Re: IPV6 stuck on, F11
by Jim
On 07/21/2009 12:29 PM, Bruno Wolff III wrote:
> On Tue, Jul 21, 2009 at 10:28:46 +0200,
> Bill Murray<william.john.murray(a)gmail.com> wrote:
>
>> Ideas anyone please?
>>
> Are you using x86_64 with just the i586 version of nss-mdns installed?
> If so install the x64_64 version and that will likely fix your problem.
>
>
I had the IPV6 on installs for FC10, FC11 and here is what I did to
fix the problem.
1. Q: Networking (or DNS) seems really slow and fails often (Updated 2
January 2009)
A: If Fedora 10's networking seems slow or you get frequent network
connection failures (when other Fedoras or other OSes were working just
fine on your machine), then you're probably hitting this bug.
Here's how you can work around it:
1. Open a Terminal.
2. Become root:
su -
3. Make sure that the "dnsmasq" program is installed (it usually is,
by default, in Fedora 10):
rpm -q dnsmasq
If that says "package dnsmasq is not installed", then you need to
install dnsmasq, by running the following command:
yum install dnsmasq
4. Now, you have to find out which network interface your machine is
using:
route -n
You'll see some output that looks like this:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 0.0.0.0 192.168.1.1
0.0.0.0 UG 0 0 0 eth0
The eth0 there (the furthest bottom-right text in the output) is
the name of the network interface I'm using. Yours might be eth1 or
something totally different. Just remember it for the next step.
5. Now create a file called /etc/dhclient-<your network
interface>.conf. For example, if your network interface is eth0, the
file would be called /etc/dhclient-eth0.conf.
You can create the file with this command (assuming your network
interface is eth0):
nano /etc/dhclient-eth0.conf
Then make this the only line in the file:
prepend domain-name-servers 127.0.0.1;
And then save the file and close it (Ctrl-X then Y).
If you have both a wireless and a wired network connection, you
will have to do this step once for each of them.
6. Now start dnsmasq:
service dnsmasq start
And make sure that it will start every time your computer starts:
chkconfig dnsmasq on
7. Now restart your network connection:
service NetworkManager restart
And now things should be as fast as normal again. You might have to
restart the programs that you're running for them to pick up the changes
that NetworkManager made when it restarted.
2. * IPv6
You might notice that your browsing through Firefox is a little slow on
Fedora 10. This is because Firefox 3 has enabled by default IPv6 which
causes Firefox to first resolve an IPv6 address and after the connection
fails it switches to IPv4. To change this setting type:
about:config
and in Filter box type:
network.dns.disableIPv6
Right click on it, select Toggle and change its value to true. Restart
Firefox and you are ready!
14 years, 10 months
Re: F11 libvirt / KVM (or virt-manager) iptables firewall setup
by Ian Pilcher
Patrick Mansfield wrote:
> How do I modify the libvirt iptables/firewall setup?
My personal preference is to simply delete any symlinks under
/etc/libvirt/qemu/networks/autostart. You will have to set up all of
your virtual networks (/etc/sysconfig/network-scripts/ifcfg-... files),
firewall rules, and dnsmasq configuration manually.
--
========================================================================
Ian Pilcher arequipeno(a)gmail.com
========================================================================
14 years, 11 months
Re: OT - Success! - The new Palm Pre, Google Calendar and Kontact
by Christopher A Williams
On Wed, 2009-06-17 at 13:15 -0430, Patrick O'Callaghan wrote:
> >> But on this point I must agree: The Pre absolutely does
> >> rock!!! Based on
> >> having used mine for just a few days now, I can confidently
> >> say that
> >> Apple and the iPhone have some serious, formidable competition
> >> on their
> >> hands - including the new iPhone 3Gs.
> >>
> >> Not while it's only available for CDMA networks.
> >
> > That's a matter of opinion and taste as opposed to fact.
> >
> > http://www.hardwaresecrets.com/article/151
>
> Well, no. The pros and cons of GSM vs CDMA as *technologies* are largely
> irrelevant in this discussion. The fact is that that most of the world
> uses GSM and only a GSM phone is of interest to it. The same applies to
> those Americans who want to use their phone while travelling abroad. The
> Palm Pre will become competitive in these markets only when a GSM
> version is released. I hope it's soon as the phone itself looks gorgeous.
Umm... If you actually read the article, you would know that it
specifically states the technology is not the issue, but market is, and
that even here the "war" is likely to continue ad-infinitum.
