Topic: please help - no internet access to LAN PC's

[SoftDux]

Hi all,

I have installed Dansguardian, which worked for a few days, but after a while I noticed that internet access in general was very slow. So I though I'd uninstall it, but it seems I've totally fscked up the server.

Now, no PC on the network can access the internet. I can't even ping a site / IP on the internet from one of the networked PC's.

I've reset the server to server only mode, and then back to private server & gateway mode, but still no luck.

Can someone please tell me how I can reset the network settings, without reinstalling the server?

[Stefano]

Softdux: from the number of your posts I guess you are not a SME newbie and, of course, a forum newbie..

so.. how do you think we can help you if you don't give any details?

can you ping any site form SME?
did you change anything related to iptables?
why did you uninstall dansguardian without trying to diagnosethe problem?

not to be rude, but if you describe yourself as "The Leaders in Software & Networking" I expect a more professional attitude from you.

Ciao
Stefano

[SoftDux]

What is interesting, is that from the server I can ping any host on the internet, but I can't access that website using lynx / links.

I also can't ping any IP on the internet from any PC on the LAN, even though I have reset the server into Private Server & Gateway mode. So, though I want to think it's a firewall issue, I'm not quite sure.

[SoftDux]

Hi stefano,

As your message says, build a system that only a fool can use

No offence, but there are a lot of internal code of SME that I don't like playing with, for various reasons. I don't have the time to try and debug the dansguardian problem and since it's something I've never used before I'd rather remove it. But, now I'm sitting with a "big white elephant". Ideally I would prefer to fix the problem without reinstalling the server (there's about 450GB's worth of data which I can't move anywhere right now). I'm between offices and this one is in a doctor's practice, where I don't spend a lot of time.

I didn't change the firewall, I purely uninstalled dansguardian (there isn't any official way of doing it, so I did rpm -e dansguardian). But this left me with worse problems.

[Stefano]

I didn't change the firewall, I purely uninstalled dansguardian (there isn't any official way of doing it, so I did rpm -e dansguardian). But this left me with worse problems.

maybe you mean

Code: [Select]

rpm -e smeserver-dansguardian
?

what's the output of

Code: [Select]

rpm -qa | grep dans
?

HTH
Ciao
Stefano

[SoftDux]

Yes, sorry.

root@intranet:[~]$ rpm -qa | grep dans
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature

Here's something else which is also interesting:

root@intranet:[~]$ /etc/rc.d/init.d/masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done

So, how do I fix that? I don't know if this is the case, but I think that could be the problem?

[CharlieBrady]

I have installed Dansguardian ...

Off-topic for this forum.

[janet]

SoftDux

As indicated in another post you would also need to do
rpm -e smeserver-dansguardian
as well as doing
rpm -e dansguardian
and then you would also need to undo any db commands or setting changes made in relation to configuring Dansguardian on that server.
Read the Wiki Contrib article for details of reverting settings back to standard
http://wiki.contribs.org/Dansguardian
and in particular I'm thinking of
http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy

and of course any other tweaking you did that you have not told us about.

[chris burnat]

Moving to Contribution section where it is more appropriate.

[SoftDux]

Off-topic for this forum.

I don't understand what you mean?

[SoftDux]

SoftDux

As indicated in another post you would also need to do
rpm -e smeserver-dansguardian
as well as doing
rpm -e dansguardian
and then you would also need to undo any db commands or setting changes made in relation to configuring Dansguardian on that server.
Read the Wiki Contrin article for details of reverting settings back to standard
http://wiki.contribs.org/Dansguardian
and in particular I'm thinking of
http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy

and of course any other tweaking you did that you have not told us about.

Hi mary,

Yes, I've uninstalled both dansguardian & smeserver-dansguardian using rpm (as I couldn't find any other documented way of removing them). I also went ahead and undid any db commands performed, but it still doesn't help.

Did you see the error I posted above, about the modules missing when trying to run masq manually? I do have a feeling, looking at what works and doesn't work, that masqurading isn't working. But the question is, how do I fix the masqurading part?

[janet]

SoftDux

I've reset the server to server only mode, and then back to private server & gateway mode, but still no luck.

Perhaps change your server back to gateway server mode, which I assume was the mode it was originally in.
I don't know why you thought changing modes was going to achieve a fix to your problem, seems an odd way to troubleshoot.

[janet]

SoftDux

What does this show ?
/etc/init.d/masq status

[SoftDux]

SoftDux

Perhaps change your server back to gateway server mode, which I assume was the mode it was originally in.
I don't know why you thought changing modes was going to achieve a fix to your problem, seems an odd way to troubleshoot.

Well, for one I thought that changing it from gateway mode to server only mode, and back again would restore all the masquarading & filewall rules to it's default state. But you're right, it doesn't fix the problem though. I can change between gateway & server mode as many times as I like and it doesn't help

[SoftDux]

SoftDux

What does this show ?
/etc/init.d/masq status

Here's the full list:

Aroot@intranet:[~]$ /etc/init.d/masq status
Table: filter
Chain INPUT (policy DROP)
target     prot opt source               destination
state_chk  all  --  0.0.0.0/0            0.0.0.0/0
local_chk  all  --  0.0.0.0/0            0.0.0.0/0
PPPconn    all  --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  224.0.0.0/4          0.0.0.0/0
denylog    all  --  0.0.0.0/0            224.0.0.0/4
DROP       all  --  89.123.129.102       0.0.0.0/0
DROP       all  --  89.123.129.102       0.0.0.0/0
InboundICMP  icmp --  0.0.0.0/0            0.0.0.0/0
denylog    icmp --  0.0.0.0/0            0.0.0.0/0
InboundTCP  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x0                                           2
denylog    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02                                           
InboundUDP  udp  --  0.0.0.0/0            0.0.0.0/0
denylog    udp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spts:67:68
gre-in     47   --  0.0.0.0/0            0.0.0.0/0
denylog    47   --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
state_chk  all  --  0.0.0.0/0            0.0.0.0/0
local_chk  all  --  0.0.0.0/0            0.0.0.0/0
ForwardedTCP  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0                                           x02
ForwardedUDP  udp  --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PPPconn    all  --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  224.0.0.0/4          0.0.0.0/0
denylog    all  --  0.0.0.0/0            224.0.0.0/4
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain ForwardedTCP (1 references)
target     prot opt source               destination
ForwardedTCP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02                                           

Chain ForwardedTCP_5994 (1 references)
target     prot opt source               destination

Chain ForwardedUDP (1 references)
target     prot opt source               destination
ForwardedUDP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    udp  --  0.0.0.0/0            0.0.0.0/0

Chain ForwardedUDP_5994 (1 references)
target     prot opt source               destination

Chain InboundICMP (1 references)
target     prot opt source               destination
InboundICMP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    icmp --  0.0.0.0/0            0.0.0.0/0

Chain InboundICMP_5994 (1 references)
target     prot opt source               destination
denylog    icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 12
denylog    all  --  0.0.0.0/0            0.0.0.0/0

Chain InboundTCP (1 references)
target     prot opt source               destination
InboundTCP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02                                           

Chain InboundTCP_5994 (1 references)
target     prot opt source               destination
denylog    all  --  0.0.0.0/0           !192.168.1.1
REJECT     tcp  --  0.0.0.0/0            192.168.1.1         tcp dpt:113 reject-                                           with tcp-reset
denylog    tcp  --  89.123.129.102       192.168.1.1         tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.1         tcp dpt:3000
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.1         tcp dpt:1723

Chain InboundUDP (1 references)
target     prot opt source               destination
InboundUDP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    udp  --  0.0.0.0/0            0.0.0.0/0

Chain InboundUDP_5994 (1 references)
target     prot opt source               destination
denylog    all  --  0.0.0.0/0           !192.168.1.1

Chain PPPconn (2 references)
target     prot opt source               destination
PPPconn_1  all  --  0.0.0.0/0            0.0.0.0/0

Chain PPPconn_1 (1 references)
target     prot opt source               destination

Chain denylog (21 references)
target     prot opt source               destination
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:520
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:137:139
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:137:139
ULOG       all  --  0.0.0.0/0            0.0.0.0/0           ULOG copy_range 0 n                                           lgroup 1 prefix `denylog:' queue_threshold 1
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain gre-in (1 references)
target     prot opt source               destination
denylog    all  --  0.0.0.0/0           !192.168.1.1
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain local_chk (2 references)
target     prot opt source               destination
local_chk_5994  all  --  0.0.0.0/0            0.0.0.0/0

Chain local_chk_5994 (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  192.168.10.0/24      0.0.0.0/0

Chain state_chk (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTAB                                           LISHED
Table: nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination