Re: Strange Network Problem
On 09/02/2018 03:22 PM, mick crane wrote: On 2018-09-02 19:39, David Christensen wrote: On 09/02/2018 05:48 AM, mick crane wrote: On 2018-09-02 13:16, Stephen P. Molnar wrote: The Firewall Passthrough is set to Allocation Mode set to 'Passthrough with the Passthrough Mode set to 'DHCPS-dynamic '. It's my intention to change the Allocation Mode to 'Off', as soon as I talk to AT&T Tech Support to make sure that doesn't mess things up. I'm not quite understanding how one PC is going straight through the router to the ISP's network whereas you have other PCs with private addresses. In my case as I understand it the ISP's router redirects from its external network to internal private. PC with say 2 NICS one to the router and one to a switch whereby connect the local machines using PC with 2 NICS as gateway doing DHCP, firewall and all that. mick https://en.wikipedia.org/wiki/Firewall_pinhole https://en.wikipedia.org/wiki/DMZ_(computing) https://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host The OP appears to have the third option enabled on his gateway. the ISP router maybe has NAT ( that's what it's called isn't it ) on some of the ports that things with the private 192.168 block connect to but seems to have a DMZ on one of the ports. I dunno mick https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol https://en.wikipedia.org/wiki/Network_address_translation Internet gateways typically provide DHCP and NAT/IP masquerading to hosts on a private network (e.g. 192.168.1.0/24). DMZ hosts are treated specially. David
Re: Strange Network Problem
On 2018-09-02 19:39, David Christensen wrote: On 09/02/2018 05:48 AM, mick crane wrote: On 2018-09-02 13:16, Stephen P. Molnar wrote: The Firewall Passthrough is set to Allocation Mode set to 'Passthrough with the Passthrough Mode set to 'DHCPS-dynamic '. It's my intention to change the Allocation Mode to 'Off', as soon as I talk to AT&T Tech Support to make sure that doesn't mess things up. I'm not quite understanding how one PC is going straight through the router to the ISP's network whereas you have other PCs with private addresses. In my case as I understand it the ISP's router redirects from its external network to internal private. PC with say 2 NICS one to the router and one to a switch whereby connect the local machines using PC with 2 NICS as gateway doing DHCP, firewall and all that. mick https://en.wikipedia.org/wiki/Firewall_pinhole https://en.wikipedia.org/wiki/DMZ_(computing) https://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host The OP appears to have the third option enabled on his gateway. the ISP router maybe has NAT ( that's what it's called isn't it ) on some of the ports that things with the private 192.168 block connect to but seems to have a DMZ on one of the ports. I dunno mick -- Key ID4BFEBB31
Re: Strange Network Problem
On 09/02/2018 05:48 AM, mick crane wrote: On 2018-09-02 13:16, Stephen P. Molnar wrote: The Firewall Passthrough is set to Allocation Mode set to 'Passthrough with the Passthrough Mode set to 'DHCPS-dynamic '. It's my intention to change the Allocation Mode to 'Off', as soon as I talk to AT&T Tech Support to make sure that doesn't mess things up. I'm not quite understanding how one PC is going straight through the router to the ISP's network whereas you have other PCs with private addresses. In my case as I understand it the ISP's router redirects from its external network to internal private. PC with say 2 NICS one to the router and one to a switch whereby connect the local machines using PC with 2 NICS as gateway doing DHCP, firewall and all that. mick https://en.wikipedia.org/wiki/Firewall_pinhole https://en.wikipedia.org/wiki/DMZ_(computing) https://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host The OP appears to have the third option enabled on his gateway. David
Re: Strange Network Problem
On 2018-09-02 13:16, Stephen P. Molnar wrote: The Firewall Passthrough is set to Allocation Mode set to 'Passthrough with the Passthrough Mode set to 'DHCPS-dynamic '. It's my intention to change the Allocation Mode to 'Off', as soon as I talk to AT&T Tech Support to make sure that doesn't mess things up. I'm not quite understanding how one PC is going straight through the router to the ISP's network whereas you have other PCs with private addresses. In my case as I understand it the ISP's router redirects from its external network to internal private. PC with say 2 NICS one to the router and one to a switch whereby connect the local machines using PC with 2 NICS as gateway doing DHCP, firewall and all that. mick -- Key ID4BFEBB31
