Re: Strange Network Problem

[David Christensen]

On 09/02/2018 03:22 PM, mick crane wrote:

On 2018-09-02 19:39, David Christensen wrote:

On 09/02/2018 05:48 AM, mick crane wrote:

On 2018-09-02 13:16, Stephen P. Molnar wrote:


The Firewall Passthrough is set to Allocation Mode set to 'Passthrough
with the Passthrough Mode set to 'DHCPS-dynamic '.

It's my intention to change the Allocation Mode to 'Off', as soon as I
talk to AT Tech Support to make sure that doesn't mess things up.


I'm not quite understanding how one PC is going straight through the 
router to the ISP's network whereas you have other PCs with private 
addresses.


In my case as I understand it the ISP's router redirects from its 
external network to internal private.
PC with say 2 NICS one to the router and one to a switch whereby 
connect the local machines using PC with 2 NICS as gateway doing 
DHCP, firewall and all that.


mick



https://en.wikipedia.org/wiki/Firewall_pinhole

https://en.wikipedia.org/wiki/DMZ_(computing)

https://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host


The OP appears to have the third option enabled on his gateway.


the ISP router maybe has NAT ( that's what it's called isn't it ) on 
some of the ports that things with the private 192.168 block connect to 
but seems to have a DMZ on one of the ports.

I dunno

mick


https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

https://en.wikipedia.org/wiki/Network_address_translation


Internet gateways typically provide DHCP and NAT/IP masquerading to 
hosts on a private network (e.g. 192.168.1.0/24).  DMZ hosts are treated 
specially.



David

Re: Strange Network Problem

[mick crane]

On 2018-09-02 19:39, David Christensen wrote:

On 09/02/2018 05:48 AM, mick crane wrote:

On 2018-09-02 13:16, Stephen P. Molnar wrote:

The Firewall Passthrough is set to Allocation Mode set to 
'Passthrough

with the Passthrough Mode set to 'DHCPS-dynamic '.

It's my intention to change the Allocation Mode to 'Off', as soon as 
I

talk to AT Tech Support to make sure that doesn't mess things up.


I'm not quite understanding how one PC is going straight through the 
router to the ISP's network whereas you have other PCs with private 
addresses.


In my case as I understand it the ISP's router redirects from its 
external network to internal private.
PC with say 2 NICS one to the router and one to a switch whereby 
connect the local machines using PC with 2 NICS as gateway doing DHCP, 
firewall and all that.


mick



https://en.wikipedia.org/wiki/Firewall_pinhole

https://en.wikipedia.org/wiki/DMZ_(computing)

https://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host


The OP appears to have the third option enabled on his gateway.


the ISP router maybe has NAT ( that's what it's called isn't it ) on 
some of the ports that things with the private 192.168 block connect to 
but seems to have a DMZ on one of the ports.

I dunno

mick


--
Key ID4BFEBB31

Re: Strange Network Problem

[David Christensen]

On 09/02/2018 05:48 AM, mick crane wrote:

On 2018-09-02 13:16, Stephen P. Molnar wrote:


The Firewall Passthrough is set to Allocation Mode set to 'Passthrough
with the Passthrough Mode set to 'DHCPS-dynamic '.

It's my intention to change the Allocation Mode to 'Off', as soon as I
talk to AT Tech Support to make sure that doesn't mess things up.


I'm not quite understanding how one PC is going straight through the 
router to the ISP's network whereas you have other PCs with private 
addresses.


In my case as I understand it the ISP's router redirects from its 
external network to internal private.
PC with say 2 NICS one to the router and one to a switch whereby connect 
the local machines using PC with 2 NICS as gateway doing DHCP, firewall 
and all that.


mick



https://en.wikipedia.org/wiki/Firewall_pinhole

https://en.wikipedia.org/wiki/DMZ_(computing)

https://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host


The OP appears to have the third option enabled on his gateway.


David

Re: Strange Network Problem

[mick crane]

On 2018-09-02 13:16, Stephen P. Molnar wrote:


The Firewall Passthrough is set to Allocation Mode set to 'Passthrough
with the Passthrough Mode set to 'DHCPS-dynamic '.

It's my intention to change the Allocation Mode to 'Off', as soon as I
talk to AT Tech Support to make sure that doesn't mess things up.


