No internet access

[kobus]

Hi There All
just started with my first Server
i have no internet
my setup as follows
1. two network cards eth1- external (static with ip 10.0.0.254 and marked external)
2. eth2 - static with ip address 192.168.0.254, 255.255.255.0
3. firewall (Filtering rules for internal networks) all set to any for now
4. laptop on eth2 ip setting as follows 192.168.0.10, 255.255.255.0, gateway 192.168.0.254, dns 192.168.0.254
5. server can ping 192.168.0.10 and external dns of 196.41.0.10 and zentyal domain
6. i can ping the server on 192.168.0.254 but cannot ping external from laptop
7. i have 127.0.0.1 in (Domain Name Server Resolver List )
8. set  eth2 to dhcp but got same result no internet service from eth2
9. this was send from the server, so internet working fine on server

please help if you can

regards
kobus

[robb]

Can you ping an external IP address (not host or domainname) from one of your clients?
Did you add another DNS provider in Zentyal/Core/Network/DNS? (like the DNS server of your ISP, OpenDNS or Google?)

As I understand you situation it is as follows:

internet - Modem - External Zentyal (10.0.0.254 static) - Internal Zentyal (192.168.0.254 static) - internal subnet (192.168.0.1/24)

Why do you configure your client with static IP address? What happens if you activate and configure DHCP and make your client DHCP client?

btw, eth1 and eth2 on Zentyal should be configured static

[kobus]

thank you for your reply
i have rebuild the server
and still no internet but have enabled dhcp as requested
my setup as follows
eth0 - static - external- 10.0.0.254 - 255.255.255.0
eth1 - statis - 192.168.0.254 - 255.255.255.0
gateway - enabled - gw-eth0 - 10.0.0.2 - eth0 - default
dns - 127.0.0.1 - 10.0.0.2 - now added ISP 196.15.223.82
firewall packet filter >internal network - any
firewall packet filter> external records to zentyal - any - as well as my laptop mac address
http proxy - trasparent proxy ticked
http proxy > access rules - all time - any
Dhcp eth0 (external)- no Dhcp range added cause my router is dhcp enabled
Dhcp eth1 - Dhcp range added 192.169.0.1 to 192.168.0.100 - laptop on 192.168.0.3 with obtain address auto
network tools > can ping internal and external ip's as well as trace to zentyal server
have a  win8 laptop and network indicatore indicates no internet access, this must now work as far as i can tell
from laptop i can ping server eth1 192.168.0.254/192.168.0.3 and can log into web zentayl interface on server but can not ping externally

what a i doing wrong
please help

[Daniells77]

7. i have 127.0.0.1 in (Domain Name Server Resolver List )
Add 192.168.0.254 in this location as well. The laptop cannot resolve 127.0.0.1 when it trys to connect, thats reserved for the machine to talk back to itself, not for another machine to connect to.

To be more specific,
In the Core>Network>DNS> Add in your External DNS servers. Such as Googles open DNS server 8.8.8.8 or your ISP's 196.15.223.82
In the Infrastructure>DNS>Domain IP Address's> Add your Eth1 and Eth0 IP address's to test.
                 Once you can connect, then I would remove Eth0 as you really dont need Eth0 to answer through Eth1.

[christian]

@Daniells77: I'm afraid your advice is misleading 

What Kobus did is not wrong, even if using other DNS servers may help with other aspects.
Server side, in tern of DNS configuration (thus as you explain, at core/network/DNS) what matters is to have one external DNS (Kobus decided to use ISP's DNS, so far so good) and also 127.0.0.1 (first)
localhost is used here to tell to Zentyal to look at local DNS in order to resolve internal addresses. No need to access local DNS using external IP. local loop (127.0.0.1) works perfectly and is not seen by clients 

Client side, general idea is to set Zentyal as DNS server. (here 192.168.0.254)

Regarding domain IP address, I do not share the approach unless for specific Windows related stuff. setting "domain IP" will, at the end, resolve any name resolving request that is not properly built (i.e. with missing host in the fqdn) into this specific IP.
e.g. server.com will point to domain IP
Why not but I can't see where this can help to get internet access 

