[SOLVED - fully] apt-get and FTP not working with router, everything else works ok

Are you sure a firewall or similar isn't blocking or closing ports 21 & 22 ? That would sure kill ftp.

Sure with 21 & 22 blocked you /could/ use http to download, just not ftp.

Ken
--
In a world without walls and fences nobody needs Windows and Gates!
User #104362 with the Linux Counter, http://counter.li.org

These are the active repos in my sources.list

deb http://apt.mepis.org/6.0/ mepis main
deb http://archive.ubuntu.com/ubuntu/ breezy main restricted
deb http://archive.ubuntu.com/ubuntu/ dapper main restricted
deb http://security.ubuntu.com/ubuntu/ dapper-security main
deb http://archive.ubuntu.com/ubuntu/ dapper-updates main restricted
deb http://archive.ubuntu.com/ubuntu/ dapper universe
deb http://archive.ubuntu.com/ubuntu/ dapper multiverse

Not one of them is ftp, so that cancels out any possibility of ports 21 & 22 causing the problem - or does it?

Here's the list of errors showing port 80 (http)
root@5[michael]# apt-get update
Err http://apt.mepis.org mepis Release.gpg
Could not connect to apt.mepis.org:80 (1.0.0.0), connection timed out
Err http://security.ubuntu.com dapper-security Release.gpg
Could not connect to security.ubuntu.com:80 (1.0.0.0), connection timed out
Err http://archive.ubuntu.com breezy Release.gpg
Could not connect to archive.ubuntu.com:80 (1.0.0.0), connection timed out
Err http://archive.ubuntu.com dapper Release.gpg
Could not connect to archive.ubuntu.com:80 (1.0.0.0), connection timed out
Err http://archive.ubuntu.com dapper-updates Release.gpg
Could not connect to archive.ubuntu.com:80 (1.0.0.0), connection timed out
Failed to fetch http://apt.mepis.org/6.0/dists/mepis/Release.gpg Could not connect to apt.mepis.org:80 (1.0.0.0), connection timed out
Failed to fetch http://archive.ubuntu.com/ubuntu/dists/breezy/Release.gpg Could not connect to archive.ubuntu.com:80 (1.0.0.0), connection timed out
Failed to fetch http://archive.ubuntu.com/ubuntu/dists/dapper/Release.gpg Could not connect to archive.ubuntu.com:80 (1.0.0.0), connection timed out
Failed to fetch http://security.ubuntu.com/ubuntu/dists/dapper-security/Release.gpg Could not connect to security.ubuntu.com:80 (1.0.0.0), connection timed out
Failed to fetch http://archive.ubuntu.com/ubuntu/dists/dapper-updates/Release.gpg Could not connect to archive.ubuntu.com:80 (1.0.0.0), connection timed out
Reading package lists... Done
W: Some index files failed to download, they have been ignored, or old ones used instead.

Mike P

By the way Ken, I love your signature.

The whole issue is not related to firewalls blocking traffic because as I said before, everything else worked. It's related to the DNS Server, and it appears to be totally disconnected from my system or hardware in general because nothing I know uses the address.

rtowen from Mepislovers provided the answer.

In the Mepis Old OS Centre, under the Network Interfaces selector, click on the DNS tab and change the setting to:
Use static DNS
Primary DNS Server: 4.2.2.1
Secondary DNS Server: 4.2.2.2

Click Apply, the change takes place immediately, click close and the broken services work.

What the heck is all that about and why is it stuffed up in the first place? What a hassle to have to go through all that every time I want to ftp or use apt. Cmon developers, I know you can do better than this.

On the good side though, a massive thumbs up, hooray, jump for joy and do backflips for making the rc1 cd eject at shut-down. I have so long waited for this one thing.

Mike P

I've had some trouble with this trying to log on as 'anonymous' when i had a username in the proper box. I had to delete that and type it in again to succeed.
would you try ftp from the command line to see if you can connect?

As per the above post, not only did the procedure "fix" apt, but it also "fixed" the ftp problem.

Once I had set the dns server as above, everything worked perfectly, and that's where I'm a little concerned, because while I have a limited understanding of networks, this scenario leads me to thinking that the setting above changes the dns server to a box somewhere on the internet, and this may become, or already be a security breach, so I filed a bug report.

Mike P

Hey mike
Do a whois on 4.2.2.1. It is a dns server. You need dns servers to do name resolutions. If you are using DHCP to automatically get you IP address, then the DHCP server should give you your DNS servers (usually 3 for redundacy). If you are using a static IP address then you will need to use static DNS servers such as those above but would probably work faster with the dns servers from your ISP. See wikipedia for a brief introduction to DNS (Domain Name System).

