help needed with www access and router setup problem

From: Paul Wheeler (paulwheeler_at_qwest.net)
Date: 02/06/04 

Date: Fri, 06 Feb 2004 12:29:53 -0700

I am running RH 9.0 with the stock kernel 2.4.20-8 after a clean
install. The system was able to access the internet just fine through a
hub, before I started experimenting with two physical routers.

I am trying to set up two subnets using two physical routers. I moved
the WAN and NIC cables to a D-Link router. Although my system could
talk to the router through Mozilla, it was unable to see anything on the
web (could not resolve internet addresses). While trying to fix that
problem, I did something which caused my system to not be able to find
the net even when I put everything back to the hub.

While connected to the router, I ran ifconfig which gave me this:
eth0 Link encap:Ethernet HWaddr 00:40:F4:86:E3:9D
           inet addr:10.10.10.2 Bcast:10.10.10.255 Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
<snip>

lo Link encap:Local Loopback
           inet addr:127.0.0.1 Mask:255.0.0.0
           UP LOOPBACK RUNNING MTU:16436 Metric:1
<snip>

So, the router is assigning an address to my nic card for my first local
network. When I connect it back to the hub the address is what I expect
from qwest: 130.x.x.x.

I ran "ifdown eth0" and confirmed that it was indeed down because only
"lo" was shown when I ran ifconfig again.

I ran "ifup eth0" and confirmed that it was indeed up again.

My system could talk to the router through Mozilla, but it was still
unable to see anything on the web.

When I ran route, I got this:
[root@MainDesktop root]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
169.254.0.0 * 255.255.0.0 U 0 0
0 eth0
10.10.10.0 * 255.255.255.0 U 0 0
0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.10.10.1 0.0.0.0 UG 0 0
0 eth0

I am assuming that the 169.254.0.0 address was inserted by Qwest.net as
part of the DHCP when I was connected thru the hub.

I have tried adding and deleting lines to route, but keep getting errors:
typing this command: route del -net 169.254.0.0
results in this response: SIOCDELRT: Invalid argument

One book suggested that I add routes to "/etc/sysconfig/static-routes",
but I did not find that file.

What have I done to kill web access, and how do I fix it? I know I
could just re-install linux, but I really want to know what is wrong.

Thanks for the help.

Paul

Here are various other files I checked:

[root@MainDesktop root]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
USERCTL=no
PEERDNS=no
TYPE=Ethernet

[root@MainDesktop root]# hostname
MainDesktop.LinuxNet
[root@MainDesktop root]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=MainDesktop.LinuxNet

[root@MainDesktop root]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.10.10.1 D-LinkRouter
127.0.0.1 MainDesktop.LinuxNet Linux1

[root@MainDesktop root]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script

[root@MainDesktop root]# grep hosts /etc/nsswitch.conf
#hosts: db files nisplus nis dns
hosts: files dns

[root@MainDesktop root]# cat /etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0
--dport 67:68
-i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0
--dport 67:68
-i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

This line in the iptables file looks suspicious to me:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT