Hello to all
Iam new in alpine . i run pppoe on my alpine to create gateway .I config
all thing but i dont know what is wrong becuase when i ping to 4.2.2.4 the
result is true but I cant download any things or open any http address in
my client ( my clients can ping to 4.2.2.4 but cant ping www.google.com or
open any web address)
*Please Help me*
thx
The configuration of my alpine (my host name is atom)
atom:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-------------------------------------------------------------------------------------------
atom:~# pppoe-connect
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
PAP authentication succeeded
Cannot determine ethernet address for proxy ARP
local IP address 188.159.41.109
remote IP address 89.165.100.200
^C
-------------------------------------------------------------------------------------------
atom:~# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0
ppp0
89.165.100.200 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
atom:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
default * 0.0.0.0 U 0 0 0 ppp0
89.165.100.200 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
-------------------------------------------------------------------------------------------
atom:~# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.proxy_arp = 1
kernel.panic = 120
-------------------------------------------------------------------------------------------
atom:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
netmask 255.255.255.0
broadcast 192.168.0.255
address 192.168.0.120
network 192.168.0.0
-------------------------------------------------------------------------------------------
atom:~# ifconfig
eth0 Link encap:Ethernet HWaddr E0:69:95:90:85:39
inet addr:192.168.0.120 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::e269:95ff:fe90:8539/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2418 errors:0 dropped:0 overruns:0 frame:0
TX packets:1767 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:214109 (209.0 KiB) TX bytes:416622 (406.8 KiB)
Interrupt:44 Base address:0xe000
eth1 Link encap:Ethernet HWaddr 14:D6:4D:A7:A2:5D
inet6 addr: fe80::16d6:4dff:fea7:a25d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:255 errors:0 dropped:0 overruns:0 frame:0
TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22771 (22.2 KiB) TX bytes:8272 (8.0 KiB)
Interrupt:20 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:126 errors:0 dropped:0 overruns:0 frame:0
TX packets:126 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9462 (9.2 KiB) TX bytes:9462 (9.2 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:188.159.41.109 P-t-P:89.165.100.200
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2130 (2.0 KiB) TX bytes:3988 (3.8 KiB)
-------------------------------------------------------------------------------------------
atom:~# cat /etc/ppp/firewall-masq
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F #ignore if you get an error here
/sbin/iptables -X #deletes every non-builtin chain in the table
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#/sbin/iptables -A INPUT -m state --state NEW -i ppp0 -j ACCEPT
# only if both of the above rules succeed, use
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
-------------------------------------------------------------------------------------------
On Fri, 23 Dec 2011 20:23:01 +0330
Mohsen Ahmadian <mohsen.etc@gmail.com> wrote:
> Hello to all
> Iam new in alpine . i run pppoe on my alpine to create gateway .I
> config all thing but i dont know what is wrong becuase when i ping to
> 4.2.2.4 the result is true
This means that the ip networking and routing works.
> but I cant download any things or open any
> http address in my client ( my clients can ping to 4.2.2.4 but cant
> ping www.google.com or open any web address)
This sounds like DNS resolving does not work.
Can you ping www.google.com from the alpine linux gateway box?
What is the contents of /etc/resolv.conf?
You might check is "usepeerdns" is set for pppd (in
either /etc/ppp/options or /etc/ppp/peers/*)
If your ISP does not provide you with any DNS you could use opendns,
google or run your own resolver (like dnscache or unbound)
> *Please Help me*
You might be interested in dnsmasq to provide dhcp and dns to your
clients.
> thx
>
> The configuration of my alpine (my host name is atom)
>
>
> atom:~# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere
> REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> -------------------------------------------------------------------------------------------
> atom:~# pppoe-connect
> Using interface ppp0
> Connect: ppp0 <--> /dev/pts/1
> PAP authentication succeeded
> Cannot determine ethernet address for proxy ARP
> local IP address 188.159.41.109
> remote IP address 89.165.100.200
> ^C
> -------------------------------------------------------------------------------------------
> atom:~# netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window
> irtt Iface
> 0.0.0.0 0.0.0.0 0.0.0.0 U 0
> 0 0 ppp0
> 89.165.100.200 0.0.0.0 255.255.255.255 UH 0
> 0 0 ppp0
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0
> 0 0 eth0
> atom:~# route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> default * 0.0.0.0 U 0 0
> 0 ppp0 89.165.100.200 * 255.255.255.255 UH 0
> 0 0 ppp0 192.168.0.0 * 255.255.255.0 U
> 0 0 0 eth0
> -------------------------------------------------------------------------------------------
> atom:~# sysctl -p net.ipv4.ip_forward = 1
> net.ipv4.tcp_syncookies = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.all.rp_filter = 1
> net.ipv4.conf.all.proxy_arp = 1
> kernel.panic = 120
> -------------------------------------------------------------------------------------------
> atom:~# cat /etc/network/interfaces
> auto lo
> iface lo inet loopback
>
> auto eth0
> iface eth0 inet static
> netmask 255.255.255.0
> broadcast 192.168.0.255
> address 192.168.0.120
> network 192.168.0.0
> -------------------------------------------------------------------------------------------
> atom:~# ifconfig
> eth0 Link encap:Ethernet HWaddr E0:69:95:90:85:39
> inet addr:192.168.0.120 Bcast:192.168.0.255
> Mask:255.255.255.0 inet6 addr: fe80::e269:95ff:fe90:8539/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:2418 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1767 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:214109 (209.0 KiB) TX bytes:416622 (406.8 KiB)
> Interrupt:44 Base address:0xe000
>
> eth1 Link encap:Ethernet HWaddr 14:D6:4D:A7:A2:5D
> inet6 addr: fe80::16d6:4dff:fea7:a25d/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:255 errors:0 dropped:0 overruns:0 frame:0
> TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:22771 (22.2 KiB) TX bytes:8272 (8.0 KiB)
> Interrupt:20 Base address:0x1000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:126 errors:0 dropped:0 overruns:0 frame:0
> TX packets:126 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:9462 (9.2 KiB) TX bytes:9462 (9.2 KiB)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:188.159.41.109 P-t-P:89.165.100.200
> Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
> RX packets:27 errors:0 dropped:0 overruns:0 frame:0
> TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:2130 (2.0 KiB) TX bytes:3988 (3.8 KiB)
>
> -------------------------------------------------------------------------------------------
> atom:~# cat /etc/ppp/firewall-masq
> /sbin/iptables -F
> /sbin/iptables -t nat -F
> /sbin/iptables -t mangle -F #ignore if you get an error here
> /sbin/iptables -X #deletes every non-builtin chain in the table
>
> /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> #/sbin/iptables -A INPUT -m state --state NEW -i ppp0 -j ACCEPT
> # only if both of the above rules succeed, use
> /sbin/iptables -P INPUT ACCEPT
>
> /sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
>
> /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> /sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
> -------------------------------------------------------------------------------------------
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---