Re: Strange Network Problem
On 09/02/2018 01:37 AM, David Christensen wrote: On 09/01/2018 04:05 AM, Stephen P. Molnar wrote: On 08/31/2018 10:41 PM, David Christensen wrote: On 08/31/2018 12:50 PM, Stephen P. Molnar wrote: I am running Debian Stretch on my Linux platform. I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious. Now: root@AbNormal:/home/comp# ifconfig enp2s0: flags=4163 mtu 1500 inet 162.237.98.238 netmask 255.255.252.0 broadcast 162.237.99.255 ether bc:ee:7b:5e:83:36 txqueuelen 1000 (Ethernet) RX packets 796401 bytes 529829454 (505.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 236054 bytes 22520861 (21.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 399 bytes 42360 (41.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 399 bytes 42360 (41.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio. The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be. Just what is going on here? I don't have a clue. I dop have firewalls implemented on both the modem and the computers. Any insights will be much appreciated. Thanks in advance. Running nslookup(1): 2018-08-31 18:53:21 dpchrist@vstretch ~ $ nslookup 162.237.98.238 Server:192.168.5.1 Address:192.168.5.1#53 Non-authoritative answer: 238.98.237.162.in-addr.arpaname = 162-237-98-238.lightspeed.clmboh.sbcglobal.net. Authoritative answers can be found from: Running host(1): 2018-08-31 18:58:15 dpchrist@vstretch ~ $ host 162.237.98.238 238.98.237.162.in-addr.arpa domain name pointer 162-237-98-238.lightspeed.clmboh.sbcglobal.net. 162.237.98.238 appears to be a valid IPv4 public Internet address. You should have a device provided by your Internet service provider (ISP) between their wiring (e.g. telephone service) and your wiring (e.g. Ethernet local area network/LAN). What is the make and model of the ISP device? Please provide a URL to the product support page. What are the "other four nodes"? How is everything interconnected? David Thanks for your reply. ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from AT&T (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway) Wired Connections: 2 Desktops, printer and VOIP telephone Wireless Connections: Laptop and two Android Smartphones root@AbNormal:/home/comp# nslookup > nslookup -a Server:192.168.1.254 Address:192.168.1.254#53 Non-authoritative answer: Name:nslookup Address: 198.105.244.130 Name:nslookup Address: 104.239.207.44 > > host Server:192.168.1.254 Address:192.168.1.254#53 Non-authoritative answer: *** Can't find host: No answer > It appears that your ISP gateway device is configured to pass through it's Internet address (and all incoming packets) to the computer in question. This is a feature that allows a server behind the gateway to be visible on the Internet. Enabling or disabling gateway features is a matter of browsing to the gateway's IP address (192.168.1.254?) and operatingthe web control panel. I have a Pace Plc Model 5268AC, also through AT&T. The relevant control panel page for putting a server on the Internet would seem to be Settings -> Firewall -> Applications, Pinholes and DMZ. I would pick a computer and then select "Allow all applications (DMZplus mode)" to turn the feature on. The feature is currently off, so I don't know how I would turn it off. If you can't figure out the control panel for your gateway, contact your ISP. David Thanks for your reply. The Firewall Passthrough is set to Allocation Mode set to 'Passthrough with the Passthrough Mode set to 'DHCPS-dynamic '. It's my intention to change the Allocation Mode to 'Off', as soon as I talk to AT&T Tech Support to make sure that doesn't mess things up. -- Stephen P. Molnar, Ph.D. Consultant www.molecular-modeling.net (614)312-7528 (c) Skype: smolnar1
Re: Strange Network Problem