If I were living outside the USA, I might tend to think the way you are
too. But actually, I *am* one of those Americans who uses their phone
while traveling abroad. I'm based in the USA and travel internationally
(mostly Western Europe right now) on a regular basis, and I have a
different perspective than you might realize. I will use GSM when I have
no other alternative - which actually is surprisingly less than I
thought.
Also, international roaming rates being what they are, I can vouch for
that most people's preference is to try to use a locally based mobile
phone, so the network compatibility issue is even smaller - regardless
of preference. I've personally paid some of those international roaming
charges. It's not a pretty sight...
CDMA is also growing in several places outside of the USA, and we're not
planning to replace that infrastructure in the USA anytime soon. The GSM
tide here seems to be shrinking more than growing.
But all of that said, I would be shocked if we don't see a GSM version
of the Pre by early next year when AT&T and Verizon are supposed to pick
it up.
Other Topic:
> "Most of the pundits" live in a huge echo chamber so they reinforce each
> other a lot (e.g. they think Linux is only for geeks). The article I'm
> talking about is
> http://arstechnica.com/gadgets/news/2009/06/ars-reviews-the-palm-pre-part...
Well, I would say that depends on which pundits you are talking about.
Since I am entering the world of "Punditry" myself for my employer
(hosting an Information Week webinar next month - online interview and
white paper on virtualization this month), I sincerely hope not to just
be echoing everyone else.
...At least, I don't think Linux is just for geeks. I've got both my
parents and several non-geek friends using F10 and F11 right now. :)
The article is an interesting read though. I like the comments best.
Especially the one:
The entire Pre WebOS is pretty much just a set of proprietary
applications running on a pretty standard Linux distro... Alsa,
Pulseaudio, Gstreamer, Upstart, GNU C, Busybox, Apache Harmony,
dnsmasq, DBus, Webkit, etc etc.
Its basically what you get when you take people good at
usability and you give them a Arm-based Linux distro. Pretty
neat stuff, actually.
But I also would agree with the one who wrote:
This review sure did not start off well. The iPhone does a lot
more things extremely well than media. The Palm Pre is very
obviously targeted at consumers not the Blackberry world at all.
I guess its one way to look original and get pageviews though.
Then again, this comment underscores my original point...
--
====================================================
"Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first."
--Charles de Gaulle
14 years, 11 months
Re: Question(s) default firewall in Fedora
by Arthur Pemberton
On Tue, Apr 21, 2009 at 9:17 PM, Antonio Olivares
<olivares14031(a)yahoo.com> wrote:
>
> Dear fellow Fedora users,
>
> According to some users, Fedora has a default firewall that adds basic protection. There is no service "firewall", but some users have pointed out that iptables takes care of this.
>
> [root@localhost ~]# service iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
> 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> num target prot opt source destination
> 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> num target prot opt source destination
>
> [root@localhost ~]#
>
> services running at boot using chkconfig
>
> [root@localhost ~]# chkconfig --list
> NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> akmods 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> anacron 0:off 1:off 2:on 3:off 4:on 5:on 6:off
> atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> bluetooth 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> btseed 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> bttrack 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
> crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> firstboot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> kerneloops 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> lm_sensors 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> mysqld 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> nvidia 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> slmodemd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> smartd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> smolt 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
> winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> wine 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
>
>
> Which traffic if any is allowed to come in to our computers if and when we do get on the internet?
>
> We can use system-config-??? to configure simple iptables to change stuff around and/or get webmin?
>
> I know that by default Fedora provides a good basic firewall, but are there any howto's/readme's as to how to learn more about Firewalls in Fedora.
>
> Thanks,
>
> Antonio
You will want system-config-firewall (or system-config-secuirtylevel
that used to be the name). I'm not sure how much i can tell you until
you at least try that out.
--
Fedora 9 : sulphur is good for the skin
( www.pembo13.com )
15 years
Question(s) default firewall in Fedora
by Antonio Olivares
Dear fellow Fedora users,
According to some users, Fedora has a default firewall that adds basic protection. There is no service "firewall", but some users have pointed out that iptables takes care of this.
