[vox-tech] Re: trouble-shooting internet connection

Robin Snyder vox-tech@lists.lugod.org
Sun, 26 Jan 2003 21:22:00 -0800 (PST) 

Orig. post snippet:

> > My setup: I'm on a fixed IP address, using a DSL line.  I have two
> > ethernet cards.

A hint as to the problem:

> >   Ahh yes... a kernel recompile could very easily be causing problems.
> > I forgot that was done.

Output of ifconfig:

> > ifconfig
> >
> > eth0      Link encap:Ethernet  HWaddr 00:10:4B:96:E8:A8
> >           inet addr:168.150.243.52  Bcast:168.150.243.255  Mask:255.255.255.0
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:2089 errors:0 dropped:0 overruns:0 carrier:2089
> >           collisions:0 txqueuelen:100
> >           RX bytes:0 (0.0 b)  TX bytes:204356 (199.5 KiB)
> >           Interrupt:9 Base address:0xdc00

Another diagnostic suggestion:

> >   Can you also run "ifconfig eth0" _after_ running the mtr from above...
> > I would expect to see RX bytes increment... if you don't see the count
> > go up, then can you run "lsmod" and display the output.  I think there
> > are two available drivers for your ethernet card... both were compiled
> > as modules so we can switch to the other one very easily.  we may
> > want to try that if the iptables command above doesn't show anything
> > exciting.

Output of ifconfig after successfully reaching another machine with mtr:

> > The RX bytes did increment (from 0 to 123) after running mtr again.  And
> > you're right about my having some sort of valid connection.  I can ping
> > 169.237.104.199 (ucdavis.edu) but not 169.237.66.192 (my machine at UCD).

The most recent suggestion:

> This symptom makes me think of munged routing tables... in particular,
> when the netmask is wrong, some hosts will become unroutable.
>
> I don't recall seeing your routing table here... "route -n".

I'll post again:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
168.150.243.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         168.150.243.1   0.0.0.0         UG    0      0        0 eth0


> Firewall rules can also cause these problems, but the state of your
> firewall is not clear... is an iptables-based package like shorewall (my
> favorite) active? ("iptables -L -n")  You mentioned that ipchains failed,
> so it would seem unlikely that your previous firewall configuration is
> still functioning, so blockages resulting from firewall rules seem
> unlikely unless some iptables package is installing them.

Looking at the text of the firewall script, all of the work is done by
ipchains with various arguments; I see no mention of shorewall.
iptables -L -n leaves target, prot (protocol?), opt, source, and
destination blank for all three lines (INPUT, FORWARD, and OUTPUT).

			- robin.