I'm not quite understanding how one PC is going straight through the 
router to the ISP's network whereas you have other PCs with private 
addresses.


In my case as I understand it the ISP's router redirects from its 
external network to internal private.
PC with say 2 NICS one to the router and one to a switch whereby connect 
the local machines using PC with 2 NICS as gateway doing DHCP, firewall 
and all that.


mick




--
Key ID4BFEBB31

Re: Strange Network Problem

[Stephen P. Molnar]

On 09/02/2018 01:37 AM, David Christensen wrote:

On 09/01/2018 04:05 AM, Stephen P. Molnar wrote:



On 08/31/2018 10:41 PM, David Christensen wrote:

On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:

I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing 
anything outside of my LAN.  This has made me a tad suspicious.


Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163 mtu 1500
 inet 162.237.98.238  netmask 255.255.252.0 broadcast 
162.237.99.255

 ether bc:ee:7b:5e:83:36  txqueuelen 1000 (Ethernet)
 RX packets 796401  bytes 529829454 (505.2 MiB)
 RX errors 0  dropped 0  overruns 0  frame 0
 TX packets 236054  bytes 22520861 (21.4 MiB)
 TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0

lo: flags=73  mtu 65536
 inet 127.0.0.1  netmask 255.0.0.0
 loop  txqueuelen 1  (Local Loopback)
 RX packets 399  bytes 42360 (41.3 KiB)
 RX errors 0  dropped 0  overruns 0  frame 0
 TX packets 399  bytes 42360 (41.3 KiB)
 TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT here in 
Columbus, Ohio.


The other four nodes on my LAn all have IP's starting with 
192.168.1 - which is what it's supposed to be.


Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.



Running nslookup(1):

2018-08-31 18:53:21 dpchrist@vstretch ~
$ nslookup 162.237.98.238
Server:192.168.5.1
Address:192.168.5.1#53

Non-authoritative answer:
238.98.237.162.in-addr.arpaname = 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.


Authoritative answers can be found from:


Running host(1):

2018-08-31 18:58:15 dpchrist@vstretch ~
$ host 162.237.98.238
238.98.237.162.in-addr.arpa domain name pointer 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.



162.237.98.238 appears to be a valid IPv4 public Internet address.


You should have a device provided by your Internet service provider 
(ISP) between their wiring (e.g. telephone service) and your wiring 
(e.g. Ethernet local area network/LAN).  What is the make and model 
of the ISP device?  Please provide a URL to the product support page.



What are the "other four nodes"?


How is everything interconnected?


David



Thanks for your reply.

ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from 
AT (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway)


Wired Connections:  2 Desktops,  printer and VOIP telephone

Wireless Connections:  Laptop and two Android Smartphones

root@AbNormal:/home/comp# nslookup
 > nslookup -a
Server:192.168.1.254
Address:192.168.1.254#53

Non-authoritative answer:
Name:nslookup
Address: 198.105.244.130
Name:nslookup
Address: 104.239.207.44
 >
 > host
Server:192.168.1.254
Address:192.168.1.254#53

Non-authoritative answer:
*** Can't find host: No answer
 >



It appears that your ISP gateway device is configured to pass through 
it's Internet address (and all incoming packets) to the computer in 
question.  This is a feature that allows a server behind the gateway 
to be visible on the Internet.



Enabling or disabling gateway features is a matter of browsing to the 
gateway's IP address (192.168.1.254?) and operatingthe web control panel.



I have a Pace Plc Model 5268AC, also through AT  The relevant 
control panel page for putting a server on the Internet would seem to 
be Settings -> Firewall -> Applications, Pinholes and DMZ.  I would 
pick a computer and then select "Allow all applications (DMZplus 
mode)" to turn the feature on.  The feature is currently off, so I 
don't know how I would turn it off.



If you can't figure out the control panel for your gateway, contact 
your ISP.



David



Thanks for your reply.

The Firewall Passthrough is set to Allocation Mode set to 'Passthrough 
with the Passthrough Mode set to 'DHCPS-dynamic '.


It's my intention to change the Allocation Mode to 'Off', as soon as I 
talk to AT Tech Support to make sure that doesn't mess things up.


