Firewall settings [Solved]

[pashabear]

Hello, a while back I posted in the Software & Applications forum about my problems, didn't realize it was actually the firewall on my adsl router (I think) that's causing my problems. Anyway, I know nothing on how to set up the firewall to allow the various applications to access the internet, especially Synaptic, Evolution and Gaim. Here is my original post:
http://www.linuxmint.com/forum/viewtopic.php?t=570

As mentioned in that, here is my setup:
D-Link DI-624 Wireless router
DSL-500T modem

The modem is set to make the connection to my provider.
One thing that bugs me is that Windows works fine, and Puppy Linux has no problems either!

[scorp123]

Well, do you have the manuals for your router? Or did you look on D-Link's pages if there are any documents on how to setup and modify your router's firewall settings?

[pashabear]

Well, it seems like it's NOT the firewall after all! To test, I went into my router settings and turned the firewall off, but the problem persisted. Any ideas? As you mentioned in the other forum scorp123, Synaptic uses http and ftp, so I really can't understand why it doesn't work. Plus, as I keep saying Windows and Puppy Linux work fine with this setup! Why not Mint????
pb

[scorp123]

As you mentioned in the other forum scorp123, Synaptic uses http and ftp

Synaptic has its own proxy settings, somewhere in its settings menu ... I don't know it by heart and right now I am on openSUSE 10.2 so I can't go and check.

Did you ever try if "apt-get" would work? e.g. open a terminal and then type:

Code: Select all

sudo apt-get update

It would be interesting to see if you get any error messages here ...

[pashabear]

Well, here are the results of sudo apt-get update
(I've abbreviated them to take up less space, since it's the same error over and over):

Ign http://www.linuxmint.com bianca/ Release.gpg
Ign http://www.linuxmint.com bianca/ Translation-en_US
Ign http://www.linuxmint.com bianca/ Release
Ign http://www.linuxmint.com bianca/ Packages
Hit http://www.linuxmint.com bianca/ Packages
Err http://security.ubuntu.com edgy-security Release.gpg
Could not connect to security.ubuntu.com:80 (1.0.0.0), connection timed out
Err http://archive.ubuntu.com edgy Release.gpg
Could not connect to archive.ubuntu.com:80 (1.0.0.0), connection timed out
Err http://archive.canonical.com edgy-commercial Release.gpg
Could not connect to archive.canonical.com:80 (1.0.0.0), connection timed out
Err http://medibuntu.sos-sts.com edgy Release.gpg
Could not connect to medibuntu.sos-sts.com:80 (1.0.0.0), connection timed out
Err http://kubuntu.org edgy Release.gpg
Could not connect to kubuntu.org:80 (1.0.0.0), connection timed out
...

[pashabear]

Regarding proxy settings, both Firefox and Synaptic are set to
"Direct connection to the Internet"

[scorp123]

Could not connect to medibuntu.sos-sts.com:80 (1.0.0.0), connection timed out

Hey, that's a funny IP address up there?! Can I please have the output of these commands:

Code: Select all

sudo cat /etc/resolv.conf
sudo cat /etc/hosts
sudo route -ven 

If I interpret those error correctly you have a DNS problem.

[pashabear]

Thanks for your continued interest in & efforts to solve my problem... Here is the output of those commands:

Code: Select all

pasha@pooh:~$ sudo cat /etc/resolv.conf
nameserver 192.168.0.1

pasha@pooh:~$ sudo cat /etc/hosts 
127.0.0.1       localhost
127.0.1.1       pooh

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

pasha@pooh:~$ sudo route -ven
Kernel IP routing table
Destination     Gateway         Genmask            Flags    MSS Window  irtt Iface
192.168.0.0     0.0.0.0            255.255.255.0   U           0       0                 0 eth0
0.0.0.0             192.168.0.1     0.0.0.0                UG         0      0                 0 eth0

[pashabear]

By the way, my Wi-fi router is at 192.168.0.1 and my ADSL modem at 192.168.1.1
As I mentioned before I'm pretty ignorant about all this stuff, sorry if I'm just stating the obvious.

[scorp123]

By the way, my Wi-fi router is at 192.168.0.1 and my ADSL modem at 192.168.1.1
As I mentioned before I'm pretty ignorant about all this stuff, sorry if I'm just stating the obvious.

I need this output

Code: Select all

sudo ifconfig -a

Your resolv.conf claims that your Wi-Fi Router 192.168.0.1 is acting as DNS server?? Is that true? Can you please run some tests:

Code: Select all

nslookup www.google.com
nslookup www.linuxmint.com
nslookup www.ubuntu.com

If "nslookup" doesn't work, try "ping" instead. Not exactly the same, but it will give me a few hints nontheless ...

