Opensuse 11.4 gateway setup

bunul5 · May 25, 2011, 2:02pm

I have a fresh opensuse 11.4
everything works fine but when trying to ping Google i have no reply.
Yast updates fine.
The problem is I am on a lan and the only way I can get on the internet is through proxy.I set it in Mozilla proxy(and works) and in yast/network services/proxy but it seems that when trying to ping outside the lan is not working


linux-7xdh:~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.3     0.0.0.0         UG    0      0        0 eth0
linux-7xdh:~ #


linux-7xdh:~ # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:24:8C:CB:0E:02
          inet addr:192.168.0.138  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::224:8cff:fecb:e02/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:197345 errors:0 dropped:6254 overruns:0 frame:0
          TX packets:58723 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:30434116 (29.0 Mb)  TX bytes:18133804 (17.2 Mb)
          Interrupt:41 Base address:0x6000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:426 errors:0 dropped:0 overruns:0 frame:0
          TX packets:426 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:32209 (31.4 Kb)  TX bytes:32209 (31.4 Kb)

linux-7xdh:~ #

ideas?

vodoo · May 25, 2011, 2:18pm

but when trying to ping Google i have no reply

Use traceroute to see how far you get. That’s where ping is blocked.

isemionov · May 25, 2011, 4:58pm

If you have access only to an HTTP proxy then it is normal that you can not ping anything outside. If you want full access then your gateway should do NAT for you and also to provide you with DNS server address (or you can use google’s DNS).

bunul5 · May 26, 2011, 11:36am

Use traceroute to see how far you get. That’s where ping is blocked.

with traceroute i can’t pass proxy, it stops in it
the gateway i say is although dns, and it makes dns but not passes through it…

If you have access only to an HTTP proxy then it is normal that you can not ping anything outside. If you want full access then your gateway should do NAT for you and also to provide you with DNS server address (or you can use google’s DNS).

from windows I can ping google, so it is not blocked from the proxy/gw…
I tried to ping google ip address but it gave the same result

from command line suse doesn’t know to go through that firewall, that is the problem, or it goes through that firewall because he resolves ip addresses but I think he doesn’t know to connect through 8080 port…

pls help

isemionov · May 26, 2011, 2:20pm

the gateway i say is although dns, and it makes dns but not passes through it…

did you set the dns on linux? Put here the result of

cat /etc/resolv.conf

from windows I can ping google, so it is not blocked from the proxy/gw…

put here the result of

ipconfig /all

put here also the ping command and the output of it from terminal for both windows and linux.

bunul5 · May 27, 2011, 6:38am

@isemionov

did you set the dns on linux? Put here the result of
Code:
cat /etc/resolv.conf


### /etc/resolv.conf file autogenerated by netconfig!
#
# Before you change this file manually, consider to define the
# static DNS configuration using the following variables in the
# /etc/sysconfig/network/config file:
#     NETCONFIG_DNS_STATIC_SEARCHLIST
#     NETCONFIG_DNS_STATIC_SERVERS
#     NETCONFIG_DNS_FORWARDER
# or disable DNS configuration updates via netconfig by setting:
#     NETCONFIG_DNS_POLICY=''
#
# See also the netconfig(8) manual page and other documentation.
#
# Note: Manual change of this file disables netconfig too, but
# may get lost when this file contains comments or empty lines
# only, the netconfig settings are same with settings in this
# file and in case of a "netconfig update -f" call.
#
### Please remove (at least) this line when you modify the file!
nameserver 192.168.0.3

seems ok?

put here the result of
Code:

ipconfig /all

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
        Physical Address. . . . . . . . . : 00-1E-8D-37-46-C3
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.233
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.3
        DNS Servers . . . . . . . . . . . : 192.168.0.3

ping from windows:
Pinging Google [74.125.79.99] with 32 byte


Reply from 74.125.79.99: bytes=32 time=147ms TTL=52
Reply from 74.125.79.99: bytes=32 time=146ms TTL=52
Reply from 74.125.79.99: bytes=32 time=146ms TTL=52
Reply from 74.125.79.99: bytes=32 time=144ms TTL=52

from linux


linux-7xdh:~ # ping www.google.ro
PING www.l.google.com (74.125.79.147) 56(84) bytes of data.

and no reply or timeout…

to mention that 0.3 is gw and 0.233 is suse pc…
firewall is turned off

isemionov · May 27, 2011, 9:31am

hmm, very strange, according to presented above windows and linux mashine are configured in the same way and then it should work…
I can propose only to try to disable ipv6 from Yast/Network Devices/Network Settings, uncheck “Enable ipv6” on “Global options” page and the restart the mashine

bunul5 · May 27, 2011, 11:54am

ok.
my mistake, I am blocked from the gw to ping external adresses.

how to modify the gw(suse) to ping external addresses?
on gw is installed squid.
what do I have to modify?open a port in squid(which one) or what to do?

what i am trying to do is to make another gw, that accesses internet trough first gw.
now it doesn’t work because it is restrictionated by the first gw
on this gw i will put squid

isemionov · May 27, 2011, 12:24pm

squid is not designed to allow you to ping external ip address. For this you need NAT.
You just indicated the IP address of your gateway, for example with Yast/Network/Settings/Routing/Default ipv4 Gateway and the DNS server also here in Hostname/DNS tab. Then if this gateway will do NAT for you local IP address then you will be able to access any external IP at any port. Also to browse without proxy.
The squid proxy you can use only for HTTP(s) protocol.

bunul5 · May 27, 2011, 12:32pm

so, how to do nat only for one address?not for all addresses that access gw…

isemionov · May 27, 2011, 12:35pm

this is already a matter of changing your router configuration and it depends of the model. Usually it can be done by filtering MAC address or local ip address.