Thread: help with static ip on lan
View Single Post

   
  #5 (permalink)  
Old 02-20-2008, 11:04 AM
aaronl
 
Posts: n/a
Default Re: help with static ip on lan
On Sun, 25 Sep 2005 12:43:46 +0200, Henrik Carlqvist wrote:

> My guess is that you did forget to tell netconfig about your DNS servers
> (or rather the DNS servers of your ISP). Those servers should have been
> placed by netconfig in the file /etc/resolv.conf. After editing
> /etc/resolv.conf you do not have to restart anything.

You guys deduced correctly--good job. It is working now.
/etc/resolv.conf needed the following added to point to my router--which
is configured to handle the translation:
<addition> nameserver 192.168.1.1 </addition>

My assigned ip was getting set in earlier attempts and I could ping the
outside address you supplied, but could not get a website to come up, so
I stuck that ip in a browser and bingo--google came up. I was happy then,
becuase I knew you were right.

I also tweaked my host file to add the hardcoded ip. Was this necessary?
And should I have commented out the loopback line associated with my
server name as shown below?:
<file>
# For loopbacking.
127.0.0.1 localhost
#127.0.0.1 darkstar.deepspace.org darkstar
192.168.1.69 darkstar.deepspace.org darkstar
</file>

One last thing. Early in the game I thought my firewall might
be part of the problem. I can to use the iptables command to add and
drop rules, but how does one stop the entire rc.firewall script without
having to 'chmod -x rc.firewall' and reboot? Would it be
'start|stop|restart' code added to the rc.firewall script itself or to
other script that calls it, rc.inet2 or something. Can I get the process
from 'ps' somehow and 'kill' it that way? My firewall itself is pretty
basic--something I grabbed off the internet many moons ago. For
convienence I wrote a simple shell script to add and drop global
permissions to allow friends in from time to time, but I've always wanted
to know how to stop and restart the whole darn thing when debugging
problems like the one in this thread:

(note: Pan's wrap warnings and 'rewrap' mess up posting format on some
lines below)

<firewall>
#!/bin/bash
#
# Basic script to keep the nasties out of slack

# First we make the default policy to drop everything
iptables -P INPUT DROP
iptables -P FORWARD DROP

# Allow established connections and programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

# Allow lan users to connect to Apache iptables -t filter -A INPUT -p tcp
-s 192.168.1.0/24 -i eth0 --dport 80 -j ACCEPT

# allow ssh and apache connections from work
iptables -t filter -A INPUT -p tcp -s ###.###.##.0/24 -i eth0 --dport 22 -j
ACCEPT
iptables -t filter -A INPUT -p tcp -s ###.###.##.0/24 -i eth0 --dport 80 -j
ACCEPT

#end script
</firewall>

comments welcome!

aaron


Reply With Quote