[pashabear]

OK, here is the output:

Code: Select all

pasha@pooh:~$ sudo ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:0E:A6:B2:E6:34  
          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:341 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:356363 (348.0 KiB)  TX bytes:42647 (41.6 KiB)
          Interrupt:185 Base address:0xe800 

eth1      Link encap:Ethernet  HWaddr 00:0C:F1:2C:66:A3  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:177 Base address:0x2000 Memory:fe8fe000-fe8fefff 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:100 (100.0 b)  TX bytes:100 (100.0 b)

pasha@pooh:~$ nslookup www.google.com
Server:         192.168.0.1
Address:        192.168.0.1#53

Non-authoritative answer:
www.google.com  canonical name = www.l.google.com.
Name:   www.l.google.com
Address: 216.239.59.147
Name:   www.l.google.com
Address: 216.239.59.99
Name:   www.l.google.com
Address: 216.239.59.103
Name:   www.l.google.com
Address: 216.239.59.104

pasha@pooh:~$ nslookup www.linuxmint.com
Server:         192.168.0.1
Address:        192.168.0.1#53

Non-authoritative answer:
Name:   www.linuxmint.com
Address: 85.25.140.189

pasha@pooh:~$ nslookup www.ubuntu.com
Server:         192.168.0.1
Address:        192.168.0.1#53

Non-authoritative answer:
Name:   www.ubuntu.com
Address: 82.211.81.166

[pashabear]

Looking at the setup of my router and modem, I see they both have DHCP server enabled. Should this be so? If not, which one should I turn off?
The router is set for "Dynamic IP Address".
Also, DNS Relay is set to enabled on the router, and on the modem under "DNS Relay section" the option is set to "Use Auto Discovered DNS Server Only"

[scorp123]

No, don't touch anything yet. DNS resolution obviously works. Try this:

Code: Select all

ping security.ubuntu.com
ping medibuntu.sos-sts.com

This should work I guess?

Let's try this:

Code: Select all

sudo dpkg -L nscd

If you get an error that it isn't installed: Good. If it is installed: remove it:

Code: Select all

apt-get remove nscd

Last but not least:

Code: Select all

sudo cat /etc/apt/apt.conf
sudo cat /etc/apt/sources.list

[pashabear]

OK, here goes:

Code: Select all

pasha@pooh:~$ ping security.ubuntu.com
PING security.ubuntu.com (82.211.81.138) 56(84) bytes of data.
64 bytes from security.ubuntu.com (82.211.81.138): icmp_seq=1 ttl=45 time=168 ms
64 bytes from security.ubuntu.com (82.211.81.138): icmp_seq=2 ttl=45 time=164 ms
64 bytes from security.ubuntu.com (82.211.81.138): icmp_seq=3 ttl=45 time=166 ms
64 bytes from security.ubuntu.com (82.211.81.138): icmp_seq=4 ttl=45 time=170 ms

--- security.ubuntu.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 164.814/167.611/170.715/2.222 ms
pasha@pooh:~$ ping medibuntu.sos-sts.com
PING medibuntu.sos-sts.com (88.191.42.241) 56(84) bytes of data.
64 bytes from medibuntu.sos (88.191.42.241): icmp_seq=1 ttl=48 time=169 ms
64 bytes from medibuntu.sos (88.191.42.241): icmp_seq=2 ttl=48 time=167 ms
64 bytes from medibuntu.sos (88.191.42.241): icmp_seq=3 ttl=48 time=165 ms
64 bytes from medibuntu.sos (88.191.42.241): icmp_seq=4 ttl=48 time=167 ms

--- medibuntu.sos-sts.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 165.795/167.603/169.279/1.301 ms

pasha@pooh:~$ sudo dpkg -L nscd
Package `nscd' is not installed.

pasha@pooh:~$ sudo cat /etc/apt/apt.conf 
cat: /etc/apt/apt.conf: No such file or directory

pasha@pooh:~$ sudo cat /etc/apt/sources.list
## comments (##) in front of any line to remove it from being checked.   
## Use the following sources.list at your own risk.  

## UBUNTU REPOSITORIES
deb http://archive.ubuntu.com/ubuntu edgy main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu edgy main restricted universe multiverse

## UBUNTU PROPOSED UPDATES
deb http://archive.ubuntu.com/ubuntu edgy-proposed main restricted universe multiverse

## MAJOR BUG FIX UPDATES produced after the final release
deb http://archive.ubuntu.com/ubuntu edgy-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu edgy-updates main restricted universe multiverse

## UBUNTU SECURITY UPDATES
deb http://security.ubuntu.com/ubuntu edgy-security main restricted universe multiverse
deb-src http://security.ubuntu.com/ubuntu edgy-security main restricted universe multiverse

## BACKPORTS REPOSITORY (Unsupported.  May contain illegal packages.  Use at own risk.)
deb http://archive.ubuntu.com/ubuntu edgy-backports main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu edgy-backports main restricted universe multiverse
                                   
## CANONICAL COMMERCIAL REPOSITORY (Hosted on Canonical servers, not Ubuntu
## servers. RealPlayer10, Opera, DesktopSecure and more to come.) 
deb http://archive.canonical.com/ubuntu edgy-commercial main

## AMAROK 1.4.5
deb http://kubuntu.org/packages/amarok-145 edgy main

## MEDIBUNTU
deb http://medibuntu.sos-sts.com/repo/ edgy free non-free

## LINUX MINT
deb http://www.linuxmint.com/repository bianca/

[scorp123]

I don't get it .... in my opinion and according to the output of all the commands we tried everything should be tip top and just work??

