[olug] Linux networking weirdness
Dan Linder
dan at linder.org
Mon Oct 26 16:41:30 CDT 2015
Could it be something as simple as a dead/dying NIC in the firewall?
Where you've replaced cables and the laptop was able to communicate (albeit
with a new MAC), that's what jumps to my mind.
Dan
On Mon, Oct 26, 2015 at 12:10 PM, Obi-Wan <obiwan at jedi.com> wrote:
> Thanks, I'll inspect those ARP requests.
>
> I did put the firewall's IP on my laptop when I hooked it up in place of
> the firewall. I didn't snoop for ARP traffic then, but since I was able to
> send traffic through that gateway, I have to assume that I got an ARP
> response.
>
> Hard coding a MAC address might get things working for now, but that
> sounds like it's just asking for trouble down the road when my ISP changes
> hardware without telling me and I've forgotten about that hardcoded entry.
> It's worth a shot for debugging purposes, though.
>
> On 10/26/2015 11:58 AM, Matthew G. Marsh wrote:
>
>>
>> If you connect your laptop again & do a TCPdump do you see the ARP
>> answers from the ISP gateway?
>>
>> Then if you put your Servers MAC address on your laptop do you still see
>> the ARP answers?
>>
>> If so maybe look and see what is different between the ARP packets. You
>> can also try hard coding the ISP MAC into your ARP table on the firewall to
>> force the sending. Just use the MAC address given to your laptop.
>>
>> That is what I saw when reading through.
>>
>> HTH
>>
>> mgm
>>
>> On Mon, 26 Oct 2015, Obi-Wan wrote:
>>
>> Hey folks,
>>>
>>> My home Internet stopped working suddenly last Friday night, and I'm at
>>> a loss to explain what I'm seeing. It was an instantaneous failure, not a
>>> slow degradation, and nobody was doing anything on my firewall at the
>>> time. The kids were just web browsing on their tablets, which is how we
>>> first saw the problem. If any of you have any suggestions after reading
>>> this entire treatise, I'd love to hear them. Here's what I think I know:
>>>
>>> Normal setup: Internet comes wirelessly via a Future Tech radio dish on
>>> my roof. An ethernet cable (with POE) connects the radio to my firewall,
>>> which is a dedicated Linux server. Only the POE power injector sits
>>> between the two. The firewall has a static public IP address on a /25
>>> network that sends traffic to a gateway at my ISP's site. The firewall
>>> runs IPtables and handles NATting / DNS / DHCP for my home LAN.
>>>
>>> Problem symptoms:
>>>
>>> My LAN (both wired & WiFi) can still reach the firewall from the inside
>>> just fine. The firewall can no longer reach the ISP's gateway IP or hence
>>> the Internet at large. TCPdump on the firewall's external NIC shows
>>> repeated unanswered ARP requests for the gateway from my firewall. I tried
>>> turning off IPtables entirely, but that had no effect on my firewall's
>>> ability to see the outside world. The firewall's external NIC still shows
>>> link lights and traffic flashing. I've tried replacing all the short
>>> cables, and the visible portion of the long cable running from my roof to
>>> my basement shows no visible damage. I've tried powering down &
>>> un/re-plugging all the related equipment, but to no effect.
>>>
>>> The ISP can connect to the rooftop radio from the outside, so that link
>>> to my house seems to be good.
>>>
>>> If I disconnect my firewall from the radio and plug my linux laptop
>>> directly into the radio (configuring it to have the firewall's static IP),
>>> then my laptop can get out to the Internet just fine. That seems to
>>> indicate that the POE injector, the long cable, and the gateway
>>> configuration are fine. Physical distances forced me to use a different
>>> cable to connect my laptop to the POE injector than I use to connect the
>>> firewall to the POE injector.
>>>
>>> If I connect my laptop directly to the external NIC on my firewall using
>>> a crossover cable (configuring my laptop to be a different IP on the
>>> external /25 subnet), then the laptop & the firewall can communicate with
>>> each other just fine. That seems to indicate that the firewall is working
>>> just fine.
>>>
>>> If I connect the rooftop radio directly into my LAN switch (bypassing
>>> the linux firewall) and let the radio handle NAT / DHCP on a non-routable
>>> subnet that it provides, then the rest of my LAN can get to the Internet at
>>> large, but at an unusably slow speed (240 Kbps download). That's how I
>>> left things at the moment. I didn't have to change any config on the radio
>>> to make this happen, so apparently it's able to do this and serve my normal
>>> static IP simultaneously.
>>>
>>> If both the radio and the firewall both test fine, and the cable between
>>> them has already been replaced, why isn't this working? What else should I
>>> be looking at?
>>>
>>> I tried calling Future Tech's phone support on Saturday, but I could
>>> hear the guy's eyes glazing over when I described my normal setup with a
>>> linux firewall. He wasn't able to offer any suggestions.
>>>
>>> As I type this, it occurs to me that it's *possible* (though highly
>>> unlikely) that *both* the cables I tried using to connect the POE injector
>>> to the firewall could be bad. I'll have to verify that when I get home
>>> tonight. In the mean time, I'm at a complete loss.
>>>
>>>
>> --------------------------------------------------
>> Matthew G. Marsh
>> Special Email Addr for OLUG ;-}
>> Phone: (402) 932-7250
>> Email: olug4mgm at paktronix.com
>> WWW: http://www.paksecured.org
>> --------------------------------------------------
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
>
>
> --
> *Ben "Obi-Wan" Hollingsworth* obiwan at jedi.com <mailto:obiwan at jedi.com>
> www.Jedi.com <http://www.jedi.com>
> The stuff of earth competes for the allegiance I owe only to the
> Giver of all good things, so if I stand, let me stand on the
> promise that You will pull me through. /-- Rich Mullins/
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
--
***************** ************* *********** ******* ***** *** **
"Quis custodiet ipsos custodes?"
(Who can watch the watchmen?)
-- from the Satires of Juvenal
"I do not fear computers, I fear the lack of them."
-- Isaac Asimov (Author)
** *** ***** ******* *********** ************* *****************
More information about the OLUG
mailing list