@kobus:  FW contains rules instead of records. Doesn't really matter but will help reader's understanding 
- why do you configure rules "from external to Zentyal" ? Internet access means from internal to... either internet (external) if you are not using proxy or internal to Zentyal if you are using proxy
- not sure 10.0.0.2 is a correct DNS server. rather remove it or move it at the bottom of your DNS servers list (yes rank does matter here)
- in order to debug you can try to:

   - access internet from Zentyal server itself. If it doesn't work, access from clients will not work neither
   - run nslookup from client to ensure names are resolved: when using transparent proxy, name resolution is on client side (while this is done server side when using explicit proxy)

[Daniells77]

Reading your post it seems to be semantics. I don't see outside of your dislike for the "Domain IP address" area that you said I had anything incorrect?

Referencing the comment below, what is wrong with this setup? Considering Eth1 is the 192.168.0.254. Its possible that I don't understand why you would not reference the direct IP as I only work in Windows domains and Zentyal for me is a home personal project. But on a windows server setup, You cannot just let the clients "assume" home.com is the answering DNS IP. Does Linux or Zentyal function in that way then?

 Thanks for your feedback as I'm always trying to learn more about other products.
 
"To be more specific,
In the Core>Network>DNS> Add in your External DNS servers. Such as Googles open DNS server 8.8.8.8 or your ISP's 196.15.223.82
In the Infrastructure>DNS>Domain IP Address's> Add your Eth1 and Eth0 IP address's to test.
                 Once you can connect, then I would remove Eth0 as you really dont need Eth0 to answer through Eth1."".

[christian]

Well, perhaps I don't understand either what you meant or what Kobus explained but my point was to explain that, on Zentyal server itself, if idea is to rely on local DNS server, then 127.0.0.1 is better than using 192.168.0.254
Nothing more than this 

As kobus is using DHCP, I believe DNS (client side)  is 192.168.0.254 thus client will never try to use 127.0.0.1 as DNS

Am I wrong with my understanding ?

You cannot just let the clients "assume" home.com is the answering DNS IP. Does Linux or Zentyal function in that way then?

? Sorry, I don't understand your point here 
Using Windows domain, you do have to set-up this so called "domain IP" but this is used only by Windows domain. Not having this will not prevent to access internet neither help in term of DNS resolution.

I'm also using Zentyal at home with both Linux and Windows clients but, being "at home", Windows domain advanced features are not used here, thus no GPO and stuff like this and no need to resolve home.com
To my understanding, this come along with SRV specific records, correct ?

[ap1821]

I recently installed Zentyal with 2 network cards (one internal, one external) to work as a gateway. After first configuration there was all connectivity needed except internet over internal networks. So what I did was restarting the server, maybe reconfiguring the interfaces one more time, thats all - it started working. But somehow at first try it didn't work.

[Daniells77]

@ap1821
I agree, I noticed I had to reboot or restart services to get DHCP to work a few times while learning and testing Zentyal. At one point the only way I could get DNS and DHCP to start working again was to Disable it from the Services status screen and then re-enable it and all worked perfect.

@Christian
I think we are basically saying the same thing and just miss understanding each other.

As far as the Domain IP address and why it matters to me and why by default I assumed everyone would want to set it up the way  did.

I am using Group Policy's at my house with Zetyal as the Group Policy Controller. I control what data my kids get access to, what printers and what machines they can log into and such even down to what browsers they open and backgrounds they see so I can at a glance from the kitchen see that there desktop is Blue and not Green like mine and know they are restricted, not just from websites but also from programs, Data sources and devices I don't want them to use.

I was amazed and very happy to find I could use Zentyal to push even item level targeted GPOs, based on Organizational Unit or LDAP object.

I can accomplish this with the Windows Domain Administrative tool kit and connecting to the Zentyal domain with Group Policy management and from there, if the DNS and SVR records are right zentyal will act just like any other domain I handle at work for my IT clients.