On 09/01/2018 04:05 AM, Stephen P. Molnar wrote: On 08/31/2018 10:41 PM, David Christensen wrote: On 08/31/2018 12:50 PM, Stephen P. Molnar wrote: I am running Debian Stretch on my Linux platform. I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious. Now: root@AbNormal:/home/comp# ifconfig enp2s0: flags=4163 mtu 1500 inet 162.237.98.238 netmask 255.255.252.0 broadcast 162.237.99.255 ether bc:ee:7b:5e:83:36 txqueuelen 1000 (Ethernet) RX packets 796401 bytes 529829454 (505.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 236054 bytes 22520861 (21.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 399 bytes 42360 (41.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 399 bytes 42360 (41.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio. The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be. Just what is going on here? I don't have a clue. I dop have firewalls implemented on both the modem and the computers. Any insights will be much appreciated. Thanks in advance. Running nslookup(1): 2018-08-31 18:53:21 dpchrist@vstretch ~ $ nslookup 162.237.98.238 Server: 192.168.5.1 Address: 192.168.5.1#53 Non-authoritative answer: 238.98.237.162.in-addr.arpa name = 162-237-98-238.lightspeed.clmboh.sbcglobal.net. Authoritative answers can be found from: Running host(1): 2018-08-31 18:58:15 dpchrist@vstretch ~ $ host 162.237.98.238 238.98.237.162.in-addr.arpa domain name pointer 162-237-98-238.lightspeed.clmboh.sbcglobal.net. 162.237.98.238 appears to be a valid IPv4 public Internet address. You should have a device provided by your Internet service provider (ISP) between their wiring (e.g. telephone service) and your wiring (e.g. Ethernet local area network/LAN). What is the make and model of the ISP device? Please provide a URL to the product support page. What are the "other four nodes"? How is everything interconnected? David Thanks for your reply. ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from AT&T (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway) Wired Connections: 2 Desktops, printer and VOIP telephone Wireless Connections: Laptop and two Android Smartphones root@AbNormal:/home/comp# nslookup > nslookup -a Server: 192.168.1.254 Address: 192.168.1.254#53 Non-authoritative answer: Name: nslookup Address: 198.105.244.130 Name: nslookup Address: 104.239.207.44 > > host Server: 192.168.1.254 Address: 192.168.1.254#53 Non-authoritative answer: *** Can't find host: No answer > It appears that your ISP gateway device is configured to pass through it's Internet address (and all incoming packets) to the computer in question. This is a feature that allows a server behind the gateway to be visible on the Internet. Enabling or disabling gateway features is a matter of browsing to the gateway's IP address (192.168.1.254?) and operatingthe web control panel. I have a Pace Plc Model 5268AC, also through AT&T. The relevant control panel page for putting a server on the Internet would seem to be Settings -> Firewall -> Applications, Pinholes and DMZ. I would pick a computer and then select "Allow all applications (DMZplus mode)" to turn the feature on. The feature is currently off, so I don't know how I would turn it off. If you can't figure out the control panel for your gateway, contact your ISP. David
Re: Strange Network Problem
On Saturday, September 01, 2018 11:59:27 AM Stephen P. Molnar wrote: > On 09/01/2018 08:26 AM, rhkra...@gmail.com wrote: > > On Saturday, September 01, 2018 07:05:55 AM Stephen P. Molnar wrote: > >> On 08/31/2018 10:41 PM, David Christensen wrote: > >>> On 08/31/2018 12:50 PM, Stephen P. Molnar wrote: > I am running Debian Stretch on my Linux platform. > > I have noticed low internet traffic when I have not been doing > anything outside of my LAN. This has made me a tad suspicious. > >> > >> Wired Connections: 2 Desktops, printer and VOIP telephone > >> > >> Wireless Connections: Laptop and two Android Smartphones > > > > Out of curiosity, who is your VOIP service provider? > > > > I use ObiHai, and find that it exchanges traffic with its "server" > > continuously. > > > > I've not recently attempted to check how much, and don't remember any > > figures, but it wouldn't surprise me if that accounts for some, most, > > all of the traffic you report. > > > > And, maybe Android smartphones do something similar, especially if they > > are setup for VOIP or some similar service. > > AT&T Hmm, Ok, I don't have any experience with AT&T VOIP, but, I still suspect that is the source of at least some of the traffic you notice when you are not doing anything outside your LAN.
