets:264 errors:0 dropped:0 overruns:0 frame:0
          TX packets:361 errors:13 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:29841 (29.1 Kb)  TX bytes:28769 (28.0 Kb)
          Interrupt:10 Memory:e081a000-e081a100

Note: eth0 gets static IP adresses, wlan0 gets dinamic IP addresses from dhcp server


Code:
gentoo daniel1988 # route -nv
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 wlan0

As you can see from above, default route is set to wlan0.

Current situation: link (one photo, 1000 words :))

If you need any information more, ask!

Best regards,
Daniel


Last edited by daniel1988 on Sun Aug 12, 2007 4:02 pm; edited 3 times in total
Back to top
View user's profile Send private message
aqu
Apprentice
Apprentice


Joined: 12 Nov 2005
Posts: 249
Location: Kalisz, Poland

PostPosted: Sat Aug 26, 2006 9:30 pm    Post subject: Reply with quote

which computers dont have web access?
server or lan network stations?
_________________
Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939

adopt an unanswered post
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sun Aug 27, 2006 1:59 am    Post subject: Reply with quote

Gentoo box & computers from my lan can't access the internet. Connecting Gentoo box is the problem. I think that this iptables rules should share the connection throught lan after the connection is established:
Code:
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -P INPUT DROP


--Daniel
Back to top
View user's profile Send private message
aqu
Apprentice
Apprentice


Joined: 12 Nov 2005
Posts: 249
Location: Kalisz, Poland

PostPosted: Sun Aug 27, 2006 9:20 am    Post subject: Reply with quote

on iptables rules -o must be interface connected to router. but those packets dont have anything to do with this connection.
are you sure that connection between you and router is vpn? if its do so you should emerge openvpn and configure it ;]
_________________
Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939

adopt an unanswered post
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sun Aug 27, 2006 1:34 pm    Post subject: Reply with quote

I don't have a router, I have rtl8180 based wireless PCI card (named wlan0 in ifconfig). VPN connection between me and ISP is up and running (ppp0 in ifconfig). The only thing that remains to be done is that to change the gateway so all internet traffic goes throught VPN tunnel.

In other topic (here) two members told me to use pptp and in other forum one member told me to use openvpn, so I decided to take pptp.
Back to top
View user's profile Send private message
aqu
Apprentice
Apprentice


Joined: 12 Nov 2005
Posts: 249
Location: Kalisz, Poland

PostPosted: Sun Aug 27, 2006 5:01 pm    Post subject: Reply with quote

default gateaway should be given by dhcp.
try
Code:
# route

when do you try to ping or something did you get
Code:
ping: unknown host

or
Code:
ping: Network not available

?
_________________
Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939

adopt an unanswered post
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sun Aug 27, 2006 5:59 pm    Post subject: Reply with quote

Yes, it's given by DHCP. I can ping ISP's homepage & vpn1.centurion.co.yu. I think that DNS server comes before authentication server because www.google.com gets translated into 66.249.85.104 .
Code:
$ ping www.google.com
PING www.l.google.com (66.249.85.104) 56(84) bytes of data.

--- www.l.google.com ping statistics ---
13 packets transmitted, 0 received, 100% packet loss, time 12009ms

But all packets are lost. This happens (dns name resolvation) even when ppp0 is down.
That's all I can access (with ppp0 down as well ad ppp0 up): ISP's homepage, vpn1.centurion.co.yu and dns server.

---------------------------------------------------------------------------------------

This is written on other forum:
(will continue later)
Edit to continue:
Quote:
#/sbin/ip route add [ip_of_dns_server] via [ip_router] dev eth0 src [ip_of_your_lan_card]
#ip route replace default dev 'ppp0'

In my case, I don't have router and lan card to connect it, first line should be:
#/sbin/ip route add [ip_of_dns_server] dev wlan0 src [ip_of_your_lan_card] <<< the ip of my wlan0 card is dynamic... how to make a script for it later (if this will be proved to be true) :x
second line should be ok...