I don't think it is the developers problem. I suspect that if you are using DHCP to get your IP address that the DHCP server is not sennding you the address of the DNS servers. Without knowing how your network is set up I can't tell.

Both networks I connect to use dhcp with default settings on the routers, except for mac address filtering and wep for the wireless.

FTP works flawlessly (as well as can be with the bug ridden redmond ripoff) with wsftp pro in Windows, so my network setup has nothing to do with the "blockage".

If windows can get around the dns issue, maybe there is something missing in the Linux camp for interpreting the filtered data stream from the router? I know I'm talking like a novice here because I should know better than that, but why wouldn't ftp work in Linux when it works fine in windows? Does apt look only at the immediate dns server and not beyond that? maybe it's a firewall issue that only presents itself when certain routers are present, even though both have ftp traffic allowed?

This is why I am presuming this may be a fault with the Mepis setup. Either way, I'll still query D-Link about this, as they are the manufacturers of my routers and they may be able to shed some light. I saw some posts on the Ubuntu forums where people with the same router as I have and other Boradcom routers had the same issues, but theirs was fixed by removing a line from a file. Not in Linux right now, can't look it up, but if I have time when I remember it, I'll edit this post.

Mike P

Mike, I may just be adding confusion to the mix, but a thought crossed my mind. You stated that you are using DHCP to obtain your IP address from the wireless router. If that's the case then you not enter a Gateway Address to/from the router in the Mepis OS Center. However, can you set the gateway on the router?

I don't know anything about configuring the D-Link wireless router, but have you checked to see if there are any options on the router to pass the dns server IPs and gateway IP to your computer? It just seems like the router is not giving your computer all the info it needs. And I don't know if that's by error, design, or option

Jon

Sent an email to the level 2 support techs at dlink. I found a note about a former upgrade to an earlier firmware for my router that addressed DNS Pass Through. I have an inkling this may be a related issue.

---EDIT---

They responded only to ask me the same dumb questions they always ask proving they did not read my thread. I will respond with a link and a firm insistance they browse the Linux forums so they can see how widespread this issue is.

Mike P

I have been researching this issue for a few weeks now, because my system has had troubles on and off for some time now, the best part of this year and I need to get to the bottom of it.

It appears to be all related to hardware, not software, though there could be some issues with drivers in some setups. Routers and LAN cards with DHCP are failing all over the place but only when using apt of ftp, all other internet connectivity has full functionality. How can I be so sure? I have a laptop and I do some house or place of business calls fixing up peoples problems (those poor people, they all run windows and 90% of them have viruses - shame they chose the lesser, because I always show them Linux). Many of them have broadband, so I can just plug in to their modems and with their permission, test apt and ftp, so I have in a sense, access to a broad variety of testing stations.

My laptop will not connect to apt while I am at home or work unless I change the dns server in the Mepis OS Centre to a dns server outside of my LAN, instead of the modems built in dns server (identical modems) but apt almost never fails when I connect to a different brand or model of modem, so it's related to hardware, not the sources.list. I can remove my expensive modem and stick in a cheap modem and apt works, same broadband account, default settings all round. I have spent hours trying so many settings including disabling all firewalls in both my laptop and my modem, resetting everything to default many times in the process but still apt would not connect, but put in an el-cheapo modem and it works.

Contact your modem manufacturer and ask them to fix it with a firmware upgrade. In the meantime, use meauto to set your dns server each time you want to run apt of ftp.

Mike P

Mike,

I have just read through all of your analysis above and problems with "moving" dns

I'm sure what I will suggest will not solve all of your problems, but it may take care of some of the situations related to different dns settings in different homes/businesses.

What I have done on my laptop is installed my own dns. This is as simple as doing "apt-get install bind9". Bind then becomes your own local dns. You then need to change /etc/resolv.conf so that it points to 127.0.0.1 (localhost) for all resolution. Now my laptop's bind configuration has not been fully configured so that I can do "ping oneofmysystems" and have it give a reasonable answer. I haven't found a good "howto" on that yet. However, I can perform "nslookup yahoo.com" or "ping zdnet.com" and get resonable answers.

Because I have not fully implemented it, and sometimes need to go to "static" dns, I comment out the other IP addresses in the file and also make multiple copies of resolv.conf

So my suggestion is, rather than worry about the dns settings from the modem/router where you go, take your dns with you. This also adds ammo to the diagnostic toolchest. If you can locate an IP address with "your dns", but you can't locate an address with "their dns" then the problem is related to "their dns" (or hardware).

Having said that, I agree with you to contact the hardware folks and get them to make their firmware work properly!