--
Stephen P. Molnar, Ph.D.
Consultant
www.molecular-modeling.net
(614)312-7528 (c)
Skype: smolnar1

Re: Strange Network Problem

[David Christensen]

On 09/01/2018 04:05 AM, Stephen P. Molnar wrote:



On 08/31/2018 10:41 PM, David Christensen wrote:

On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:

I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing 
anything outside of my LAN.  This has made me a tad suspicious.


Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163  mtu 1500
 inet 162.237.98.238  netmask 255.255.252.0  broadcast 
162.237.99.255

 ether bc:ee:7b:5e:83:36  txqueuelen 1000  (Ethernet)
 RX packets 796401  bytes 529829454 (505.2 MiB)
 RX errors 0  dropped 0  overruns 0  frame 0
 TX packets 236054  bytes 22520861 (21.4 MiB)
 TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0

lo: flags=73  mtu 65536
 inet 127.0.0.1  netmask 255.0.0.0
 loop  txqueuelen 1  (Local Loopback)
 RX packets 399  bytes 42360 (41.3 KiB)
 RX errors 0  dropped 0  overruns 0  frame 0
 TX packets 399  bytes 42360 (41.3 KiB)
 TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT here in 
Columbus, Ohio.


The other four nodes on my LAn all have IP's starting with 192.168.1 
- which is what it's supposed to be.


Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.



Running nslookup(1):

    2018-08-31 18:53:21 dpchrist@vstretch ~
    $ nslookup 162.237.98.238
    Server:    192.168.5.1
    Address:    192.168.5.1#53

    Non-authoritative answer:
    238.98.237.162.in-addr.arpa    name = 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.


    Authoritative answers can be found from:


Running host(1):

    2018-08-31 18:58:15 dpchrist@vstretch ~
    $ host 162.237.98.238
    238.98.237.162.in-addr.arpa domain name pointer 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.



162.237.98.238 appears to be a valid IPv4 public Internet address.


You should have a device provided by your Internet service provider 
(ISP) between their wiring (e.g. telephone service) and your wiring 
(e.g. Ethernet local area network/LAN).  What is the make and model of 
the ISP device?  Please provide a URL to the product support page.



What are the "other four nodes"?


How is everything interconnected?


David



Thanks for your reply.

ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from 
AT (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway)


Wired Connections:  2 Desktops,  printer and VOIP telephone

Wireless Connections:  Laptop and two Android Smartphones

root@AbNormal:/home/comp# nslookup
 > nslookup -a
Server:    192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
Name:    nslookup
Address: 198.105.244.130
Name:    nslookup
Address: 104.239.207.44
 >
 > host
Server:    192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
*** Can't find host: No answer
 >



It appears that your ISP gateway device is configured to pass through 
it's Internet address (and all incoming packets) to the computer in 
question.  This is a feature that allows a server behind the gateway to 
be visible on the Internet.



Enabling or disabling gateway features is a matter of browsing to the 
gateway's IP address (192.168.1.254?) and operatingthe web control panel.



I have a Pace Plc Model 5268AC, also through AT  The relevant control 
panel page for putting a server on the Internet would seem to be 
Settings -> Firewall -> Applications, Pinholes and DMZ.  I would pick a 
computer and then select "Allow all applications (DMZplus mode)" to turn 
the feature on.  The feature is currently off, so I don't know how I 
would turn it off.



If you can't figure out the control panel for your gateway, contact your 
ISP.



David

Re: Strange Network Problem

[rhkramer]

On Saturday, September 01, 2018 11:59:27 AM Stephen P. Molnar wrote:
> On 09/01/2018 08:26 AM, rhkra...@gmail.com wrote:
> > On Saturday, September 01, 2018 07:05:55 AM Stephen P. Molnar wrote:
> >> On 08/31/2018 10:41 PM, David Christensen wrote:
> >>> On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:
>  I am running Debian Stretch on my Linux platform.
>  
>  I have noticed low internet traffic when I have not been doing
>  anything outside of my LAN.  This has made me a tad suspicious.
> >> 
> >> Wired Connections:  2 Desktops,  printer and VOIP telephone
> >> 
> >> Wireless Connections:  Laptop and two Android Smartphones
> > 
> > Out of curiosity, who is your VOIP service provider?
> > 
> > I use ObiHai, and find that it exchanges traffic with its "server"
> > continuously.
> > 
> > I've not recently attempted to check how much, and don't remember any
> > figures, but it wouldn't surprise me if that accounts for some, most,
> > all of the traffic you report.
> > 
> > And, maybe Android smartphones do something similar, especially if they
> > are setup for VOIP or some similar service.
> 
> AT

Hmm, Ok, I don't have any experience with AT VOIP, but, I still suspect that 
is the source of at least some of the traffic you notice when you are not doing 
anything outside your LAN.