And I tried:
Code:
ip route add 192.168.200.6 dev wlan0 src 172.16.0.18
ip route replace default dev 'ppp0'

# route -ve
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.201.1   *               255.255.255.255 UH        0 0          0 ppp0
192.168.200.6   *               255.255.255.255 UH        0 0          0 wlan0
192.168.0.0     *               255.255.255.0   U         0 0          0 eth0
172.16.0.0      *               255.255.192.0   U         0 0          0 wlan0
loopback        *               255.0.0.0       U         0 0          0 lo
default         *               0.0.0.0         U         0 0          0 ppp0

routing table changes, but I still can't access the internet & connection breakes after ~30 sec (most probably it can't reach vpn1.centurion.co.yu because default gateway was changed & it can't use the new one)
Code:
......
rcvd [LCP EchoReq id=0x6 magic=0x12fe7047]
sent [LCP EchoRep id=0x6 magic=0xd272f0ec]
sent [LCP EchoReq id=0xa magic=0xd272f0ec]
rcvd [LCP EchoRep id=0xa magic=0x12fe7047]
rcvd [LCP EchoReq id=0x7 magic=0x12fe7047]
sent [LCP EchoRep id=0x7 magic=0xd272f0ec]
sent [LCP EchoReq id=0xb magic=0xd272f0ec]
rcvd [LCP EchoRep id=0xb magic=0x12fe7047]
sent [LCP EchoReq id=0xc magic=0xd272f0ec]
sent [LCP EchoReq id=0xd magic=0xd272f0ec]
sent [LCP EchoReq id=0xe magic=0xd272f0ec]
sent [LCP EchoReq id=0xf magic=0xd272f0ec]
sent [LCP EchoReq id=0x10 magic=0xd272f0ec]
sent [LCP EchoReq id=0x11 magic=0xd272f0ec]
Script pptp vpn1.centurion.co.yu --nolaunchpppd  finished (pid 25670), status = 0x0
Modem hangup
Script /etc/ppp/ip-down started (pid 26090)
Connection terminated.
Connect time 3.1 minutes.


Later, I tried a several more combinations... link, but with no success :(


Last edited by daniel1988 on Sun Aug 27, 2006 7:49 pm; edited 1 time in total
Back to top
View user's profile Send private message
aqu
Apprentice
Apprentice


Joined: 12 Nov 2005
Posts: 249
Location: Kalisz, Poland

PostPosted: Sun Aug 27, 2006 7:32 pm    Post subject: Reply with quote

maybe try
Code:
ping -I ppp0 google.com

_________________
Security is like Ogres and Onions, they have layers.
Linux - Registered user #415939

adopt an unanswered post
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Mon Aug 28, 2006 5:10 pm    Post subject: Reply with quote

Code:
$ ping -I ppp0 www.google.com
PING www.l.google.com (66.249.85.104) from 172.16.0.18 ppp0: 56(84) bytes of data.

--- www.l.google.com ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10000ms

& take a look two posts up, the post was edited.

--Daniel
Back to top
View user's profile Send private message
ova
Retired Dev
Retired Dev


Joined: 06 Nov 2003
Posts: 120
Location: Russia, Moscow

PostPosted: Mon Aug 28, 2006 7:04 pm    Post subject: Reply with quote

Daniel.

Before trying to setup routes try to ping the other side of your VPN connection.

Quote:
ppp0 Link encap:Point-to-Point Protocol
inet addr:195.252.xxx.xxx P-t-P:192.168.201.1 Mask:255.255.255.255


In your case:
Code:
ping 192.168.201.1


If you can than you should check that your VPN server is in the subnet which is accessible without default route. Just do `host vpn1.centurion.co.yo` to determine IP address of vpn1.centurion.co.yo and look at your `route -n`. If IP address is not among explicit routes then your guess

Quote:
connection breakes after ~30 sec (most probably it can't reach vpn1.centurion.co.yu because default gateway was changed & it can't use the new one)


may be right. Then you should add route to that server. Use default route you received from dhcp as a next hope router for this route:

Code:

route add vpn1.centurion.co.yo gw 172.16.0.1


and only now you should

Code:
ip route replace default dev 'ppp0'