Jon

I had the same problem, when I changed the router. After changing the resolv.conf to point to the router IP(IP changed when I changed the router), everything worked again.

It's not the solution to my issue, though I'm sure it will help others as they stumble upon this post.

Cheers

Mike P

Machine works fine at base (netcomm - TPG), but chat programs, apt & ftp refuse to work at users place, they have a D-Link and are using AAPT as their ISP.
Not easy to work on this problem as machine is 1800k from base.
Mike P (m_pav) what is the model/revsion/firmware of your D-Link?
Will get the same details from user here and compare, will be a week and a bit (18th July) before I talk to them again.
NH

send an email to (broken up to stop robot email harvesters, replace the "at" with an "@" and the ".dot." for a "." )
pcpavnz
at
gmail.dot.com

I will cc you the communications I have had with Dlink till now if you want them. I have a DSL-G604T, firmware makes no difference.

In the meantime, the last word from their level 2 tech support was they were investigating a buffer overflow, but I don't think that's the problem. Looks like this one will go to their product developers. We have been through the firmware updates to no avail, so I asked if they could dl the latest SM Live CD, install it and emulate the situation on their end.

in the meantime, use the old OS Center and change the DNS server to static 4.2.2.3 anf hit apply if you need to access apt. It won't harm your other settings, and they will be reset when your routers least time expires, or you shut down and restart.

Mike P

Thanks Mike will email you for info, very interested in the out come of this.
I have another client using a D-Link DSL-302G, with NAT enabled, using Optusnet.com.au, they don't have a problem. I confirmed that with them earlier today. APT etc just works.
The plot thickens, I just don't know what end of the stick has got the thicking bits on and which end of the stick I'm holding.
NH

have you tried the whirlpool forums for this problem?
They are most helpful with all sorts of router problems and ISP problems for AU users

The rogue D-Link modem DSL-502T - with DNS problem.
But we know the problem is, will probly not stop the client wiping MEPIS and buying a Windows install. Their loss, "what ever".

So I guess I will just stop using/surporting D-Link modems.
Have found they tend to run hotter than others anyway, that's not good.

Moving on now, nothing to see here...

m_pav, could be a problem with just these D-Link modems for the NZ and Oz area. Just an idea.

Details for DSL-502T that's giving me grief;
Firmware version on modem label = 2.00B01.AT-B
FW version shown via modem interface = 2.00B03.AU_20051124

Quote from; ftp://files.dlink.com.au/products/DSL-502T/REV_A/Firmware/Release_Notes.txt

Did the dhcp fix break the dns side of things?

There is an update for the FW for this model,

Which is only 14 days old, looking at getting client to install this after some other tests.
NH

I used the istabul screen recorder to record the exact sequence of events and uploaded it to my homepages site and directed the Dlink support techs to view it.

This has been escalated to their R&D team, who have duplicated the problem and are trying to find a solution, but due to the complexity of the problem, this may take some time.

That's gotta be really good news for Linux, because in the same email, I gave rise to another issue, their web interfaces were disadvantaging linux users because some functions would not work when used with Firefox, and partially worked when using konqueror, even though the modems themselves are running Linux.

Mike P

Work around (#WIP03) I tried yesterday with D-Link DSL-502T that has DNS problem as m_pav reports, change DNS modem config settings.
So far this is working.

BUT... I don't know yet if this affects local area networking between PC's, ie file & printer sharing.
This is a work in progress, that said, results are so far ok.
I have not got the client to flash their firmware to the lastest version because this job is some 1800km from where I'm at. If the work around does the job they would rather leave it alone.

1) access modem setup page, in my case it's http://10.1.1.1 - user=admin, psw=admin
2) go to DNS config page, change from "Use auto discovered DNS server only" to "Disable DNS relay"
3) enter your ISPs primary DNS server in first/primary DNS data field, in second DNS data field put your modems address, in my case it's 10.1.1.1
4) click apply, still in modem setup GUI, go to "Tools" menu, click "Save & reboot"
5) wait for modem to save and reboot (DO NOT turn off modem while it is saving & rebooting)
6) clear cache in browser, stop and restart all active network interfaces (or reboot computer could be easier). Then check with browser to see if you can surf the internet, may need to clear browser cache again, check to see if Synaptic can "Reload" check for updates etc. Check IM, IRC clients for net access.

If this works for you "jump up & down a bit" and let me know please.
If it doesn't, call me an idiot and let me know as well.

NOTE: there is a "Save modem config to HDD" option in the tools section, good idea to use this first before mucking with settings.
NH

My safecom adsl router modem only gets an internet connection using konquerer or windows using unit basic setup instructions. However disabling ipv6 or alternatively entering the isp dns server addresses in the unit enables a connection.

