[CALUG] 10.04 broke my wireless and ssh
Ed Browne
edward_d_browne at yahoo.com
Tue Jun 1 17:30:43 EDT 2010
Thanks for all the excellent and detailed instructions. In answer
to the first question, yes, it's an actual upgrade. After I get my
important stuff transferred off, I guess I'll wipe it and re-install.
I'm downloading 10.04 now, I'll do the live CD test first.
WRT SSH, yes, I can connect to myself with ssh. Also,
I thought from the 'ufw status' => 'inactive' command
that neither iptables nor any other firewall was active,
my bad. In fact, iptables, the bane of my existence, shows
a whole bunch of crap (see below). I'd like to make it go
away for openers and get about my business. I'll continue
to work on it. Thanks very much again - Ed
root at brazil:/var/log# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- router anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- router anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.1.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- brazil router tcp dpt:domain
ACCEPT udp -- brazil router udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
root at brazil:/var/log#
----- Original Message ----
> From: Sean Wilkerson <swilkerson at aplura.com>
> To: calug at unknownlamer.org
> Sent: Tue, June 1, 2010 7:29:16 PM
> Subject: Re: [CALUG] 10.04 broke my wireless and ssh
>
> Ed,
# Fresh Install
I agree with the John who said a fresh install
> might fix this problem.
One of the fantastic features of Debian-based systems
> (This includes
Ubuntu) is their upgradeability. This is particularly
> useful and
manageable on servers. Unfortunately, the upgrade doesn't
> always work
well when in laptop/desktop environments. The problem is,
> during an
upgrade your package manager attempts to bring each piece of
> software up
to the latest rev and attempts to maintain any user-configured
> settings.
In a laptop/desktop you have many packages that are closely
> aligned
with your hardware. This is not the case with most server
> installs.
During a fresh install, the system hardware would be evaluated
> to
determine the best drivers and packages to support them.
Between your
> $PREVIOUS and $CURRENT version, there may have been changes
in the driver
> used for your hardware that wasn't just an upgrade of the
package. A
> fresh-install would re-evaluate your hardware and attempt to
load the best
> match.
# Before Fresh Install
Before you go through the effort of
> reinstall, run the Ubuntu liveCD and
find out a few things:
- Is your
> hardware's wireless adapter discovered?
- Does it work?
- If so, what
> driver does it use?
Once you are armed with this info, go back to your
> upgraded Ubuntu
instance, and attempt to load the driver discovered with the
> liveCD.
This might be enough to get around your network problem.
# SSH
> Issue
This is an entirely different story and should not be as impacted
> by
driver (IMHO).
A few points:
- You didn't provide very much detail,
> so please respond if this is the
wrong track
- The logs you provided are
> netfilter logs showing the firewall LOGGED
the tcp/22 connection.
> Without seeing the firewall policy we don't know
if this was DROPPED or
> ACCEPTED. Run 'iptables --list' and see if
ssh/22 is listed. If
> not, this log entry may have been part of your
explicit "DROP" rule near the
> end of your policy.
- Aside from a firewall issue:
-- Do a 'netstat -an |
> grep LISTEN | grep -v ING' and see if you see 22
open/bound.
-- Can you
> ssh to yourself from the host in question?
-- What does a packet capture show
> (I would use something like: 'tcpdump
-nnvvi eth0 port 22'
-- From a
> remote system do you see the port available at all?
# Soapbox on Upgrades
> and Partitions on Linux
- I have many linux distros install on my laptop
> (primary work/life system)
- use an LVM for each "root" filesystem to
> install
-- For test distros I make these 4GB and if it will be a primary
> distro
I make it 6GB.
- I have an LVM for each:
-- /home/my
-- my
> media (music, pics, movies)
-- my work
-- my data/backups
-- my special
> dirs
- For each linux distro, I copy-past my cutom /etc/fstab (uses UUIDs
> and
not DM names) file into that dist to have all of my data/info
> be
available when/where I need it
- Here is my process of doing a fresh
> install (it takes abt 25 min)
-- Boot laptop to install media (With Ubuntu
> use the alternate installer
NOT the live installer)
-- Do normal install
> until partitioning. During partitioning, create
new LVM under existing
> (discovered) volume group. Install OS there and
then install kernel to
> existing /boot (default). Ensure no other
partitions are touched.
--
> Boot
-- Note: The Ubuntu installer will rename everything in your
> grub.conf
to point to the new distro kernel version. I maintain this
> file
separately and will replace it and hand-edit to add the
> new
kernel/distro in when necessary.
The end-result is, that I can
> "try-out" a new version in less than 30
min. Using this method, you can
> do an LVM copy (dd) and attempt an
upgrade to see the effect on your
> system/applications.
I have been working this way for many years and
> think it provides me
lots of independence and *choice* which is what Linux is
> all about.
Let me know if you need more details.
Sean
On
> 06/01/2010 01:38 PM, John L. Cunningham wrote:
> On Tue, Jun 01, 2010 at
> 09:53:56AM -0700, Ed Browne wrote:
>>
>> Hi,
>>
> I did the upgrade to Ubuntu 10.04 as soon as it came
>> out,
> and a couple of problems spontaneously appear which
>> I can't seem to
> resolve.
>
> Did you really upgrade, or did you do a fresh
> install? Upgrades can
> cause problems such as you describe, and
> they take ages to resolve if
> you try to hunt them down. My advice
> would be to do a fresh install. I
> would not be surprised if your
> problems disappear.
>
> John
>
>
> _______________________________________________
> CALUG mailing
> list
>
> href="mailto:CALUG at unknownlamer.org">CALUG at unknownlamer.org
>
> http://lists.unknownlamer.org/listinfo/calug
_______________________________________________
CALUG
> mailing list
> href="mailto:CALUG at unknownlamer.org">CALUG at unknownlamer.org
> href="http://lists.unknownlamer.org/listinfo/calug" target=_blank
> >http://lists.unknownlamer.org/listinfo/calug
More information about the CALUG
mailing list