Re: Strange Network Problem
On 09/01/2018 08:26 AM, rhkra...@gmail.com wrote: On Saturday, September 01, 2018 07:05:55 AM Stephen P. Molnar wrote: On 08/31/2018 10:41 PM, David Christensen wrote: On 08/31/2018 12:50 PM, Stephen P. Molnar wrote: I am running Debian Stretch on my Linux platform. I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious. Wired Connections: 2 Desktops, printer and VOIP telephone Wireless Connections: Laptop and two Android Smartphones Out of curiosity, who is your VOIP service provider? I use ObiHai, and find that it exchanges traffic with its "server" continuously. I've not recently attempted to check how much, and don't remember any figures, but it wouldn't surprise me if that accounts for some, most, all of the traffic you report. And, maybe Android smartphones do something similar, especially if they are setup for VOIP or some similar service. AT&T -- Stephen P. Molnar, Ph.D. Consultant www.molecular-modeling.net (614)312-7528 (c) Skype: smolnar1
Re: Strange Network Problem
On Saturday, September 01, 2018 07:05:55 AM Stephen P. Molnar wrote: > On 08/31/2018 10:41 PM, David Christensen wrote: > > On 08/31/2018 12:50 PM, Stephen P. Molnar wrote: > >> I am running Debian Stretch on my Linux platform. > >> > >> I have noticed low internet traffic when I have not been doing > >> anything outside of my LAN. This has made me a tad suspicious. > >> > Wired Connections: 2 Desktops, printer and VOIP telephone > > Wireless Connections: Laptop and two Android Smartphones Out of curiosity, who is your VOIP service provider? I use ObiHai, and find that it exchanges traffic with its "server" continuously. I've not recently attempted to check how much, and don't remember any figures, but it wouldn't surprise me if that accounts for some, most, all of the traffic you report. And, maybe Android smartphones do something similar, especially if they are setup for VOIP or some similar service.
Re: Strange Network Problem
On 08/31/2018 10:41 PM, David Christensen wrote: On 08/31/2018 12:50 PM, Stephen P. Molnar wrote: I am running Debian Stretch on my Linux platform. I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious. Now: root@AbNormal:/home/comp# ifconfig enp2s0: flags=4163 mtu 1500 inet 162.237.98.238 netmask 255.255.252.0 broadcast 162.237.99.255 ether bc:ee:7b:5e:83:36 txqueuelen 1000 (Ethernet) RX packets 796401 bytes 529829454 (505.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 236054 bytes 22520861 (21.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 399 bytes 42360 (41.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 399 bytes 42360 (41.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio. The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be. Just what is going on here? I don't have a clue. I dop have firewalls implemented on both the modem and the computers. Any insights will be much appreciated. Thanks in advance. Running nslookup(1): 2018-08-31 18:53:21 dpchrist@vstretch ~ $ nslookup 162.237.98.238 Server:192.168.5.1 Address:192.168.5.1#53 Non-authoritative answer: 238.98.237.162.in-addr.arpaname = 162-237-98-238.lightspeed.clmboh.sbcglobal.net. Authoritative answers can be found from: Running host(1): 2018-08-31 18:58:15 dpchrist@vstretch ~ $ host 162.237.98.238 238.98.237.162.in-addr.arpa domain name pointer 162-237-98-238.lightspeed.clmboh.sbcglobal.net. 162.237.98.238 appears to be a valid IPv4 public Internet address. You should have a device provided by your Internet service provider (ISP) between their wiring (e.g. telephone service) and your wiring (e.g. Ethernet local area network/LAN). What is the make and model of the ISP device? Please provide a URL to the product support page. What are the "other four nodes"? How is everything interconnected? David Thanks for your reply. ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from AT&T (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway) Wired Connections: 2 Desktops, printer and VOIP telephone Wireless Connections: Laptop and two Android Smartphones root@AbNormal:/home/comp# nslookup > nslookup -a Server:192.168.1.254 Address:192.168.1.254#53 Non-authoritative answer: Name:nslookup Address: 198.105.244.130 Name:nslookup Address: 104.239.207.44 > > host Server:192.168.1.254 Address:192.168.1.254#53 Non-authoritative answer: *** Can't find host: No answer > -- Stephen P. Molnar, Ph.D. Consultant www.molecular-modeling.net (614)312-7528 (c) Skype: smolnar1
Re: Strange Network Problem