QUOTE
Safecom NA001> How may I help you?? Could you please type the part number which is in question?
Lily> My gart2-4115 connected to pc's running linux do not get an internet connection using firefox unless I disable ipv6. Also online updates dont work.
Lily> part no ?
Lily> 060407-02655 ?
Safecom NA001> ok
Lily> The inbuilt browser konqueror works fine.
Lily> If I use my old linksys which I am now, all is fine.
Safecom NA001> you mena that on the linux inbuilt brower the internet is fine
Safecom NA001> only you have the problem on the Firefox
Lily> yes
Safecom NA001> you mean that on the linux inbuilt brower the internet is fine
Safecom NA001> ok
Lily> And all other methods of connecting to internet fail.
Safecom NA001> are you sure that IPv6 is disabled properly
Safecom NA001> http://adsltech.com/portal/forum/forum_pos...;PN=1&TPN=3
Safecom NA001> please see the thread above to make sure that the IPv6 is disabled
Lily> no.....its easy to disable in firefox entering about:config, but thats not global.
Safecom NA001> and one thing more try to access any website via its Ip address
Safecom NA001> i mean type 66.249.93.104 in the firefox
Safecom NA001> and then see wehter you can access the google or not
Lily> Thanks will try.
Safecom NA001> ok
Safecom NA001> if you can access the goole by that metheod then its the DNS problem
Safecom NA001> so then you have to enter the DNS manualy in the router web interface
Safecom NA001> ok
Lily> ok
Safecom NA001> if you have supposed to enter the DNS manually then follow the instruction given in the link below
Safecom NA001> http://safecom.cn/code/product/adsl/SART2-...ns-setting.html
Safecom NA001> you are welcome
Safecom NA001> if face problem then dont hasitate to contact us
Safecom NA001> we are there to help you
Safecom NA001> is there any thing else ican do for you now??
Lily> no...thanks

The above is the response from my new modem router manufacturers online help line. Disabling IPv6 is official policy.

I have to say I did not think to try having the first dns server external and the second internal, but whichever way, this did not work when I tried it. My DSL-G604T greyed out the fields for primary and secondary dns when I tried to select disable dns forwarding, so i could not complete the test.

As an aside, I have tried so many different settings and learnt through the process that if I use dns addresses instead of netbios names when browsing shared drives, navigating through shared folders is faster by a long shot, so I have pinned my machines to static addresses by their mac addresses using the routers settings under home tab, dns button, but as far as my machines are concerned, they are getting their IP addresses dynamically.

I have checked multiple times and this setting does not affect the original issue this post is dealing with.

Mike P

Thank you Lily. I am aware of the ipv6 issue and it's never affected my system whilst running Mepis. It was an issue for the 2 hours I had ubuntu on trial on my system, and it was easily remedied, but I could not bring myself to work with ubuntus gnome or kde desktop because they were too restrictive in their viewing optios.

Mike P

D-link sent me a beta firmware to test on my modem, which I did and the problem is totally fixed.

Apt and ftp based programs now have full internet access with all my network settings set to automatic.

For the time being, if you have a D-Link DSL-G604T with a firmware earlier than 28th July 2006, keep checking the D-Link Australia website for an update. It's not posted yet as they may have more testing to do before releasing it as a stable release (we are talking about a Linux system). I am hoping they will apply the same fixes to most of their range of modems and have them available for download in the near future.

A great bug thank you to D-link for working through this complex issue.

Mike P

Thats good news Mike ! I have liked and used D-link hardware and its good to see they are supporting linux users. Actuall im using several of the normal net cards right now. I havent jumped in to wifi yet as im allready wired , but if i get the itch its nice to know there's linux supported hardware.

jim

Great that D-Link have a fix about to come out Mike.
Good to see they care. Puts ones faith back in their product.
Looking forward to flashing the bugs away.
NH

D-Link have an update out for the DSL-G604T - Firmware v2.00B06.AU 20060728
release notes - ftp://files.dlink.com.au/products/DSL-G604T/REV_A/Firmware/Release_Notes.txt

There is an update for the DSL-502T - Firmware v2.00B06.AU 20060808
release notes - ftp://files.dlink.com.au/products/DSL-502T/REV_A/Firmware/Release_Notes.txt
... but it doesn't mention the DNS problem that the release notes for the DSL-G604T does. May need to email the techs. Will do so after I get the chance to test their lastest firmware on the DSL-502T.

Get your firmware updates here - http://www.dlink.com.au/tech/