[debian-lan-devel] No internet connection after converting minimal installation

Thu Jan 15 09:49:27 UTC 2015

Hi Afif,

On Wed, Jan 14, 2015 at 01:05:27PM -0800, Afif Elghraoui wrote:
> On الأربعاء 14 كانون الثاني 2015 09:25, Andreas B. Mundt wrote:
> >
> >Can you ping this address from the external network or login with
> >ssh?  (Note that the firewall (shorewall) may restrict this (IIRC only
> >one ssh connection per minute).
> I can't ping, but I actually can login using ssh (after setting
> PermitRootLogin yes in /etc/ssh/sshd_config).
> >

OK.

[...]

> I'm attaching all the logs from the softupdate command to this message-- not
> just the error log.

At least from a quick look, I could not find anything suspicious --
fai.log shows that all scrips ran sucessfully, (details in shell.log)
and the error.log is also fine.  It looks all familliar and comparable
to my test environment.

> >What happens if you connect a machine to the internal debian-lan
> >network, i.e. the other interface? It should get an ip-address from
> >the  10.0.0.0/8 network.
> That seems to be working. I get far enough to see the FAI boot menu that
> gives me the option to do an automated installation. I also get a few steps
> into the installation before I run into issues.

Note that you need to install the chroots on the server first to make
it work c.f. the motd message displayed after login on the server: run
'debian-lan-chroots'.

> >
> > From your description, I do not see anything that went wrong and all
> >sounds sensible.  Could  it be that the wrong interface is connected
> >to the outer world?  From your description above this should not be
> >the case.  If, however, that happened switch cables or modify
> >'/etc/udev/rules.d/70-persistent-net.rules' (switch eth0 <-> eth1).
> I don't think this is the case-- otherwise, the other machine wouldn't boot
> from the internal interface and the IP addresses look correct given their
> roles: eth0 for the internal network and eth1 for the external network.

Right.

[...]

> >Finally, if all the above is not the case, your wide area network may
> >use the same addresses (10.0.0.0/8) as the debian-lan network.  Routing
> >will of course fail and you would need to modify the LAN address.
> I should have mentioned that the WAN is using a different address structure.
> I've also previously tried modifying /etc/network/interfaces to use a static
> IP for eth1, but that didn't resolve the problem either.
> >You are welcome!  Getting network access shouldn't be something that's
> >'impossible' to solve.  Please report any findings.

> So given that I can ssh into the machine's public interface externally,
> perhaps my issue isn't directly the network connection. I'm not sure what it
> is, then. Could it be the DNS settings that debian-lan reconfigured aren't
> working out?

Hm, just a few hints what you could check.  To be independent of the
DNS, perhaps first try to ping a machine's ip address in the external
network or (if not blocked by your institutions network) something
like '8.8.8.8'. I guess this is the first thing that has to work.

If this is fine, try hostname resolution like

$ host 8.8.8.8
8.8.8.8.in-addr.arpa domain name pointer google-public-dns-a.google.com.

$ host debian.org
...

If this fails, try the internal network (and the local bind server)
with
$ host workstation00

Perhaps bind on the mainserver does not know how to resolve external
names, check if adding forwarders in '/etc/bind/named.conf.options'.
(This is not necessary here, but depends on what your WAN provides.)

I hope this gives some clue.  Before host and name resolution does not
work there is of course no chance to get anything else working
properly.

One final thought (but probably not the problem from what you wrote):
Check if the external/internal interfaces are correct for shorewall in
'/etc/shorewall/params'.

Let us know if you get any further, best regards,

    Andi