If nothing works try from the very begining and drop you local LAN from consideration while you do not have internet access from your gentoo box.
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Wed Aug 30, 2006 12:13 am    Post subject: Reply with quote

Code:
# ping 192.168.201.1
PING 192.168.201.1 (192.168.201.1) 56(84) bytes of data.
64 bytes from 192.168.201.1: icmp_seq=1 ttl=64 time=38.9 ms
64 bytes from 192.168.201.1: icmp_seq=2 ttl=64 time=19.0 ms
64 bytes from 192.168.201.1: icmp_seq=3 ttl=64 time=56.0 ms
64 bytes from 192.168.201.1: icmp_seq=4 ttl=64 time=5.57 ms
64 bytes from 192.168.201.1: icmp_seq=5 ttl=64 time=7.62 ms
64 bytes from 192.168.201.1: icmp_seq=6 ttl=64 time=87.3 ms
64 bytes from 192.168.201.1: icmp_seq=7 ttl=64 time=105 ms
64 bytes from 192.168.201.1: icmp_seq=8 ttl=64 time=38.5 ms
64 bytes from 192.168.201.1: icmp_seq=9 ttl=64 time=5.08 ms
64 bytes from 192.168.201.1: icmp_seq=10 ttl=64 time=121 ms
64 bytes from 192.168.201.1: icmp_seq=11 ttl=64 time=13.3 ms

--- 192.168.201.1 ping statistics ---
11 packets transmitted, 11 received, 0% packet loss, time 10002ms
rtt min/avg/max/mdev = 5.085/45.343/121.800/40.199 ms

Code:
# host vpn1.centurion.co.yu
bash: host: command not found

The IP of vpn1.centurion.co.yu could be found while pinging it.
Code:
$ ping vpn1.centurion.co.yu
PING ns1.centurion.co.yu (192.168.200.6) 56(84) bytes of data.
64 bytes from ns1.centurion.co.yu (192.168.200.6): icmp_seq=1 ttl=62 time=8.19 ms
64 bytes from ns1.centurion.co.yu (192.168.200.6): icmp_seq=2 ttl=62 time=129 ms

--- ns1.centurion.co.yu ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 8.193/68.971/129.749/60.778 ms


Code:
# route add vpn1.centurion.co.yu gw 172.16.0.1
# ip route replace default dev 'ppp0'
# route -nv
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

Code:
$ ping www.google.com
PING www.l.google.com (72.14.221.99) 56(84) bytes of data.
64 bytes from 72.14.221.99: icmp_seq=1 ttl=238 time=61.0 ms
64 bytes from 72.14.221.99: icmp_seq=2 ttl=238 time=59.4 ms
64 bytes from 72.14.221.99: icmp_seq=3 ttl=238 time=78.3 ms
64 bytes from 72.14.221.99: icmp_seq=4 ttl=238 time=94.7 ms
64 bytes from 72.14.221.99: icmp_seq=5 ttl=238 time=319 ms
64 bytes from 72.14.221.99: icmp_seq=6 ttl=238 time=53.1 ms
64 bytes from 72.14.221.99: icmp_seq=7 ttl=238 time=62.3 ms
64 bytes from 72.14.221.99: icmp_seq=8 ttl=238 time=38.5 ms
64 bytes from 72.14.221.99: icmp_seq=9 ttl=238 time=54.9 ms
64 bytes from 72.14.221.99: icmp_seq=10 ttl=238 time=39.8 ms
64 bytes from 72.14.221.99: icmp_seq=11 ttl=238 time=54.2 ms
64 bytes from 72.14.221.99: icmp_seq=12 ttl=238 time=31.7 ms
64 bytes from 72.14.221.99: icmp_seq=13 ttl=238 time=38.0 ms
64 bytes from 72.14.221.99: icmp_seq=14 ttl=238 time=43.8 ms

--- www.l.google.com ping statistics ---
14 packets transmitted, 14 received, 0% packet loss, time 13005ms
rtt min/avg/max/mdev = 31.718/73.531/319.178/70.038 ms


Ping works!

But there is almost no traffic throught ppp0. Afet 5 mins:
ppp0 RX bytes:529956 (517.5 Kb) TX bytes:182401 (178.1 Kb)

Don't know why, only google works, I can search anything I wish on google. But when I want to open any other page Opera stucks at "Sending request to www.benchmark.co.yu" (as example), Firefox stucks at "Waiting for www.benchmark.co.yu"... tried about 10 most frequently accessed sites and noone worked (except google). Jabber couldn't connect too.

Any idea how to solve this?

Thank you for help!

Best regards,
Daniel
Back to top
View user's profile Send private message
ova
Retired Dev
Retired Dev


Joined: 06 Nov 2003
Posts: 120
Location: Russia, Moscow

PostPosted: Wed Aug 30, 2006 7:35 am    Post subject: Reply with quote

Well. Looking at you vpn server IP address you definilty need to add it to your routing table.

Things you can try:
1. Disable completely firewall. You do not need it now. Output of
Code:

for table in nat filter mangle
do
  iptables -t $table -L -n
done

should be policy ACCEPT and no rules everywhere.
2. try to run `ip route replace default via IP_ADDRESS_OF_PPP_PEER dev 'ppp0'` or `ip route replace default via IP_ADDRESS_OF_PPP_PEER`. You can find IP_ADDRESS_OF_PPP_PEER in ifconfig output.
3. Try to ping www.gentoo.org and www.google.com and look with tcpdump -ni wlan0 and tcpdump -ni ppp0 where traffic actually is?
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Fri Sep 01, 2006 6:20 pm    Post subject: Reply with quote

1.
Code:
$su
# /etc/init.d/iptables stop
# /etc/init.d/net.ppp0 start
# route add vpn1.centurion.co.yu gw 172.16.0.1
# ip route replace default dev 'ppp0'

# cd /usr/bin
# nano -w temp_exe_fw
# chmod +r temp_exe_fw
# chmod +x temp_exe_fw

# ./temp_exe_fw
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination     


# cat temp_exe_fw
Code:
# /bin/bash
for table in nat filter mangle
do
        iptables -t $table -L -n
done


2.
Code:
# ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol 
          inet addr:195.252.74.99  P-t-P:192.168.201.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1
          RX packets:2145 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2164 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:500328 (488.6 Kb)  TX bytes:243519 (237.8 Kb)

IP_ADDRESS_OF_PPP_PEER is here 192.168.201.1, right? The other one (195.252.74.99) changes every time the ppp0 is established. And what about mask? Maybe there resides the problem...

And tried:
Code:
gentoo daniel1988 # ip route replace default via 192.168.201.1
gentoo daniel1988 # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.201.1   0.0.0.0         UG    0      0        0 ppp0

ping works

Code:
gentoo daniel1988 # ip route replace default via 192.168.201.1 dev 'ppp0'
gentoo daniel1988 # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.201.1   0.0.0.0         UG    0      0        0 ppp0

the same situation: ping works, but no major traffic (firefox still displays: waiting for [host])

Code:
gentoo daniel1988 # ip route replace default via 195.252.74.99
gentoo daniel1988 # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         195.252.74.99   0.0.0.0         UG    0      0        0 ppp0

same as above, ping works, no traffic

Code:
gentoo daniel1988 # ip route replace default via 192.168.200.6
RTNETLINK answers: Network is unreachable

192.168.200.6 is the IP of DNS server & the IP of vpn1.centurion.co.yu
despite of that it is unreachable, I can ping it :?