On 2018-08-31 20:50, Stephen P. Molnar wrote: I am running Debian Stretch on my Linux platform. I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious. Now: root@AbNormal:/home/comp# ifconfig enp2s0: flags=4163 mtu 1500 inet 162.237.98.238 netmask 255.255.252.0 broadcast 162.237.99.255 ether bc:ee:7b:5e:83:36 txqueuelen 1000 (Ethernet) RX packets 796401 bytes 529829454 (505.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 236054 bytes 22520861 (21.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 399 bytes 42360 (41.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 399 bytes 42360 (41.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio. The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be. Just what is going on here? I don't have a clue. I dop have firewalls implemented on both the modem and the computers. Any insights will be much appreciated. Thanks in advance. well ifconfig should report the internal private address of its NIC but seems to be showing the external address range of the router. Could this be anything to do with the router being in bridge mode which is something I'm not entirely clear about. mick -- Key ID4BFEBB31
Re: Strange Network Problem
On 08/31/2018 12:50 PM, Stephen P. Molnar wrote: I am running Debian Stretch on my Linux platform. I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious. Now: root@AbNormal:/home/comp# ifconfig enp2s0: flags=4163 mtu 1500 inet 162.237.98.238 netmask 255.255.252.0 broadcast 162.237.99.255 ether bc:ee:7b:5e:83:36 txqueuelen 1000 (Ethernet) RX packets 796401 bytes 529829454 (505.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 236054 bytes 22520861 (21.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 399 bytes 42360 (41.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 399 bytes 42360 (41.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio. The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be. Just what is going on here? I don't have a clue. I dop have firewalls implemented on both the modem and the computers. Any insights will be much appreciated. Thanks in advance. Running nslookup(1): 2018-08-31 18:53:21 dpchrist@vstretch ~ $ nslookup 162.237.98.238 Server: 192.168.5.1 Address:192.168.5.1#53 Non-authoritative answer: 238.98.237.162.in-addr.arpa name = 162-237-98-238.lightspeed.clmboh.sbcglobal.net. Authoritative answers can be found from: Running host(1): 2018-08-31 18:58:15 dpchrist@vstretch ~ $ host 162.237.98.238 238.98.237.162.in-addr.arpa domain name pointer 162-237-98-238.lightspeed.clmboh.sbcglobal.net. 162.237.98.238 appears to be a valid IPv4 public Internet address. You should have a device provided by your Internet service provider (ISP) between their wiring (e.g. telephone service) and your wiring (e.g. Ethernet local area network/LAN). What is the make and model of the ISP device? Please provide a URL to the product support page. What are the "other four nodes"? How is everything interconnected? David
Re: Strange Network Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Stephen P. Molnar wrote: > I am running Debian Stretch on my Linux platform. > > I have noticed low internet traffic when I have not been doing > anything outside of my LAN. This has made me a tad suspicious. > > > It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in > Columbus, Ohio. Is this pc perhaps set up to be in the dmz? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAluJst4ACgkQjhHd8xJ5 ooFfegf/UD2Fcat+GG27VWk8w9FdCDmrNwWLHX0jHXa6/0HNQYVKRBYK6x2CXvtk 98XaXDbKAp/cPrMquK9az0po9bC/M97/Ou+/ul1CiTeL9qKN065x+LuLGkEC5Ow/ f4hhqhVCzawQi4A5NcqF14asM2S3FcDQGfSpPIsP1RsA8cSO6ZykQfyLR+s0cs6K mVfhE/1/+OdJms4Fa2tbRzgP2O7nnvKTrnZjLVTSkhVsaonL7K7USpH8bQ6jYW+N t/o6kd4R3LLT/cpw0c6oX7835MRT4SPpmBFCbQfRxSjW4UMxpo6yZav6NwQhNEbN owdR+fRHrLkYanSaKz4k8m3tesLgJQ== =DK7D -END PGP SIGNATURE- -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
Strange Network Problem
I am running Debian Stretch on my Linux platform. I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious. Now: root@AbNormal:/home/comp# ifconfig enp2s0: flags=4163 mtu 1500 inet 162.237.98.238 netmask 255.255.252.0 broadcast 162.237.99.255 ether bc:ee:7b:5e:83:36 txqueuelen 1000 (Ethernet) RX packets 796401 bytes 529829454 (505.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 236054 bytes 22520861 (21.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 399 bytes 42360 (41.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 399 bytes 42360 (41.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio. The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be. Just what is going on here? I don't have a clue. I dop have firewalls implemented on both the modem and the computers. Any insights will be much appreciated. Thanks in advance. -- Stephen P. Molnar, Ph.D. Consultant www.molecular-modeling.net (614)312-7528 (c) Skype: smolnar1
