[nSLUG] Static IP woes

Donald Teed donald.teed at gmail.com
Tue Sep 20 19:04:20 ADT 2005


If you are running your own DNS server, I'd think you'd want the clients
to have that set up as the DNS server. Also, make sure the gateway
on the clients is the LAN IP of the router, not your new static IP.

Here is a basic DNS test. Whip up a web browser.
The IP for www.imp.ca <http://www.imp.ca> is
142.176.189.229<http://142.176.189.229>, so
you should be able to see http://142.176.189.229
If that IP works to load the page, but using www.imp.ca <http://www.imp.ca>does
not work, then you have a DNS issue, not a router issue.
Try switching between your ISP's DNS and your own.
You don't have to assign the DNS by DHCP in the client
machines. The clients can be hard wired to use a fixed
DNS server.

Another basic test to see where the traffic is going is to
run traceroute with some external site. Again, if DNS isn't working
yet, you should use an IP address. This is even available
on Windows these days.

The basic approach in troubleshooting this is to eliminate one
variable at a time. If your tests depend on too many things
working OK at once, then something basic like "host not found"
could be failing several different reasons.

The other angle that is often useful, is to test the same thing
in a situation that does work OK. If you are able to flip back
to the working setup you had prior to this static IP configuration,
note how all of the variables appear in that situation. Things
like your internal DNS server will still work for external lookups
when you have a dynamic IP for your router.

It has been awhile since I looked at this, but I believe
there is also a UDP requirement for DNS - possibly port 53 again.
You might need to add that to your port forwards to the
slackware box. However that would not have anything to do
with the local LAN clients not seeing the internet. It would 
possibly impact outside users resolving the DNS for your domain.

--Donald Teed

On 9/20/05, Rowan Townshend <rtownshend at emslimited.ca> wrote:
> 
> Hello all,
> 
> Here's how it was laid out before I started going at it.
> 
> Internet--->Eastlink SurfBoard--->Router(Wireless)--->Computers & Server
> 
> Internet: Lots of it out there.
> 
> Eastlink SurfBoard: Model# SB5100 (the same one I believe for most home
> accounts)
> 
> Router: Linksys 2.4 GHz Wireless G (Model#: WRT54G)
> -Setup to acquire an IP via DHCP from Eastlink
> -Router set to have an static internal IP of it's own (all the
> machines in the office point to it as their default gateway)
> -Router operates a DHCP server to provide for the next point
> -Clients are all setup with unique IPs gained via DHCP but keyed
> into each system so there are no IP conflicts (EG: 192.168.1.254<http://192.168.1.254>
> )
> -Router uses "SPI firewall" which came with it I understand either
> as stock or with a firmware upgrade
> -A WEP key is used on the internal wireless network (although the
> server is physically connected to the router with a piece of CAT-5e
> network cable, not sure if it's the same stuff Eastlink would have
> left behind)
> 
> The server is sitting behind the router, and ports have been forwarded
> to it via the Router web interface (53 for DNS, 80 for Apache, etc...).
> 
> I do have the DNS server going, and have been using it for my own
> computer as the Primary DNS (I'm using WinXP on my desktop). I tried
> doing some "host"ing, and some digs, and now it seems that the server
> does not wish to reply (I was able to get responses when I did these
> from the server command line (telling it to refer to the internal IP
> previous to today). I was never able to get any reply other then "Host
> not found" when I tried it by the external dynamic IP. Beyond simple
> "host domain.com <http://domain.com> nameserver" and "dig -x domain.com<http://domain.com>" 
> I do not know many
> other tests that could be preformed DNS wise.
> 
> I have not done anything with the firewalls yet, I have not setup
> anything for IPtables. I can try taking down the Router firewall
> tomorrow at a time when I can make sure the other computers in the
> office will not be affected (or more accurately, the users).
> 
> When the Static IP info was laid into the Router itself, doing
> ipconfig /all resulted in the expected settings. Seeing the internal IP
> for the machine, the gateway (router), and the Eastlink DNS servers (I
> presume fed from settings on the router where they are keyed in). Yet,
> there was no external connection outside the router.
> 
> Thanks to everyone for the help thus far, time to go home for the day.
> -Rowan Townshend
> 
> Donald Teed wrote:
> 
> > There are a lot of changes involved in what you are working on.
> > Without a picture of how it worked before, it is difficult to pinpoint
> > the most likely parts to have broken.
> >
> > Connecting to your router's web page should show a status
> > page confirming if your static IP is assigned properly. Make
> > sure you don't get the internal LAN IP mixed up with the WAN IP.
> >
> > Is there a DHCP server running by default on the router? That
> > can confuse clients if they should be getting their IPs
> > assigned from elsewhere.
> >
> > Have you started to run your own DNS?
> > If so, test connectivity to the outside world by IP numbers first
> > to determine if DNS configuation is the real source of the breakdown.
> >
> > Depending how you had the router and cable modem set up before,
> > the network cable might need to be a cross over cable between
> > the eastlink modem and your router box - I usually use whatever cable
> > the ISP gave me with the modem.
> >
> > Also check your router firewall set up. If you turn it off briefly
> > and discover
> > things work as they should, then that is the culprit. If the slackware
> > box is running iptables, try turning that off briefly as well and see if
> > something was badly configured.
> >
> > If you don' t run the slackware box in a DMZ, you will need port
> > forwarding
> > to allow DNS and other essential traffic to pass in. Make sure that
> > is set up on the
> > router.
> >
> > These are just some check list items I would normally go through
> > in this situation. You would know which ones really might apply.
> >
> > The clients can tell you alot too. On the Windows box ifconfig /all
> > will show you the DNS, gateway, etc. it picked up.
> >
> >
> 
> 
> 
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
> 
> 
> 
>


!DSPAM:43308765114765313120166!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20050920/286b39bf/attachment-0001.html>


More information about the nSLUG mailing list