[Firewall] Squeeze dist-upgrade Wheezy broke internet access.

Randy thejunk.b at gmail.com
Sun Apr 20 19:34:40 CEST 2014


Thanks Tom,

I only question why it worked with the gateway set in the interfaces file to 
the internal nic before and not now?  Seams to me some thing is not 
working the way it should.  It seams to me that when an ip outside the 
local range is requested that this external host should nat the ip and 
forward it to the external interface.  That does not appear to be 
happening.

Mind that I am running a local cache-nameserver on that host for local 
name resolution.  if the gateway is set to eth0 ( the external interface) 
wont my isp's name servers be trying to resolve a local name they know 
nothing about?

So it seems to my way of thinking that the gateway should be on eth1 (the 
internal interface).

I have another help thread going at 
http://forums.debian.net/viewtopic.php?f=5&t=113382&p=538202#p5382
02

So far I have not gotten much in the way of things to look at.

I have discovered something else today.  For what ever reason dynamic-
dns is not working for the internal network.  I have to plug in an external 
usb wifi to connect to the host, so I am connected to 2 networks with my 
laptop.  It gave me a different ip than the one I have had on the network 
like forever.  Also all the dynamicly assinged ips are still in the zone files 
and have not been deleted as they should have been by the dhcp server.  
It may only be a symptom of the bigger problem and not a real concern at 
the moment.

On Sunday, April 20, 2014 05:55:54 PM Tomas Larsson wrote:
> Had the same thing, when I did an update last week or so on my CENTOS 
6.5
> 
> For some reason the update changed default GW to my internal instead 
of the
> external.
> 
> Took some time before I realized what was going on.
> 
> 
> 
> With best regards
> 
> Tomas Larsson
> 
>  <mailto:tomas at tlec.se> tomas at tlec.se
> 
> 
> 
> From: Firewall [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf
> Of Randy
> Sent: Sunday, April 20, 2014 5:49 PM
> To: Arno's IPTABLES firewall script
> Subject: Re: [Firewall] Squeeze dist-upgrade Wheezy broke internet 
access.
> 
> 
> 
> /var/log/arno-iptables-firewall has alot of entries that look like
> 
> Apr 20 10:35:26 external kernel: [590256.651326] AIF:PRIV UDP packet:
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:4f:57:ed:07:08:00 
SRC=192.168.0.102
> DST=192.168.0.255 LEN=247 TOS=0x00 PREC=0x00 TTL=64 ID=11425 
DF PROTO=UDP
> SPT=138 DPT=138 LEN=227
> 
> Apr 20 10:35:26 external kernel: [590256.651509] AIF:PRIV UDP packet:
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:4f:57:ed:07:08:00 
SRC=192.168.0.102
> DST=192.168.0.255 LEN=231 TOS=0x00 PREC=0x00 TTL=64 ID=11426 
DF PROTO=UDP
> SPT=138 DPT=138 LEN=211
> 
> Apr 20 10:40:05 external kernel: [590536.427363] AIF:PRIV UDP 
broadcast:
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f8:1e:df:ef:fb:ee:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 
ID=26770 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> 
> Apr 20 10:40:06 external kernel: [590537.041686] AIF:PRIV UDP 
broadcast:
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f8:1e:df:ef:fb:ee:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 
ID=26771 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> 
> I don't have any special network configs.
> 
> Basically the host acts as a router for my internal network.
> 
> eth0 = internet (direct connection to cable modem)
> 
> eth1 = local network /w dhcp, dns-cache, firewall, and nat
> 
> A more detailed discription of the issues and current settings can be 
found
> at
> <http://www.linuxquestions.org/questions/linux-networking-3/squeeze-dist-upg
> rade-wheezy-broke-internet-access-4175501935/>
> http://www.linuxquestions.org/questions/linux-networking-3/squeeze-dist-upgr
> ade-wheezy-broke-internet-access-4175501935/
> 
> One thing I have not posted there is the routing table
> 
> route -n
> 
> Kernel IP routing table
> 
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 
> 0.0.0.0 192.168.7.1 0.0.0.0 UG 0 0 0 eth1
> 
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 
> 192.168.7.0 0.0.0.0 255.255.255.224 U 0 0 0 eth1
> 
> This looks somewhat suspicious to me in that the gateway is on eth1 
which is
> my local network. But that is the way it is listed in
> /etc/network/interfaces and it was working fine bofore the upgrade.
> 
> I have not had very much time to actually spend on the problem untill 
today.
> If you see anything that looks worng please let me know.
> 
> Another issue I see often is that the help one can find online is often 
very
> dated and does not apply because of system changes to Wheezy and 
Jessie.
> 
> Plodding on....
> 
> Thanks
> 
> On Friday, April 18, 2014 11:23:10 AM Arno van Amersfoort wrote:
> > Weird, I'm running Debian as well on several boxes and I've never an
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20140420/a9b7ebdc/attachment-0001.html>


More information about the Firewall mailing list