[root@localhost ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@localhost ~]#
services running at boot using chkconfig
[root@localhost ~]# chkconfig --list
NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
akmods 0:off 1:off 2:on 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:off 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
bluetooth 0:off 1:off 2:off 3:on 4:on 5:on 6:off
btseed 0:off 1:off 2:off 3:off 4:off 5:off 6:off
bttrack 0:off 1:off 2:off 3:off 4:off 5:off 6:off
capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
firstboot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kerneloops 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lm_sensors 0:off 1:off 2:off 3:off 4:off 5:off 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
mysqld 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nvidia 0:off 1:off 2:on 3:on 4:on 5:on 6:off
pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
slmodemd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
smolt 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
wine 0:off 1:off 2:on 3:on 4:on 5:on 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Which traffic if any is allowed to come in to our computers if and when we do get on the internet?
We can use system-config-??? to configure simple iptables to change stuff around and/or get webmin?
I know that by default Fedora provides a good basic firewall, but are there any howto's/readme's as to how to learn more about Firewalls in Fedora.
Thanks,
Antonio
15 years
Re: dnsmasq configuration
by Simon Slater
On Fri, 2009-04-03 at 02:10 +1030, Tim wrote:
> On Thu, 2009-04-02 at 17:37 +1100, Simon Slater wrote:
> > netstat -antuevp
> >
> > Now this shows that dnsmasq is using 192.168.122.1:53 with tcp and
> > udp.
> > This is the link local address on a port for dns. Also udp on
> > 0.0.0.0:67 which is one of the dhcp ports but for all networks?
>
> 0.0.0.0 means different things in different circumstances. In this
> case, yes, it means it's listening to port 67 on any and all interfaces
> that computer has alive.
>
> > Does dnsmasq need to use 192.168.122.1?
>
> No idea, though I'd be surprised if it did. What do you want it to use?
>
> For what it's worth, I don't use dnsmasq, I use the BIND DNS server, and
> the ISC DHCP server (Fedora has packages for both), and integrate them
> together. I know the processes for DNS and DHCP serving, but not the
> specifics to making dnsmasq do them.
>
> > The first aim is to get dhcp going. Would 0.0.0.0:67 help or get in
> > the way?
>
> In what way do you mean "0.0.0.0:67"?
>
> If you're setting up your modem/router to be just a modem, and let the
> PC do the rest, then you want configure your DHCP server to only service
> your LAN. You don't want it trying to assign addresses out to the ISP.
> You should probably find how to configure it to only bind to the LAN
> interface.
>
Thanks Tim,
I went back to a fresh dnsmasq.conf (must have missed something
amongst all the comments in the example file) with the bare basics, now
with the correct references to interfaces and addresses, and dhcp worked
straight away. Clients are connecting fine, printing is working, all
good. I'll check out how well the dns and caching is working over the
weekend.
The initial thought was to use bind and ISC dhcp, but after reviewing
old posts to this list, many advocated dnsmasq for small setups like
this. Although their website says it can scale up to service a thousand
or so boxes. So simplicity for now.
--
Hooroo,
Simon
Registered Linux User #463789. Be counted at: http://counter.li.org/
15 years, 1 month
Re: dnsmasq configuration
by Tim
On Thu, 2009-04-02 at 17:37 +1100, Simon Slater wrote:
> netstat -antuevp
>
> Now this shows that dnsmasq is using 192.168.122.1:53 with tcp and
> udp.
> This is the link local address on a port for dns. Also udp on
> 0.0.0.0:67 which is one of the dhcp ports but for all networks?
0.0.0.0 means different things in different circumstances. In this
case, yes, it means it's listening to port 67 on any and all interfaces
that computer has alive.
> Does dnsmasq need to use 192.168.122.1?
No idea, though I'd be surprised if it did. What do you want it to use?
For what it's worth, I don't use dnsmasq, I use the BIND DNS server, and
the ISC DHCP server (Fedora has packages for both), and integrate them
together. I know the processes for DNS and DHCP serving, but not the
specifics to making dnsmasq do them.
> The first aim is to get dhcp going. Would 0.0.0.0:67 help or get in
> the way?
In what way do you mean "0.0.0.0:67"?
If you're setting up your modem/router to be just a modem, and let the
PC do the rest, then you want configure your DHCP server to only service
your LAN. You don't want it trying to assign addresses out to the ISP.
You should probably find how to configure it to only bind to the LAN
interface.
--
[tim@localhost ~]$ uname -r
2.6.27.19-78.2.30.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
15 years, 1 month
Re: dnsmasq configuration
by Simon Slater
On Thu, 2009-04-02 at 15:51 +1030, Tim wrote:
> On Thu, 2009-04-02 at 09:27 +1100, Simon Slater wrote:
> > After a reboot I got the message:
> >
> > dnsmasq failed to bind DHCP server socket: address already in use.