Re: Strange Network Problem

[Stephen P. Molnar]

On 09/01/2018 08:26 AM, rhkra...@gmail.com wrote:

On Saturday, September 01, 2018 07:05:55 AM Stephen P. Molnar wrote:

On 08/31/2018 10:41 PM, David Christensen wrote:

On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:

I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing
anything outside of my LAN.  This has made me a tad suspicious.


Wired Connections:  2 Desktops,  printer and VOIP telephone

Wireless Connections:  Laptop and two Android Smartphones

Out of curiosity, who is your VOIP service provider?

I use ObiHai, and find that it exchanges traffic with its "server" continuously.

I've not recently attempted to check how much, and don't remember any figures,
but it wouldn't surprise me if that accounts for some, most, all of the traffic
you report.

And, maybe Android smartphones do something similar, especially if they are
setup for VOIP or some similar service.



AT

--
Stephen P. Molnar, Ph.D.
Consultant
www.molecular-modeling.net
(614)312-7528 (c)
Skype: smolnar1

Re: Strange Network Problem

[rhkramer]

On Saturday, September 01, 2018 07:05:55 AM Stephen P. Molnar wrote:
> On 08/31/2018 10:41 PM, David Christensen wrote:
> > On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:
> >> I am running Debian Stretch on my Linux platform.
> >> 
> >> I have noticed low internet traffic when I have not been doing
> >> anything outside of my LAN.  This has made me a tad suspicious.
> >> 

> Wired Connections:  2 Desktops,  printer and VOIP telephone
> 
> Wireless Connections:  Laptop and two Android Smartphones

Out of curiosity, who is your VOIP service provider?

I use ObiHai, and find that it exchanges traffic with its "server" continuously.

I've not recently attempted to check how much, and don't remember any figures, 
but it wouldn't surprise me if that accounts for some, most, all of the traffic 
you report.

And, maybe Android smartphones do something similar, especially if they are 
setup for VOIP or some similar service.

Re: Strange Network Problem

[Stephen P. Molnar]

On 08/31/2018 10:41 PM, David Christensen wrote:

On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:

I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing 
anything outside of my LAN.  This has made me a tad suspicious.


Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163  mtu 1500
 inet 162.237.98.238  netmask 255.255.252.0  broadcast 
162.237.99.255

 ether bc:ee:7b:5e:83:36  txqueuelen 1000  (Ethernet)
 RX packets 796401  bytes 529829454 (505.2 MiB)
 RX errors 0  dropped 0  overruns 0  frame 0
 TX packets 236054  bytes 22520861 (21.4 MiB)
 TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0

lo: flags=73  mtu 65536
 inet 127.0.0.1  netmask 255.0.0.0
 loop  txqueuelen 1  (Local Loopback)
 RX packets 399  bytes 42360 (41.3 KiB)
 RX errors 0  dropped 0  overruns 0  frame 0
 TX packets 399  bytes 42360 (41.3 KiB)
 TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT here in 
Columbus, Ohio.


The other four nodes on my LAn all have IP's starting with 192.168.1 
- which is what it's supposed to be.


Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.



Running nslookup(1):

2018-08-31 18:53:21 dpchrist@vstretch ~
$ nslookup 162.237.98.238
Server:192.168.5.1
Address:192.168.5.1#53

Non-authoritative answer:
238.98.237.162.in-addr.arpaname = 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.


Authoritative answers can be found from:


Running host(1):

2018-08-31 18:58:15 dpchrist@vstretch ~
$ host 162.237.98.238
238.98.237.162.in-addr.arpa domain name pointer 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.



162.237.98.238 appears to be a valid IPv4 public Internet address.


You should have a device provided by your Internet service provider 
(ISP) between their wiring (e.g. telephone service) and your wiring 
(e.g. Ethernet local area network/LAN).  What is the make and model of 
the ISP device?  Please provide a URL to the product support page.



What are the "other four nodes"?


How is everything interconnected?


David



Thanks for your reply.

ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from 
AT (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway)


Wired Connections:  2 Desktops,  printer and VOIP telephone

Wireless Connections:  Laptop and two Android Smartphones

root@AbNormal:/home/comp# nslookup
> nslookup -a
Server:192.168.1.254
Address:192.168.1.254#53

Non-authoritative answer:
Name:nslookup
Address: 198.105.244.130
Name:nslookup
Address: 104.239.207.44
>
> host
Server:192.168.1.254
Address:192.168.1.254#53

Non-authoritative answer:
*** Can't find host: No answer
>

--
Stephen P. Molnar, Ph.D.
Consultant
www.molecular-modeling.net
(614)312-7528 (c)
Skype: smolnar1

Re: Strange Network Problem

[mick crane]

On 2018-08-31 20:50, Stephen P. Molnar wrote:

I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing
anything outside of my LAN.  This has made me a tad suspicious.

Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163  mtu 1500
inet 162.237.98.238  netmask 255.255.252.0  broadcast 
162.237.99.255

ether bc:ee:7b:5e:83:36  txqueuelen 1000  (Ethernet)
RX packets 796401  bytes 529829454 (505.2 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 236054  bytes 22520861 (21.4 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
loop  txqueuelen 1  (Local Loopback)
RX packets 399  bytes 42360 (41.3 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 399  bytes 42360 (41.3 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT here in
Columbus, Ohio.

The other four nodes on my LAn all have IP's starting with 192.168.1 -
which is what it's supposed to be.

Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.


well ifconfig should report the internal private address of its NIC but 
seems to be showing the external address range of the router. Could this 
be anything to do with the router being in bridge mode which is 
something I'm not entirely clear about.


mick


--
Key ID4BFEBB31

Re: Strange Network Problem

[David Christensen]

On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:

I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing anything 
outside of my LAN.  This has made me a tad suspicious.


Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163  mtu 1500
     inet 162.237.98.238  netmask 255.255.252.0  broadcast 
162.237.99.255

     ether bc:ee:7b:5e:83:36  txqueuelen 1000  (Ethernet)
     RX packets 796401  bytes 529829454 (505.2 MiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 236054  bytes 22520861 (21.4 MiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
     inet 127.0.0.1  netmask 255.0.0.0
     loop  txqueuelen 1  (Local Loopback)
     RX packets 399  bytes 42360 (41.3 KiB)
     RX errors 0  dropped 0  overruns 0  frame 0
     TX packets 399  bytes 42360 (41.3 KiB)
     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT here in 
Columbus, Ohio.


The other four nodes on my LAn all have IP's starting with 192.168.1 - 
which is what it's supposed to be.


Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.



Running nslookup(1):

2018-08-31 18:53:21 dpchrist@vstretch ~
$ nslookup 162.237.98.238
Server: 192.168.5.1
Address:192.168.5.1#53

Non-authoritative answer:
238.98.237.162.in-addr.arpa	name = 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.


Authoritative answers can be found from:


Running host(1):

2018-08-31 18:58:15 dpchrist@vstretch ~
$ host 162.237.98.238
238.98.237.162.in-addr.arpa domain name pointer 
162-237-98-238.lightspeed.clmboh.sbcglobal.net.



162.237.98.238 appears to be a valid IPv4 public Internet address.


You should have a device provided by your Internet service provider 
(ISP) between their wiring (e.g. telephone service) and your wiring 
(e.g. Ethernet local area network/LAN).  What is the make and model of 
the ISP device?  Please provide a URL to the product support page.



What are the "other four nodes"?


How is everything interconnected?


David

Re: Strange Network Problem

[Dan Purgert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Stephen P. Molnar wrote:
> I am running Debian Stretch on my Linux platform.
>
> I have noticed low internet traffic when I have not been doing
> anything outside of my LAN.  This has made me a tad suspicious.
>
>
> It turns out that this ISP, 162.237.98.238 is my ISP, AT here in 
> Columbus, Ohio.

Is this pc perhaps set up to be in the dmz?


