[debian-lan-devel] No internet connection after converting minimal installation

[Afif Elghraoui]

Hello,
On الخميس 15 كانون الثاني 2015 01:49, Andreas B. Mundt wrote:
> Hi Afif,
>
> [...]
>
>> I'm attaching all the logs from the softupdate command to this message-- not
>> just the error log.
> At least from a quick look, I could not find anything suspicious --
> fai.log shows that all scrips ran sucessfully, (details in shell.log)
> and the error.log is also fine.  It looks all familliar and comparable
> to my test environment.
Hm, ok.
>>> What happens if you connect a machine to the internal debian-lan
>>> network, i.e. the other interface? It should get an ip-address from
>>> the  10.0.0.0/8 network.
>> That seems to be working. I get far enough to see the FAI boot menu that
>> gives me the option to do an automated installation. I also get a few steps
>> into the installation before I run into issues.
> Note that you need to install the chroots on the server first to make
> it work c.f. the motd message displayed after login on the server: run
> 'debian-lan-chroots'.
I wasn't worried about that yet-- Anway, when I run debian-lan-chroots 
now, I get the message "Error accessing http.debian.net', check network 
and internet access." Running "host http.debian.net" gives me 
http.debian.net has address 46.4.205.44 (and then the IPv6 address). So 
it should be accessible.
>
> [...]
>
>> So given that I can ssh into the machine's public interface externally,
>> perhaps my issue isn't directly the network connection. I'm not sure what it
>> is, then. Could it be the DNS settings that debian-lan reconfigured aren't
>> working out?
> Hm, just a few hints what you could check.  To be independent of the
> DNS, perhaps first try to ping a machine's ip address in the external
> network or (if not blocked by your institutions network) something
> like '8.8.8.8'. I guess this is the first thing that has to work.
>
> If this is fine, try hostname resolution like
>
> $ host 8.8.8.8
> 8.8.8.8.in-addr.arpa domain name pointer google-public-dns-a.google.com.
>
> $ host debian.org
> ...
This looks like it's working. I tried a couple addresses and also 
http.debian.org (see above).
>
> If this fails, try the internal network (and the local bind server)
> with
> $ host workstation00
>
> Perhaps bind on the mainserver does not know how to resolve external
> names, check if adding forwarders in '/etc/bind/named.conf.options'.
> (This is not necessary here, but depends on what your WAN provides.)
>
> I hope this gives some clue.  Before host and name resolution does not
> work there is of course no chance to get anything else working
> properly.
>
> One final thought (but probably not the problem from what you wrote):
> Check if the external/internal interfaces are correct for shorewall in
> '/etc/shorewall/params'.
Yes, /etc/shorewall/params has:
LOC_IF=eth0
LOC_IF=eth1
> Let us know if you get any further, best regards,
>
>      Andi
So actually, I think the problem may be with the proxy configuration. 
When I run apt-get update, I get errors that say "Could not resolve 
'aptcache.intern'". When I comment out the one line in 
/etc/apt/apt.conf, apt-get update works. This is the line that says 
Acquire::http::Proxy "http://aptcache.intern:3128/";

When I add aptcache.intern to /etc/hosts for 127.0.0.1, apt-get update 
works with the /etc/apt/apt.conf line uncommented, but the 
debian-lan-chroots script still fails saying that it can't access 
http.debian.net.

I think we're getting closer. Thanks for bearing with me on these issues.

Thanks and regards,
Afif

-- 
Afif Elghraoui
System Administrator, Biological & Medical Informatics Research Center
San Diego State University