Can you please boot the Mint Live CD and really make sure there is no file missing in /etc/apt ?

e.g. on your HD installation:

Code: Select all

ls -alR /etc/apt

And then again when running in Live CD mode ... just to be sure you didn't by accident delete something.

[pashabear]

OK, here is the output (of ls -alR /etc/apt) from my installed Mint:

Code: Select all

/etc/apt:
total 56
drwxr-xr-x   4 root root  4096 2007-02-16 04:37 .
drwxr-xr-x 111 root root  4096 2007-02-28 10:17 ..
drwxr-xr-x   2 root root  4096 2007-02-23 18:14 apt.conf.d
-rw-------   1 root root     0 2006-10-25 19:27 secring.gpg
-rw-r--r--   1 root root  1584 2007-02-15 21:05 sources.list
drwxr-xr-x   2 root root  4096 2006-09-28 05:44 sources.list.d
-rw-r--r--   1 root root   783 2006-11-12 00:15 sources.list.orig
-rw-------   1 root root  1200 2006-11-12 23:28 trustdb.gpg
-rw-r--r--   1 root root 25319 2007-01-18 04:58 trusted.gpg

/etc/apt/apt.conf.d:
total 36
drwxr-xr-x 2 root root 4096 2007-02-23 18:14 .
drwxr-xr-x 4 root root 4096 2007-02-16 04:37 ..
-rw-r--r-- 1 root root  138 2006-09-28 05:44 01ubuntu
-rw-r--r-- 1 root root   80 2006-09-12 03:19 05aptitude
-rw-r--r-- 1 root root  129 2006-04-02 14:33 10periodic
-rw-r--r-- 1 root root   85 2006-04-02 14:33 20archive
-rw-r--r-- 1 root root  223 2006-06-27 18:54 50unattended-upgrades
-rw-r--r-- 1 root root  182 2006-07-24 21:19 70debconf
-rw-r--r-- 1 root root  116 2006-04-02 14:33 99update-notifier

/etc/apt/sources.list.d:
total 8
drwxr-xr-x 2 root root 4096 2006-09-28 05:44 .
drwxr-xr-x 4 root root 4096 2007-02-16 04:37 ..

And from the Live CD:

Code: Select all

/etc/apt:
total 30
drwxr-xr-x   4 root root   133 2007-02-15 22:37 .
drwxr-xr-x 126 root root  1960 2007-02-27 10:32 ..
drwxr-xr-x   2 root root   131 2007-01-27 17:24 apt.conf.d
-rw-------   1 root root     0 2006-10-25 13:27 secring.gpg
-rw-r--r--   1 root root  1584 2007-02-15 15:05 sources.list
drwxr-xr-x   2 root root     3 2006-09-27 23:44 sources.list.d
-rw-r--r--   1 root root   783 2006-11-11 18:15 sources.list.orig
-rw-------   1 root root  1200 2006-11-12 17:28 trustdb.gpg
-rw-r--r--   1 root root 25319 2007-01-17 22:58 trusted.gpg

/etc/apt/apt.conf.d:
total 4
drwxr-xr-x 2 root root 131 2007-01-27 17:24 .
drwxr-xr-x 4 root root 133 2007-02-15 22:37 ..
-rw-r--r-- 1 root root 138 2006-09-27 23:44 01ubuntu
-rw-r--r-- 1 root root  80 2006-09-11 21:19 05aptitude
-rw-r--r-- 1 root root 129 2006-04-02 08:33 10periodic
-rw-r--r-- 1 root root  85 2006-04-02 08:33 20archive
-rw-r--r-- 1 root root 223 2006-06-27 12:54 50unattended-upgrades
-rw-r--r-- 1 root root 182 2006-07-24 15:19 70debconf
-rw-r--r-- 1 root root 116 2006-04-02 08:33 99update-notifier

/etc/apt/sources.list.d:
total 0
drwxr-xr-x 2 root root   3 2006-09-27 23:44 .
drwxr-xr-x 4 root root 133 2007-02-15 22:37 ..

[scorp123]

No idea .... in my opinion it should just work.

[pashabear]

Anyone else have any ideas? Or is there another forum where I can ask?

[Husse]

There is a lot of output here
But take a look at my post
http://www.linuxmint.com/forum/viewtopic.php?t=1410
If the IP of some DNS servers are not set in Network manager Firefox but not Synaptics can connect. When I look at the output from connection attempts I see the same as you, like "Could not connect to security.ubuntu.com:80 (1.0.0.0), connection timed out" and specifically that IP adress.
It seems that Firefox can utilize DNS forwarding but not Synaptics and "apt-get", because if I don't set the IP address of some DNS server the IP of my router is set as DNS server.
So find out the IP of your DNS server(s) and add them to a location.
Network Manager (mintConfig/networking/Network - configure your settings)

[pashabear]

Well, it's interesting to me that someone else has the same problem, but unfortunately I can't seem to find any other address for a DNS server except my router. I tried putting in the address of my modem but that didn't help. Windows also shows my router's address as its DNS server.