Can only access Debian website through proxy
in [Debian]
|
Prev: Onboard ethernet adapter lights not flash anymore... Network not connect too!
Next: How to use two displaies
From: pierre poulos on 6 Aug 2010 09:00 On 8/5/10, Jochen Schulz <ml(a)well-adjusted.de> wrote: > George-Cristian Bîrzan: >> On Thu, 2010-08-05 at 21:56 +1000, pierre poulos wrote: >>> Cannot initiate the connection to security.debian.org:21 >>> (2001:388:1034:2900::26). - connect (101 Network is unreachable) [IP: >>> 2001:388:1034:2900::26 21] >> >> Try, as root: >> sysctl -w net.ipv6.conf.all.disable_ipv6=1 >> >> You seem to have a default route for IPv6, but no connectivity, so if >> you want IPv6, you could try to fix that. > > ACK, that appears to be the problem. To make the sysctl setting > permanent, you need to edit /etc/sysctl.conf and add a line > > net.ipv6.conf.all.disable_ipv6=1 > > J. > -- > My memories gild my life with rare transcendance. > [Agree] [Disagree] > <http://www.slowlydownward.com/NODATA/data_enter2.html> > Ok, as root.. /home/pierre# sysctl -w net.ipv6.conf.all.disable_ipv6=1 error: "net.ipv6.conf.all.disable_ipv6" is an unknown key Next -- Look for file /etc/sysctl.conf --OK found it Now, insert Jochens line --OK done The file now shows.. # # /etc/sysctl.conf - Configuration file for setting system variables # See /etc/sysctl.d/ for additonal system variables # See sysctl.conf (5) for information. # #kernel.domainname = example.com # Uncomment the following to stop low-level messages on console #kernel.printk = 4 4 1 7 ##############################################################3 # Functions previously found in netbase # # Uncomment the next two lines to enable Spoof protection (reverse-path filter) # Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks #net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1 # Uncomment the next line to enable TCP/IP SYN cookies # This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167), # and is not recommended. #net.ipv4.tcp_syncookies=1 # Uncomment the next line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1 # Uncomment the next line to enable packet forwarding for IPv6 #net.ipv6.conf.all.forwarding=1 ################################################################## net.ipv6.conf.all.disable_ipv6=1 ################################################################### # Additional settings - these settings can improve the network # security of the host and prevent against some network attacks # including spoofing attacks and man in the middle attacks through # redirection. Some network environments, however, require that these # settings are disabled so review and enable them as needed. # # Ignore ICMP broadcasts #net.ipv4.icmp_echo_ignore_broadcasts = 1 # # Ignore bogus ICMP errors #net.ipv4.icmp_ignore_bogus_error_responses = 1 # # Do not accept ICMP redirects (prevent MITM attacks) #net.ipv4.conf.all.accept_redirects = 0 #net.ipv6.conf.all.accept_redirects = 0 # _or_ # Accept ICMP redirects only for gateways listed in our default # gateway list (enabled by default) # net.ipv4.conf.all.secure_redirects = 1 # # Do not send ICMP redirects (we are not a router) #net.ipv4.conf.all.send_redirects = 0 # # Do not accept IP source route packets (we are not a router) #net.ipv4.conf.all.accept_source_route = 0 #net.ipv6.conf.all.accept_source_route = 0 # # Log Martian Packets #net.ipv4.conf.all.log_martians = 1 # # The contents of /proc/<pid>/maps and smaps files are only visible to # readers that are allowed to ptrace() the process # kernel.maps_protect = 1 Now, reboot the machine Now I try www.debian.org with no proxy and... still no connection :-( Oh and btw, I don't think I have ever used IPv6. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/AANLkTim-FJ+1BD82K-ydFBZSpHZPN++PDRVdMzNydAW6(a)mail.gmail.com
From: George-Cristian Bîrzan on 6 Aug 2010 09:10 On Fri, 2010-08-06 at 22:58 +1000, pierre poulos wrote: > Ok, as root.. > > /home/pierre# sysctl -w net.ipv6.conf.all.disable_ipv6=1 > error: "net.ipv6.conf.all.disable_ipv6" is an unknown key > > [snip] > > Now, reboot the machine > Now I try www.debian.org with no proxy and... still no connection :-( If your kernel doesn't support that (it might be a newer sysctl, though my 2.6.18 machines have it...), it doesn't help putting it in sysctl.conf. What kernel version are you using? > Oh and btw, I don't think I have ever used IPv6. Alternatively, I guess you could add to /etc/modprobe.d/blacklist.conf a line that says: blacklist ipv6 then reboot. That should prevent the module from being loaded in the first place. If you compiled your own kernel and built in support for IPv6, you might just disable IPv6 for iceweasel. Go to about:config and enable network.dns.disableIPv6. Either that, or get a Debian kernel. :-) -- George-Cristian Bîrzan -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/1281100154.30379.1798.camel(a)gcbirzan
From: George-Cristian Bîrzan on 6 Aug 2010 09:30 On Fri, 2010-08-06 at 16:09 +0300, George-Cristian Bîrzan wrote: > ively, I guess you could add to /etc/modprobe.d/blacklist.conf a > line that says: > > blacklist ipv6 > > then reboot. That should prevent the module from being loaded in the > first place. If you compiled your own kernel and built in support for > IPv6 Actually, it seems IPv6 support has been builtin in Debian kernels since June last year. Shows how much I use it. :-) Apparently, the proper way to disable IPv6 is to append ipv6.disable=1 to your kernel line in grub. If you're using grub legacy, go to /boot/grub/menu.lst and add "ipv6.disable=1" to the line saying: # defoptions= (Leave it commented, and if it already has something, just add a space at the end, then the ipv6.disable=1 bit). If you're using grub2, go to /etc/default/grub and add it to the GRUB_CMDLINE_LINUX="root=/dev/somethin" line, add a space then ipv6.disable=1. -- George-Cristian Bîrzan -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/1281100941.30379.1806.camel(a)gcbirzan
From: George-Cristian Bîrzan on 6 Aug 2010 09:30 On Fri, 2010-08-06 at 16:22 +0300, George-Cristian Bîrzan wrote: > On Fri, 2010-08-06 at 16:09 +0300, George-Cristian Bîrzan wrote: > > ively, I guess you could add to /etc/modprobe.d/blacklist.conf a > > line that says: > > > > blacklist ipv6 > > > > then reboot. That should prevent the module from being loaded in the > > first place. If you compiled your own kernel and built in support for > > IPv6 > > Actually, it seems IPv6 support has been builtin in Debian kernels since > June last year. Shows how much I use it. :-) > > Apparently, the proper way to disable IPv6 is to append ipv6.disable=1 > to your kernel line in grub. If you're using grub legacy, go > to /boot/grub/menu.lst and add "ipv6.disable=1" to the line saying: > > # defoptions= > > (Leave it commented, and if it already has something, just add a space > at the end, then the ipv6.disable=1 bit). > > If you're using grub2, go to /etc/default/grub and add it to the > > GRUB_CMDLINE_LINUX="root=/dev/somethin" line, add a space then > ipv6.disable=1. Sigh. Not my best day today. After you do these, run update-grub to actually update the config file, then reboot. -- George-Cristian Bîrzan -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/1281101011.30379.1807.camel(a)gcbirzan
From: Camaleón on 7 Aug 2010 10:20 El 2010-08-07 a las 20:16 +1000, pierre poulos escribió: (resending to the list) > On Fri, 2010-08-06 at 16:22 +0300, George-Cristian Bîrzan wrote: > > On Fri, 2010-08-06 at 16:09 +0300, George-Cristian Bîrzan wrote: > > > ively, I guess you could add to /etc/modprobe.d/blacklist.conf a > > > line that says: > > > > > > blacklist ipv6 > > > > > > then reboot. That should prevent the module from being loaded in the > > > first place. If you compiled your own kernel and built in support for > > > IPv6 > > > > Actually, it seems IPv6 support has been builtin in Debian kernels since > > June last year. Shows how much I use it. :-) > > > > Apparently, the proper way to disable IPv6 is to append ipv6.disable=1 > > to your kernel line in grub. If you're using grub legacy, go > > to /boot/grub/menu.lst and add "ipv6.disable=1" to the line saying: > > > > # defoptions= > > > > (Leave it commented, and if it already has something, just add a space > > at the end, then the ipv6.disable=1 bit). > > > > If you're using grub2, go to /etc/default/grub and add it to the > > > > GRUB_CMDLINE_LINUX="root=/dev/somethin" line, add a space then > > ipv6.disable=1. > > Sigh. Not my best day today. After you do these, run update-grub to > actually update the config file, then reboot. > > -- > George-Cristian Bîrzan > > Ok, I have done so, then rebooted.. tried Iceweasel- No luck, tried > Google Chrome- No luck :-( > > Okay guys, thank you all very much for attempting to help me with this > problem, but I think > it is a problem I must learn to live with with my current Lenny setup. > Can anybody suggest a security update entry for my sources.list that > my apt-get will be able to use ? Read my last post. Maybe we have found the source of the problem. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100807135545.GB9279(a)stt008.linux.site
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Onboard ethernet adapter lights not flash anymore... Network not connect too! Next: How to use two displaies |