[kobus]

Thank you for all your respoce in this mater
however im still dont have internet access
i am listing now exectly how i setup the server maybe it will point out my error to you
network interface > eth0 > 10.0.0.254 >static > external marked
network interface < eth1 > 192.169.0.254 < static
sgate way > setup picked up my gatewat as gw-eth0 < 10.0.0.2
network.dns > i now have 127.0.0.1, 192.168.0.254, 8.8.8.8, 196.41.0.10 > in this order
DHCP > eth0 > dhcp range here, interface ip 100.0.0.254, subnet 10.0.0.0/24 range 10.0.0.1 - 10.0.0.254
DHCP > eth1 > dhcp range here, interface ip 192.168.0.254, subnet 192.168.0.0/24, range 192.168.0.1 - 192.168.0.100
DHCP > eth1 > range 192.168.0.1 to 192.168.0.253
DNS, Forward 10.0.0.254 and 1921.68.0.254
also tried DNS , Transparent cache but no luck
DNS, domain is standerd as zentyal-domain.lan
HTTP Proxy > i enabled Transparent  Proxy

please if you can send me setting as you would have them
sorry for late answere but i am on the other side of the world
i will check for your responce tonight by email and respond quicker

[kobus]

just thought is should mention i do have internet access from server
i have access to server from my laptop and can log into server web page
ip address on laptop set as automatic is as follows
address 192.168.0 3
sub 255.255.255.0
defualt gateway is a bit strange i have 0.0.0.0 and below 192.168.0.254
dhcp server 192.168.0.254
dns server 192.168.0.254
netbios over tcpip = enabled

[christian]

Some comments:

- I don't understand why you have defined DHCP range on the external interface (eth0). It doesn't really matter but this is quite strange (except if you have specific reason to do this)
- DHCP ranges on eth1 are strange to me too. Why do you have 2 different overlapping ranges ? Or do I misunderstand ?
- DNS settings: defining both 127.0.01 and 192.168.0.254 is useless. Both point to same DNS server (i.e. Zentyal) My advice is that you keep only 127.0.0.1
- why do you defined DNS forwarder ?

In order to debug, on your client (laptop), try to resolve external name like www.google.com (using nslookup) and see what happens.
You most likely face DNS related issue.

[dmdarki]

Hi i will try to make a review of all the posible reasons.

you have:
network interface > eth0 > 10.0.0.254 >static > external marked

and you want to add a DNS from the ISP:
192.168.0.254

you never wrote about the gateway, i assume that is the same that the DNS
192.168.0.254

so you are trying to configure

IP: 10.0.0.254
SUBMASK: 255.255.255.0
Gateway: 192.168.0.254

and this
DHCP > eth0 > dhcp range here, interface ip 100.0.0.254, subnet 10.0.0.0/24 range 10.0.0.1 - 10.0.0.254

=/ is crazy men.

so... you have to erase all the configuration on your Eth0 that is the coneccion with the ISP, and then put it on DHCP in network -> interfaces.

then if u want a static ip on Eth0, go to your primary router and configure it.

you will have internet conection in your server.

then you have to erase all the configuration on your Eth1, configure the Eth1 static at X.X.X.1 or 254 and turn on  ther DHCP server for Eth1 for an others ip adresses.

how you can test it.

your server could ping his gateway, and your clients too.

your server has to have and ip and the gateway has to be in the same range X.X.X.1 or 254 configured in network -> gateway

your client has to have an ip of the range you chose, and the ip static from the Eth1 as gateway.

i hope this help. =D

[robb]

Just be absolutely sure: did you _activate_ networking module? If you did not explicitly activate networking module, settings will not be propagated.

[christian]

If you read again what this member wrote:
- his DHCP server works as he got IP
- furthermore, reaching Zentyal from laptop works too
thus network is OK on the internal side.

I supposed access to internet from Zentyal server works too (as it stated somewhere that pinging external IP from Zentyal works)

Even if using DHCP on eth0 is surprising, it doesn't prevent internet access to work.

To me issue is clearly due to DNS and most likely due to misuse of forwarder. (sorry dmdarki, I'm pretty convinced that you are missing some of potential reasons in your review of all possible reasons  )

The easiest way to check this is, as I already suggested, to resolve internet URL from laptop (as explicit proxy is not used, such resolution has to be done client side in order for internet access to work).

Error message would also help instead of "it doesn't work" but I gave up hopping that users can understand this while asking for help