3. wlan0 has tons of traffics: here are some of the last lines of
Code:
# tcpdump -ni wlan0
03:43:36.354953 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, seq 960226, length 1053: IP 70.53.194.87.60064 > 195.252.74.89.37276: P 154557:155545(988) ack 74992 win 4191 <nop,nop,timestamp 509217327[|tcp]>
03:43:36.356418 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, seq 960227, length 69: IP 84.137.28.110.61745 > 195.252.74.89.37276: P 4:8(4) ack 5 win 2715 <nop,nop,timestamp 509217857[|tcp]>
03:43:36.396605 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403498, ack 416034, length 72: IP 201.123.89.135.11113 > 195.252.74.109.20044: UDP, length 27
03:43:36.423963 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, ack 909659, no-payload, length 12
03:43:36.426463 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403499, length 1413: IP 83.156.105.7.2520 > 195.252.74.109.37841: . 157010:158358(1348) ack 91854 win 6392 <nop,nop,timestamp 509209458[|tcp]>
03:43:36.430549 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403499, length 1413: IP 83.156.105.7.2520 > 195.252.74.109.37841: . 157010:158358(1348) ack 91854 win 6392 <nop,nop,timestamp 509209458[|tcp]>

12626 packets captured
25254 packets received by filter
0 packets dropped by kernel


Bigger part of the output of # tcpdump -ni wlan0 >> file is here (the whole file is bigger than 400KB).
And the same thing for ppp0, here < this one is much shorter

3:2.
And tcpdump while pinging and "accessing" pages via firefox
Code:
$ ping www.gentoo.org
PING www.gentoo.org (38.99.64.201) 56(84) bytes of data.
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=1 ttl=31 time=247 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=2 ttl=31 time=247 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=3 ttl=31 time=268 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=4 ttl=31 time=220 ms
64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=5 ttl=31 time=281 ms

--- www.gentoo.org ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3997ms
rtt min/avg/max/mdev = 220.729/253.079/281.233/20.647 ms

# tcpdump -ni ppp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
03:45:49.369252 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 1, length 64
03:45:49.616738 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 1, length 64
03:45:50.368259 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 2, length 64
03:45:50.615751 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 2, length 64
03:45:51.367264 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 3, length 64
03:45:51.635463 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 3, length 64
03:45:52.367066 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 4, length 64
03:45:52.587699 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 4, length 64
03:45:53.367126 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 5, length 64


and while trying to open www.gentoo.org in firefox
Code:
# tcpdump -ni ppp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
04:16:56.951563 IP 195.252.74.99.48797 > 66.219.59.46.80: F 59344874:59344874(0) ack 1435234269 win 960 <nop,nop,timestamp 844758 514739596>
04:16:57.036462 IP 195.252.74.99.37184 > 66.219.59.46.80: S 152606809:152606809(0) win 3840 <mss 960,sackOK,timestamp 844781 0,nop,wscale 2>
04:16:57.217416 IP 66.219.59.46.80 > 195.252.74.99.48797: . ack 1 win 6432 <nop,nop,timestamp 514746828 844758>
04:16:57.227345 IP 66.219.59.46.80 > 195.252.74.99.37184: S 1525357612:1525357612(0) ack 152606810 win 5792 <mss 1460,sackOK,timestamp 514746834 844781,nop,wscale 0>
04:16:57.227436 IP 195.252.74.99.37184 > 66.219.59.46.80: . ack 1 win 960 <nop,nop,timestamp 844828 514746834>
04:16:57.227929 IP 195.252.74.99.37184 > 66.219.59.46.80: P 1:399(398) ack 1 win 960 <nop,nop,timestamp 844829 514746834>
04:16:57.397996 IP 66.219.59.46.80 > 195.252.74.99.37184: . ack 399 win 6432 <nop,nop,timestamp 514746851 844829>

7 packets captured
14 packets received by filter
0 packets dropped by kernel




This is the trickiest thing I've ever done in Gentoo until now.


--Daniel
Back to top
View user's profile Send private message
ova
Retired Dev
Retired Dev


Joined: 06 Nov 2003
Posts: 120
Location: Russia, Moscow

PostPosted: Fri Sep 01, 2006 6:41 pm    Post subject: Reply with quote

Good :)

You can ping but firefox freeze? I think that's MTU problem. You should supply mtu and mru options to pppd. Something like
Code:

mtu 1440
mru 1440

Or may be lower. I've heard a lot of about this problem but never experienced it by myself. May be you'll manage to debug problem with `ping www.gentoo.org -s 1500`. May be that does not work, then you should lower `-s value` while it works and supply that ( value - 60 ) to mtu... I'm not sure about minus 60, but IIRC it's the size of ppp header and it should be subtracted.

