Client access to dsl connection problem

[KingCrab]

Hi,

I've a big problem getting my clients connected to the internet over dsl. What I have so far is a working dsl connection on external side (pppoeconf and pon dsl-provider). I changed the mysql entry describing the network devices and I can see the ppp0 connection details on web-admin/network. But none of my clients is able to reach the outside world. The firewall rules are untouched.

Hope anyone could help me solving this. Thanks in advance,
KingCrab

[Zaerc]

I think the problem is that the firewall rules need to be adjusted slightly:

Code Select Expand


# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 57641 packets, 3434K bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 998K packets, 73M bytes)
pkts bytes target     prot opt in     out     source               destination         
  128 10658 MASQUERADE  0    --  *      eth0    192.168.80.0/24     !192.168.80.0/24     

Chain OUTPUT (policy ACCEPT 998K packets, 73M bytes)
pkts bytes target     prot opt in     out     source               destination         


In your case I suspect that in the "MASQUERADE" rule "eth0" should be "ppp0" (or similar), but I have no idea where to change that.

[KingCrab]

ppp0 seems to be changed already, but my output differ a bit from your one. Don't know where these changes come from.

iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 21 packets, 2272 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 122K packets, 9441K bytes)
pkts bytes target     prot opt in     out     source               destination
    3   144 SNAT       0    --  *      ppp0    192.168.30.0/24     !192.168.30.0/24     to:192.168.10.1

Chain OUTPUT (policy ACCEPT 122K packets, 9441K bytes)
pkts bytes target     prot opt in     out     source               destination

[Zaerc]

I think those rules are pretty much equivalent (just a different way of doing it), so I guess LMCE already noticed and set that up properly.

Just curious, you are using "192.168.30.0" for the internal network instead of the default "192.168.80.0" subnet?

[KingCrab]

Yes, but there no real cause why I choose 192.168.30.0. Maybe just to be different  ;-)

[pixelator]

I had this same issue when I first set up pppoe for dsl access. In my case, it turned out to be a DNS issue.
The clients were not receiving the correct DNS info from the core.

also make sure the dns is correct on the core.

Adding the correct DNS info to each client resolved this for me.
The other thing to check is the default gateway on the clients and make sure they are pointing to the core.

[KingCrab]

On my test client the resolv.conf nameserver entry links to the internal address of my core. Does it have to be the one given by dsl provider or is this correct?

@pixelator Could you give a short description of what you've done and how your settings look like respectively?

[Zaerc]

In my setup the core's resolv.conf has ips of the domain servers handed out by my modem's DHCP (which are my provider's dns and the modem's ip).  The diskless MD has the ip of the core as it's nameserver.  I hope that helps.

Even without domain resolution, you can always try to ping/traceroute ip numbers directly.

[KingCrab]

Than the problem seems to be somewhere else. All of the dns entrys are correct.
But I can't even ping my providers nameserver ip from "inside"...

[Zaerc]

Can you ping them from the core itself?

[KingCrab]

Yes, a ping from core works

[Zaerc]

can you show me the output of "ifconfig" and "route -n" on both the core and a MD?