Author Topic: No more internet access for my lan :-(  (Read 3426 times)

miquel

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
No more internet access for my lan :-(
« on: August 31, 2011, 11:44:09 pm »
I've installed and setup my Zentyal box two month ago and it has worked flawlesly until yesterday.

For any unknow reason, I've no more internet access for my lan since tomorrow morning (Zentyal box itself is not affected).

My Zentyal server has two network interfaces, eth0 (internal) and eth1 (external) and it runs some virtualbox machines attached to internal lan, wich still accessible (internally as well externally) as usual, so it's not a hardware issue.

It has worked fine for two monts and I've no made recent setup changes, so it's does not seems a "bug" in my setup.

Disabling proxy and/or firewall doesn't help.

Any suggestion about what should I check?

Unfortunately I havent backed up my full system, so what can I do? Is my only choice reinstall the full system and wait for a new break?

Thanks!
Miquel.
« Last Edit: August 31, 2011, 11:58:03 pm by miquel »

christian

  • Guest
Re: No more internet access for my lan :-(
« Reply #1 on: September 01, 2011, 07:58:25 am »
Miquel,

You have to investigate a bit. with so few technical input, it's very difficult to have any idea.
1 - Refer to Oceanwatcher's sticked post describing "How to make a good post". not because your is not good  ;) but it will tell you what kind of information may help (version, installed modules)
2 - Is there any error message? (client side buit also in Zentyal logs: look at syslog and specific Zentyal logs.

Marcus

  • Forum Moderator
  • Zen Samurai
  • *****
  • Posts: 395
  • Karma: +12/-0
    • View Profile
    • Professional IT Service
Re: No more internet access for my lan :-(
« Reply #2 on: September 01, 2011, 01:46:32 pm »
Hello Miquel,

Could you confirm 3 things?

a) Proxy is enabled and running
b) Firewall*, DHCP & Proxy logs are enabled
c) Clients are receiving their private IP

*Full logs from any sources & any destinations.

From that point, it will be easier for us to get you back on track.

Best,

Marcus

miquel

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: No more internet access for my lan :-(
« Reply #3 on: September 01, 2011, 07:43:11 pm »
CRISTIAN: This is an up to date Zentyal 2.0 box (DNS, NTP, DHCP, firewall, HTTP, Proxy, mail + webmail, VPN, backup, file sharing, user corner) and it's my production server.

MARCUS: a), b)* and c): YES

* Firewall, DHCP & Proxy are enabled in logs setup module. Is this what you mean?

Today's firewall log is 1342 pages with tons of DROPS (ports 631 and 5353). I don't now what else must I look for.

Thanks.
Miquel.






« Last Edit: September 02, 2011, 09:18:05 am by miquel »

miquel

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: No more internet access for my lan :-(
« Reply #4 on: September 02, 2011, 05:48:54 pm »
Definitely, this is a DNS issue.

Adding my router's ip (or my ISP DNS) as secondary nameserver workarounds the problem and my office machines can access again to internet.

So the real problem is that Zentyal DNS server is no longer able to resolve external addresses.

Should I rename this thread or open a new one?


christian

  • Guest
Re: No more internet access for my lan :-(
« Reply #5 on: September 02, 2011, 07:41:55 pm »
There is something I don't understand:  ??? ??? ???

- it was previously working.
- you changed nothing and then it failed for machines on LAN while Zentyal was still able to access internet
- http proxy is used
- if you add ISP DNS to machines on LAN, it works!!!

I trust what you explain but it shows something wrong somewhere: if proxy is used, machines on LAN do NOT need to resolve external names. All is done at proxy level. So your test is showing that HTTP proxy is not used (or not working) and also that Zentyal DNS either doesn't work or is not defined as DNS for machines on LAN. It also shows that internal DNS requested are allowed to internet via firewall. Nothing wrong with any of this points if this is the expect behaviour but according to you initial post, I doubt...  :-\

I also understand that your router is embedding DNS. Does it also provide firewall features or even HTTP proxy that may prevent your conf to work properly? In order to ease investigation, I would suggest to use this component as router only  8)

christian

  • Guest
Re: No more internet access for my lan :-(
« Reply #6 on: September 02, 2011, 07:59:55 pm »
Or... I just realize this, your set up is made to use transparent proxy...  ;D
Could you confirm this?

Some side effects are to be expected with transparent proxy. One is the need for machines on the LAN to resolve internet names. And this is not going to be easier (at least in term of investigation and debugging) when next Zentyal version will provide transparent DNS.  :(
All these "transparent" stuff are just helping user to not understand. If it work, that's fine. When it doesn't, as everything is transparent, you don't know where to look at  ;D ;D ;D

miquel

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: No more internet access for my lan :-(
« Reply #7 on: September 02, 2011, 09:52:07 pm »
> - it was previously working.

True. It worked fine, at least, until August 30 at 19:00.

> - you changed nothing and then it failed for machines on LAN while Zentyal was still able to access internet

That is. I detected this problem Agust 31 at 08:00

And worse (or not?): I can reproduce this odd behaviour in a clean install (same hardware, of course).

> - http proxy is used

Rigth too. BTW, enabling and disabling it, nothing seems to change.

> - if you add ISP DNS to machines on LAN, it works!!!

At least it worked today at 19:00 (and I hope tomorrow it still working)

> Or... I just realize this, your set up is made to use transparent proxy...  ;D
> Could you confirm this

Yes. It has been always enabled (last two days I did some test disabling it for a few minutes and enabled again).

> So your test is showing that HTTP proxy is not used (or not working)

Any idea to investigate it deeper?

Kubuntu 10.04.3 64bits (linux-server)
AMD 4850e
4GB RAM
2 x 1Tb as RAID1 + LVM
Router Huawei HG556a (Vodafone)
eth0 (internal): build in, 192.168.11.XXX
eth0 (external): pci, 192.168.0.XXX

(at home I've an identical box but different router, both available for any kind of test)

Cheers.
Miquel.