>
> Which may be that something *else* is using it, or that dnsmasq is
> starting up in a way that causes problems with itself. I've seen that
> sort of thing when there's a network with IPv4 and IPv6 addressing in
> use, and a service starts up. It listens to both, and while starting up
> complains that the port's already in use while trying to listen to the
> second interface (which is really the first, with the IPv6 type of
> addresses, as well as IPv4).
>
> > In the startup sequence as it scrolls on the screen, dnsmasq is near
> > the end, but is running:
> > [root@dell ~]# service dnsmasq status
> > dnsmasq (pid 2613) is running...
> >
> > So is the problem with the configuration or at startup? How
> > do I find what is conflicting for the socket address?
>
> man netstat
>
> e.g. netstat -antuevp
Thanks Tim,
Now this shows that dnsmasq is using 192.168.122.1:53 with tcp and udp.
This is the link local address on a port for dns. Also udp on
0.0.0.0:67 which is one of the dhcp ports but for all networks?
Does dnsmasq need to use 192.168.122.1?
The first aim is to get dhcp going. Would 0.0.0.0:67 help or get in the
way?
--
Regards,
Simon Slater
Registered Linux User #463789. Be counted at: http://counter.li.org/
15 years, 1 month
Re: Another basic networking question.
by Simon Slater
On Thu, 2009-04-02 at 15:48 +1030, Tim wrote:
> On Thu, 2009-04-02 at 11:56 +1100, Simon Slater wrote:
> > When a firewall computer has 2 nics, they should be on separate
> > subnets? Yes?
>
> That depends on how you want to use them. If the computer sits
> *between* two networks, then yes.
>
Ok, go that.
> > When an ISP dynamically assigns an ip address, is it associated with
> > the dsl router, eth0 where it plugs in, or the ppp0 device that does the
> > communicating?
>
> That depends on how you're using the modem/router. If you're using it
> just as a modem, it's the computer network interface that gets assigned
> the internet address, and the computer does the authentication (if any).
> If you're using it as a router, the router's WAN interface deals with
> the ISP.
>
This explains some of the inconsistencies that I've been seeing. So
I'll settle on using it just as a modem and the computer for connecting
until I finish tweaking the rest of the setup.
> > So if eth1 goes to a lan and has its ip address configured in its
> > ifcfg-eth1 and similarly eth0 on the wan side is configured to get its
> > address from dhcp, is it the ISP's dhcp server that it needs to get the
> > address from or the local dhcp server?
>
> The ISP's DHCP server doesn't *get* anything from you, it gives you
> addresses that it wants you to use.
>
> > With respect to the ip address for configuration of the dsl router
> > (defaults to 192.168.1.1 for this Linksys AG300), which subnet should it
> > be on, the lan side or wan?
>
> That's a badly formulated question that's hard to understand.
The fog of my confusion clouded my typing as well as my thinking.
> But,
> 192.168.1.1 is a private address range, it should only be used on LANs.
> However, some cheapskate ISPs, which don't have enough public IPs give
> all their customers private IP addresses, and they do NAT between the
> internet and their customers.
>
I'll try again now I understand a bit more. To configure the Linksys
AG300, which is physically connected to eth0, I point a browser to
192.168.1.1 (by default, but this can be changed) and configure whatever
I need to. When I use the computer to connect to the ISP via the same
eth0 and the ISP assigns me (at the moment) 210.84.25.73. Does this
mean that I cannot configure the router because the ip's are now on
different subnets? Then again, if used just as a modem, no real
configuration is needed?
> > Slightly more advanced: What are the pros and cons of using an ifup
> > ppp0 command from the firewall computer to connect with the ISP versus
> > connecting from within the dsl router itself?
>
> If the computer is directly connected, it has to do all the firewalling,
> and sharing the internet with other computers. If you have a router in
> between, it handles all the networking, and you don't have to have any
> particular computers on to use the network.
>
I do want this computer to most of the work.
Thanks a lot Tim, this is just the type of clarification I needed.
Understanding this better is helping me get a handle on what is wrong in
other areas, like my dnsmasq configuration, which I think stems from
these issues.
--
Regards,
Simon Slater
Registered Linux User #463789. Be counted at: http://counter.li.org/
15 years, 1 month