HTH.
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sun Sep 03, 2006 1:05 pm    Post subject: Reply with quote

YAYAYAYYA, it works!!!!!

THANK YOU A LOT!!!!

mtu & mru solved the problem now. mtu & mru were set at 1000 in /etc/ppp/options.VPNNAME, as written on gentoo-wiki. With value of 1460 it works!

IP Forwarding is done with:
Code:
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

I think I need something much better than this, and the last thing for now, to secure my box with adequate iptables roules (google will help me for this :))

Thank you once again!

Best regards,
Daniel 8)
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sun Sep 03, 2006 6:48 pm    Post subject: Reply with quote

One question more: how to configure /etc/ppp/ip-up file to execute those two lines:
Code:
route add vpn1.centurion.co.yo gw 172.16.0.1
ip route replace default dev 'ppp0'

?

TIA
Back to top
View user's profile Send private message
mark_lagace
Tux's lil' helper
Tux's lil' helper


Joined: 19 Nov 2002
Posts: 77
Location: Ottawa, Canada

PostPosted: Mon Sep 04, 2006 1:10 am    Post subject: Reply with quote

ip-up is a script file... you should be able to add those two lines to the end of the file and they will run each time ppp connects. Or I suppose a more elegant way to do it would be to create an ip-up.local script (set to executable) that is called from the default ip-up script.

M.
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sun Sep 10, 2006 12:19 pm    Post subject: Reply with quote

ip-up.local works, thank you.

Time to add [solved] to the topic name


Thank you all once again.


--Daniel
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Fri Aug 10, 2007 5:47 pm    Post subject: Reply with quote

My ISP switched from VPN to PPPoE. Internet connection works perfectly on Gentoo box, but with my local windows station experience problems with opening pages: ping works, opening google works, playing CS works, but everything else fails... like here: https://forums.gentoo.org/viewtopic-p-3548043.html#3548043 < Waiting for {site}... stuff (just to mention one more time: on host machine (gentoo) everything works, the problem is only at other workstation on my lan)
LAN interfaces are ok, copy/paste files over samba works at >4MB/s

Is this mtu/mru problem one more time? And how to solve it (workstations are under windows....)? Something with iptables or?
(
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
)


/etc/conf.d/net:
Code:
iface_eth0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0"
essid_wlan0="centurion"
config_centurion=( "dhcp" )
dhcp_wlan0="nogateway nosendhost"
config_ppp0=("ppp")
link_ppp0="wlan0"
plugins_ppp0=( "pppoe" )

username_ppp0="manesku"
password_ppp0="123456"

pppd_ppp0=(
        "noauth"
        "defaultroute"
        "usepeerdns"
        "default-asyncmap"
        "ipcp-accept-remote"
        "ipcp-accept-local"
        "lcp-echo-interval 15"
        "lcp-echo-failure 8"
        "persist"
        "holdoff 2"
        "mru 1460"
        "mtu 1460"
        "lock"
)

TIA,
Daniel
Back to top
View user's profile Send private message
mrness
Retired Dev
Retired Dev


Joined: 17 Feb 2004
Posts: 375
Location: bucharest.ro

PostPosted: Sat Aug 11, 2007 12:11 pm    Post subject: Reply with quote

daniel1988 wrote:
Is this mtu/mru problem one more time? And how to solve it (workstations are under windows....)? Something with iptables or?

Yes and yes.
Search for TCPMSS in this forum.
Back to top
View user's profile Send private message
daniel1988
Tux's lil' helper
Tux's lil' helper


Joined: 24 Aug 2005
Posts: 88
Location: Serbia

PostPosted: Sun Aug 12, 2007 3:59 pm    Post subject: Reply with quote

TY for the tip.
Code:
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
done it all.


Multumesc mult. Salutari din Serbia :)

[SOLVED] (2nd time)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum