Topic: please help - no internet access to LAN PC's

[SoftDux]

Oh, and before I forget,

my internal LAN is 192.168.10.0/24 & external is 192.168.1.0/24

[chris burnat]

I don't understand what you mean?

I will save Charlie some of his time and reply on his behalf.  You had originally posted in the SME7.x forum.  This forum is dedicated (strictly) to issues, questions (etc) about the core packages making SME - what you have on the CD if you wish. The minute you install a package not included in the distribution, i.e. Dans, you should post into the sme7.x Contribs section.  No worries, I moved your topic, all is well.

[Knuddi]

Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:

Code: [Select]

config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks

Does it still exist?

[Knuddi]

Another suggestion... You didn't configure (force) all the clients to use a proxy as suggested on the wiki and now the proxy is disabled??

[SoftDux]

I will save Charlie some of his time and reply on his behalf.  You had originally posted in the SME7.x forum.  This forum is dedicated (strictly) to issues, questions (etc) about the core packages making SME - what you have on the CD if you wish. The minute you install a package not included in the distribution, i.e. Dans, you should post into the sme7.x Contribs section.  No worries, I moved your topic, all is well.

Thanx Chris,

I thought that since I removed Dansguardian and I want to fix the SME problem, without DansGuardian installed that it would have been fine in the SME forum

[SoftDux]

Another suggestion... You didn't configure (force) all the clients to use a proxy as suggested on the wiki and now the proxy is disabled??

Hi,

No, for simplicity reasons I didn't specify any proxy settings on the clients and relied on the transparent proxy setup.

But as I said, I don't think this is a problem with the proxy. No internet access (i.e. web / email / ftp / ping / remote desktop / etc) is working from any of the LAN PC's, and it seems like a routing / masquerading problem. I did reconfigure the server to server only more, rebooted, and then reconfigured it back to gateway mode, hoping it would fix the IP masquerading problem, but it didn't. When I manually start / restart masq (service restart masq), I get the following error:

root@intranet:[~]$ /etc/rc.d/init.d/masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done

So, somewhere it's missing some firewall / ip masquerading / ip forwarding rules, but I don't know which or where.

[SoftDux]

Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:

Code: [Select]

config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks

Does it still exist?

Unfortunately I can't SSH into the server from the office right now, but I'll go over to the client again a bit later today and try your suggestions. Thanx

[CharlieBrady]

I don't understand what you mean?

The subject of the SME Server 7.x forum is:

 Discussion of the use of *ONLY* the components and features included on the SME
 Server 7.x CD.

As soon as you mention "dansguardian" your post is off-topic for the SME Server 7.x forum.

I don't think I can make it any clearer than that.

[SoftDux]

Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:

Code: [Select]

config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks

Does it still exist?

Sadly this didn't work either

[Knuddi]

Maybe the templates are messed up. Does:

expand-template /etc/rc.d/init.d/masq

Give any errors (or any output)?

[SoftDux]

Maybe the templates are messed up.

That's what I'm thinking as well, but I don't know how to fix the corrupted template. And it seems like changing from gateway mode, to server move, back to gateway mode doesn't fix the template either.

 Does:

expand-template /etc/rc.d/init.d/masq

Give any errors (or any output)?

I get no error, nor any output. Is it supposed to give output?

root@intranet:[~]$ expand-template /etc/rc.d/init.d/masq
root@intranet:[~]$

[janet]

SoftDux

You have said:

I can't even ping a site / IP on the internet from one of the networked PC's....
I also can't ping any IP on the internet from any PC on the LAN...
No internet access (i.e. web / email / ftp / ping / remote desktop / etc) is working from any of the LAN PC's

This seems more like basic networking issues.
Are the server and workstations on the same workgroup and/or domain name ?
Are they also on the same network address range ie 192.168.10.xx

Can workstations ping the server ?

What is your network arrangement ?

Are the workstations set to auto detect the DHCP server and WINS server etc Are the workstations correctly setup to use sme server as the gateway

On a workstation, what does this show (from a DOS prompt) ?
ipconfig /all

[janet]

Knuddi & SoftDux

config setprop squid Transparent no
signal-event post-upgrade; signal-event reboot

That is incorrect.
It should be:

To return Transparent Proxy port to default value and to disable portblocking and to enable the Transparent proxy (which is the sme default)

config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot


Note that the sme server default setting for transparent proxy is yes, as determined by the base code/templates when there is no actual db entry for the squid Transparent setting.

So if you wish to have a db setting then it should be yes rather than no

Doing
config delprop squid Transparent
signal-event post-upgrade; signal-event reboot

will achieve the same result ie Transparent proxy is enabled (=yes) due to the default template behaviour


Ray has fixed the wiki article

[mazkot]

Hi,

I experienced this problem sometimes. what i usually do is just restart the server and the switches.
7.4 (but this server has been updated from 7.1)
Server-gateway mode
DHCP
Dansguardian
Proxy

for unknown reason or i just don't know where to look there are times that there is some kind of bottleneck in the connection. And restarting the server and switches fixes it.

[SoftDux]

SoftDux

You have said:

This seems more like basic networking issues.
Are the server and workstations on the same workgroup and/or domain name ?
Are they also on the same network address range ie 192.168.10.xx

Can workstations ping the server ?

What is your network arrangement ?

Are the workstations set to auto detect the DHCP server and WINS server etc Are the workstations correctly setup to use sme server as the gateway

On a workstation, what does this show (from a DOS prompt) ?
ipconfig /all

Hi Mary, I realize you are trying to help, but you're looking past the problem. It's not a transparent proxy problem, nor is a it a basic network problem.


The problem lies with the IP masquerading template, which doesn't load at all.

As I said, when I load masq manually, I get the following error:

/sbin/e-smith/config setprop masq Stealth yes
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

If IP masquerading doesn't work, then no networking functions between computers on the LAN and the internet will function. I want to know how to fix this particular script so that it loads without an error. Does anyone know how to fix this particular problem? Forget about Transparent Proxy. Email doesn't work, FTP doesn't work, SSH doesn't work, Remote Desktop / VNC doesn't work, in fact, every internet related service doesn't work.