[Solved] Strange network problem with Xen 4.0 on stable
Hi. For the archives: Le 15883ième jour après Epoch, François TOURDE écrivait: > Hi list. > > I'm using Xen (long time ago), and I've a strange problem with one of > the DomU. It's the only DomU with this behaviour. It doesn't reply to > ping and can't have access to the net. > > In detail: [...] > Packets seems to be forwarded from Dom0 to DomU, but not from DomU to Dom0: [...] > Routes are: > > Dom0: > root@srv04:~# ip route > 88.191.222.127 dev vif115.0 scope link src 88.191.108.41 > 88.191.223.138 dev vif114.0 scope link src 88.191.108.41 > 88.191.229.230 dev vif113.0 scope link src 88.191.108.41 > 88.191.226.108 dev vif116.0 scope link src 88.191.108.41 > 88.191.108.0/24 dev eth0 proto kernel scope link src 88.191.108.41 > 88.191.110.0/24 dev eth1 proto kernel scope link src 88.191.110.41 > default via 88.191.110.1 dev eth1 > default via 88.191.108.1 dev eth0 Even with accept_source_routing on all concerned interfaces, the vif114.0 packets that should be sent to outside network are routed by eth1, not the receiving interface eth0. Disabling eth1 (not yet used) solves the problem. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87bo6q9y7n@tourde.org
Strange network problem with Xen 4.0 on stable
Hi list. I'm using Xen (long time ago), and I've a strange problem with one of the DomU. It's the only DomU with this behaviour. It doesn't reply to ping and can't have access to the net. In detail: Dom0 Debian stable: Linux srv04 2.6.32-5-xen-amd64 #1 SMP Fri May 10 11:48:05 UTC 2013 x86_64 GNU/Linux Working DomU: Linux wiki 2.6.32-5-amd64 #1 SMP Fri May 10 08:43:19 UTC 2013 x86_64 GNU/Linux Not working DomU: Linux rh42g1 2.6.32-5-amd64 #1 SMP Fri May 10 11:48:05 UTC 2013 x86_64 GNU/Linux Packets seems to be forwarded from Dom0 to DomU, but not from DomU to Dom0: (srv04=Dom0, Xternal NIC=eth0) root@srv04:~# tcpdump -n -i eth0 src 88.191.223.138 or dst 88.191.223.138 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 10:21:51.437722 IP 62.147.184.98 > 88.191.223.138: ICMP echo request, id 1448, seq 1, length 64 10:21:52.445622 IP 62.147.184.98 > 88.191.223.138: ICMP echo request, id 1448, seq 2, length 64 10:21:53.454046 IP 62.147.184.98 > 88.191.223.138: ICMP echo request, id 1448, seq 3, length 64 But packets from DomU to Dom0 seems to be sent to Dom0: root@srv04:~# tcpdump -n -i vif114.0 src 88.191.223.138 or dst 88.191.223.138 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vif114.0, link-type EN10MB (Ethernet), capture size 65535 bytes 10:22:13.224780 IP 62.147.184.98 > 88.191.223.138: ICMP echo request, id 1459, seq 1, length 64 10:22:13.224866 IP 88.191.223.138 > 62.147.184.98: ICMP echo reply, id 1459, seq 1, length 64 10:22:14.224020 IP 62.147.184.98 > 88.191.223.138: ICMP echo request, id 1459, seq 2, length 64 10:22:14.224114 IP 88.191.223.138 > 62.147.184.98: ICMP echo reply, id 1459, seq 2, length 64 10:22:18.223371 ARP, Request who-has 88.191.223.138 tell 88.191.108.41, length 28 10:22:18.223467 ARP, Reply 88.191.223.138 is-at 00:16:3e:6b:9e:3c, length 28 Routes are: Dom0: root@srv04:~# ip route 88.191.222.127 dev vif115.0 scope link src 88.191.108.41 88.191.223.138 dev vif114.0 scope link src 88.191.108.41 88.191.229.230 dev vif113.0 scope link src 88.191.108.41 88.191.226.108 dev vif116.0 scope link src 88.191.108.41 88.191.108.0/24 dev eth0 proto kernel scope link src 88.191.108.41 88.191.110.0/24 dev eth1 proto kernel scope link src 88.191.110.41 default via 88.191.110.1 dev eth1 default via 88.191.108.1 dev eth0 Working DomU: 88.191.229.0/24 dev eth0 proto kernel scope link src 88.191.229.230 default dev eth0 scope link Not working DomU: 88.191.223.0/24 dev eth0 proto kernel scope link src 88.191.223.138 default dev eth0 scope link Any ideas are welcome -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87li5warkj@tourde.org
Re: Strange network problem
On 28/01/2008, hce <[EMAIL PROTECTED]> wrote: > > Hi, > > I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP > to get IP address, I can ping www.google.com or any domain name, but > my browser could not see www.google.com or any web site. Any > explanations of why I could ping www.google.com (which means the DNS > and route worked fine), but the brower could not download web pages > (browser does not any problem if using other network connections)? > I've disabled all firewall and service block in the ADSL modem. My > debian system does not have any problem if connects to other network. > Could it be the modem problem? > > Thank you. > > Jim > > This may be a silly question but prior to getting your new modem was your browser set up to use a proxy? -- rob http://www.worldcommunitygrid.org/team/viewTeamInfo.do?teamId=82BS4ZCMFR1
Re: Strange network problem
To download a web page with lynx hit the (p) key and you'll be presented with a menu of built-in choices. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange network problem
On Jan 29, 2008 12:26 PM, Celejar <[EMAIL PROTECTED]> wrote: > > On Tue, 29 Jan 2008 08:48:28 +1100 > hce <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP > > to get IP address, I can ping www.google.com or any domain name, but > > my browser could not see www.google.com or any web site. Any > > explanations of why I could ping www.google.com (which means the DNS > > and route worked fine), but the brower could not download web pages > > (browser does not any problem if using other network connections)? > > I've disabled all firewall and service block in the ADSL modem. My > > debian system does not have any problem if connects to other network. > > Could it be the modem problem? > > Have you tried more than one browser? What about other protocols, such > as telnet, ssh, SMTP/POP/IMAP? I tried lynx, it did display with www.google.com and other web pages, but I have never played with lynx before, not sure it worked fine or not. The mail had problem as well, it could not connect to gmail pop server in most time, but I could ping that. The mail did connecte to pop gmail server sometime. The other thing I have to mention that ping time was about 200ms - 800ms, not sure that would cause the brower and mail problem or not? Thank you. Jim > > Thank you. > > > > Jim > > Celejar > -- > mailmin.sourceforge.net - remote access via secure (OpenPGP) email > ssuds.sourceforge.net - A Simple Sudoku Solver and Generator > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange network problem
On Tue, 29 Jan 2008 08:48:28 +1100 hce <[EMAIL PROTECTED]> wrote: > Hi, > > I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP > to get IP address, I can ping www.google.com or any domain name, but > my browser could not see www.google.com or any web site. Any > explanations of why I could ping www.google.com (which means the DNS > and route worked fine), but the brower could not download web pages > (browser does not any problem if using other network connections)? > I've disabled all firewall and service block in the ADSL modem. My > debian system does not have any problem if connects to other network. > Could it be the modem problem? Have you tried more than one browser? What about other protocols, such as telnet, ssh, SMTP/POP/IMAP? > Thank you. > > Jim Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Strange network problem
Hi, I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP to get IP address, I can ping www.google.com or any domain name, but my browser could not see www.google.com or any web site. Any explanations of why I could ping www.google.com (which means the DNS and route worked fine), but the brower could not download web pages (browser does not any problem if using other network connections)? I've disabled all firewall and service block in the ADSL modem. My debian system does not have any problem if connects to other network. Could it be the modem problem? Thank you. Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
strange network problem
Currently i am using a EDGE connection with my mobile phone. Every thing was fine. But recently i got that some thing is wrong my downoad is very poor now, but browsing speed is ok. Any body know the reason ? S. M. Ibrahim (Lavlu) Home page: http://lavluda.tripod.com Blog: http://lavluda.blogspot.com Cute Pic: http://cutepicture.blogspot.com Yahoo!! ID: lavluda MSN ID: lavluda Skype : lavluda signature.asc Description: This is a digitally signed message part
Resolved: Strange Network problem
Martin, I thought it was DNS at first also, then I was covinced it was routing, now I am pretty sure that it is DHCP on the Winblows machine. In NT you cannot change to a smaller subnet that 255.255.255.0 ( for DHCP), and mine is .224. I decided to start using static and now everything is fine. This is a good temporary solution until I get the router on a real router and set up my own DNS server. Then I think DHCP will work better over our network, and I think the NT machine will serve better as a coffee table. Thanks, Gregory Green AdvantageCom, Inc. http://www.advantagecom.com Martin Bialasinski wrote: > Greg Green <[EMAIL PROTECTED]> writes: > > > machine since it is not acting as the router. Also, when I add a > > certain host to my Debian /etc/hosts file.the access is great. The > > > I can also flood the machines on the network with ping -f and not lose > > any packets > > > pop server = qpopper (2.2).one-reocurring 110 error ( connot get > > canonical name of ip xxx.xxx.xxx.xxx) in /var/adm/messages...I think > > this particular machine is just configured wrong in its email setup. > > I think this is a DNS problem. Your linuxbox has trouble resolving the > names of the machines in your LAN. > > Do you have a line "nameserver xxx.xxx.xxx.xxx" in your /etc/resolv.conf ? > > I had a similar problem today. I deleted the nameserver lines and couldn't > connect with telnet and ftp timed-out after one statusline. Other services > worked as well, as long as they didn't try to resolv a name. Ping worked > just right. > > In my case, the tcp wrapper wanted to use 0.0.0.0 as address for a > nameserver when it didn't find an entry in resolv.conf . > > Hope this helps. > > Ciao, > Martin > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange Network problem
Greg Green <[EMAIL PROTECTED]> writes: > machine since it is not acting as the router. Also, when I add a > certain host to my Debian /etc/hosts file.the access is great. The > I can also flood the machines on the network with ping -f and not lose > any packets > pop server = qpopper (2.2).one-reocurring 110 error ( connot get > canonical name of ip xxx.xxx.xxx.xxx) in /var/adm/messages...I think > this particular machine is just configured wrong in its email setup. I think this is a DNS problem. Your linuxbox has trouble resolving the names of the machines in your LAN. Do you have a line "nameserver xxx.xxx.xxx.xxx" in your /etc/resolv.conf ? I had a similar problem today. I deleted the nameserver lines and couldn't connect with telnet and ftp timed-out after one statusline. Other services worked as well, as long as they didn't try to resolv a name. Ping worked just right. In my case, the tcp wrapper wanted to use 0.0.0.0 as address for a nameserver when it didn't find an entry in resolv.conf . Hope this helps. Ciao, Martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Strange Network problem
Hello, I am experiencing a strange network problem and I do not know if my Debian 1.3.1 kernel 2.0.32 machine is the problem, or an NT Server being the cause. I have an NT Server acting as a router with my Debian machine serving my web page and mail server. Here's the problem, when I hit the web server or mail server from outside my network (via internet) my access is great. The mail pulls fast and the web site loads quick. However, when I am dialed into my network or plugged into the hub on my subnet, connecting to my web server or mail server is very slow. I will eventually connect and then the mail pulls fine, but the next time I need to send a message or refresh the web site, it is super slow connecting again. I am not the only one, everyone has the same problem. Here is the strange part, I can surf outside my network great and come in from outside my network just great. I do not know if I need to add any kind of routing entries to the Debian machine since it is not acting as the router. Also, when I add a certain host to my Debian /etc/hosts file.the access is great. The only reason I do not want to add every host in the /etc/host file is becuase the NT machine is running DHCP and everything used to work anyway. It only started being this slow when the NT machine got rebooted. The NT Server is the only machine in the host file outside of the loopback. I can also flood the machines on the network with ping -f and not lose any packets My setup = debian 1.3.1 kernel 2.0.32 on a pentium 150. web server = apache no errors mail server = smail .no errors pop server = qpopper (2.2).one-reocurring 110 error ( connot get canonical name of ip xxx.xxx.xxx.xxx) in /var/adm/messages...I think this particular machine is just configured wrong in its email setup. No errors in dmesg either. We burned down the NT machine and reloaded everything.problem persists. I put a LAN Meter on the network, nothing out of the ordinary such as the minimal amount of broadcast packets. There seems to be no way to pin this one down. Has anyone ever seen this before? Am I just missing some sort of ifconfig command somewhere? Any fresh ideas would greatly be appreciated. Thanks much -- Gregory Green AdvantageCom, Inc. http://www.advantagecom.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]