This weird dhclient/dhcp problem just happened again. I notice that I lose
my net connection on all LAN PCs. LRP box is still running. Bring up
weblet interface and notice that box has 2 IP's??
eth0: mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:5f:b2:53:2d brd ff:ff:ff:ff:ff:ff
inet 24.64.ww.xxx/22 brd 24.64.43.255 scope global eth0
inet 24.64.yy.zzz/22 brd 24.64.43.255 scope global secondary eth0
This is a simple DCD v1.01 config. Single Shaw cable modem connection to
home network through LRP box. I've attached the details from below as they
apply again. Nothing changed on my side to initiate this. I didn't get any
feedback to the questions below last time this happened. I just rebooted
and all was fine. Seems like I can't get past ~ 1 month uptime because of
this.
After rebooting, box only lists one IP address (the secondary one from
above).
Any ideas? Is anyone else on this list with Shaw cable seeing anything like
this?
Thanks,
Paul Rimmer
Calgary, Alberta, Canada
> -----Original Message-----
> From: Paul Rimmer [mailto:[EMAIL PROTECTED]]
> Sent: February 1, 2002 10:36 PM
> To: [EMAIL PROTECTED]
> Subject: dhclient and firewall question
>
>
> Wow, for the first time since I can remember, my IP address has
> changed via DHCP with Shaw cable. I've seen it happen when I've
> changed eth0 NICs before, but never for no apparent reason.
>
> The reason I noticed is that I saw a boatload of port80 logs. I
> have a line added to ipfilter.conf to not log port 80 stuff:
>
> #Deny and don't log Code Red stuff on port 80
> $IPCH -I input 3 -j DENY -p tcp -s 0/0 -d $EXTERN_IP/32 80 -i $EXTERN_IF
>
> I checked my ip address via "ip addr" and saw the following for eth0:
>
> 7: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:88:5f:c2:56:2e brd ff:ff:ff:ff:ff:ff
> inet 24.67.xx.xx/24 brd 24.67.xx.255 scope global eth0
> inet 24.64.yy.yyy/24 brd 24.64.yy.255 scope global eth0
>
> Weird. It appears eth0 has 2 IP addresses!?! My firewall is
> configured to block the first (I've had it for eons) but has no
> entries for the second. When I checked syslog there was a ton of
> "dhclient: DHCPREQUEST on eth0 to 24.64.aa.bbb port 67" starting
> a couple of days ago, then tonight I finally received the new IP
> (24.64.yy.yyy):
>
> Feb 1 16:34:21 ronin-firewall dhclient: DHCPREQUEST on eth0 to
> 255.255.255.255 port 67
> Feb 1 16:34:21 ronin-firewall dhclient: DHCPNAK from 24.64.yy.1
> Feb 1 16:34:21 ronin-firewall dhclient: DHCPDISCOVER on eth0 to
> 255.255.255.255 port 67 interval 4
> Feb 1 16:34:21 ronin-firewall dhclient: DHCPOFFER from 24.64.yy.1
> Feb 1 16:34:24 ronin-firewall dhclient: DHCPREQUEST on eth0 to
> 255.255.255.255 port 67
> Feb 1 16:34:24 ronin-firewall dhclient: DHCPACK from 24.64.yy.1
> Feb 1 16:34:27 ronin-firewall dhclient: bound to 24.64.yy.yyy --
> renewal in 86400 seconds.
>
> Basically it wasn't until dhclient sent out a broadcast
> DHCPREQUEST that it got a response. I thought DHCP was a
> broadcast protocol? I notice the "option dhcp-server-identifier
> 24.64.aa.bbb" field in my dhclient.leases file. I guess this is
> used where possible then go back to 255.255.255.255 when it fails
> after trying for 24 hrs?
>
> Another strange thing is that my /var/state/dhcp/dhclient.leases
> file is growing with a new entry for every renegotiation about
> once every 24hrs.
>
> Questions:
>
> 1) When I get a new IP via DHCP shouldn't the firewall rules
> automatically update (I have dhclient 2.0pl5)?
> 2) Shouldn't "/var/state/dhcp/dhclient.leases" only contain a
> couple of entries and not grow over time? Anyone else see this
> file growing?
> 3) Shouldn't an ethernet adapter only be able to have one IP vs.
> the two I am seeing reported by "ip addr"? If there is 2, how
> would the firewall know which to use for the ipchain entries?
>
> I am wondering if this could have anything to do with my
> registering a domain and mapping it to my shaw ip? I have a web
> server running behind the firewall that is used only by me to
> check on the status of the house and some other low bandwidth
> stuff. The day I got my domain setup to point to my dynamic (but
> never until now, changing) IP I was flooded with port 25 (POP)
> traffic until I added a new rule similar to the code red one for
> port 80 above.
>
> Maybe the new IP is just caused by a DHCP server switch for my
> ISP but then why am I seeing the weirdness described above?
>
> Anyone have any ideas as to what might be happening?
>
> Cheers,
> Paul
>
>
>
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