-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAluJst4ACgkQjhHd8xJ5
ooFfegf/UD2Fcat+GG27VWk8w9FdCDmrNwWLHX0jHXa6/0HNQYVKRBYK6x2CXvtk
98XaXDbKAp/cPrMquK9az0po9bC/M97/Ou+/ul1CiTeL9qKN065x+LuLGkEC5Ow/
f4hhqhVCzawQi4A5NcqF14asM2S3FcDQGfSpPIsP1RsA8cSO6ZykQfyLR+s0cs6K
mVfhE/1/+OdJms4Fa2tbRzgP2O7nnvKTrnZjLVTSkhVsaonL7K7USpH8bQ6jYW+N
t/o6kd4R3LLT/cpw0c6oX7835MRT4SPpmBFCbQfRxSjW4UMxpo6yZav6NwQhNEbN
owdR+fRHrLkYanSaKz4k8m3tesLgJQ==
=DK7D
-END PGP SIGNATURE-

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Strange Network Problem

[Stephen P. Molnar]

I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing anything 
outside of my LAN.  This has made me a tad suspicious.


Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163  mtu 1500
inet 162.237.98.238  netmask 255.255.252.0  broadcast 
162.237.99.255

ether bc:ee:7b:5e:83:36  txqueuelen 1000  (Ethernet)
RX packets 796401  bytes 529829454 (505.2 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 236054  bytes 22520861 (21.4 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
loop  txqueuelen 1  (Local Loopback)
RX packets 399  bytes 42360 (41.3 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 399  bytes 42360 (41.3 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT here in 
Columbus, Ohio.


The other four nodes on my LAn all have IP's starting with 192.168.1 - 
which is what it's supposed to be.


Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.

--
Stephen P. Molnar, Ph.D.
Consultant
www.molecular-modeling.net
(614)312-7528 (c)
Skype: smolnar1

[Solved] Strange network problem with Xen 4.0 on stable

[François TOURDE]

Hi.

For the archives:

Le 15883ième jour après Epoch,
François TOURDE écrivait:

 Hi list.

 I'm using Xen (long time ago), and I've a strange problem with one of
 the DomU. It's the only DomU with this behaviour. It doesn't reply to
 ping and can't have access to the net.

 In detail:

[...]

 Packets seems to be forwarded from Dom0 to DomU, but not from DomU to Dom0:

[...]

 Routes are:

 Dom0:
 root@srv04:~# ip route
 88.191.222.127 dev vif115.0  scope link  src 88.191.108.41 
 88.191.223.138 dev vif114.0  scope link  src 88.191.108.41 
 88.191.229.230 dev vif113.0  scope link  src 88.191.108.41 
 88.191.226.108 dev vif116.0  scope link  src 88.191.108.41 
 88.191.108.0/24 dev eth0  proto kernel  scope link  src 88.191.108.41 
 88.191.110.0/24 dev eth1  proto kernel  scope link  src 88.191.110.41 
 default via 88.191.110.1 dev eth1 
 default via 88.191.108.1 dev eth0 

Even with accept_source_routing on all concerned interfaces, the
vif114.0 packets that should be sent to outside network are routed by
eth1, not the receiving interface eth0.

Disabling eth1 (not yet used) solves the problem.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87bo6q9y7n@tourde.org

Strange network problem with Xen 4.0 on stable

[François TOURDE]

Hi list.

I'm using Xen (long time ago), and I've a strange problem with one of
the DomU. It's the only DomU with this behaviour. It doesn't reply to
ping and can't have access to the net.

In detail:

Dom0 Debian stable:
  Linux srv04 2.6.32-5-xen-amd64 #1 SMP Fri May 10 11:48:05 UTC 2013 x86_64 
GNU/Linux

Working DomU:
  Linux wiki 2.6.32-5-amd64 #1 SMP Fri May 10 08:43:19 UTC 2013 x86_64 GNU/Linux

Not working DomU:
  Linux rh42g1 2.6.32-5-amd64 #1 SMP Fri May 10 11:48:05 UTC 2013 x86_64 
GNU/Linux

Packets seems to be forwarded from Dom0 to DomU, but not from DomU to Dom0:

(srv04=Dom0, Xternal NIC=eth0)

root@srv04:~# tcpdump -n -i eth0  src 88.191.223.138 or dst 88.191.223.138
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:21:51.437722 IP 62.147.184.98  88.191.223.138: ICMP echo request, id 1448, 
seq 1, length 64
10:21:52.445622 IP 62.147.184.98  88.191.223.138: ICMP echo request, id 1448, 
seq 2, length 64
10:21:53.454046 IP 62.147.184.98  88.191.223.138: ICMP echo request, id 1448, 
seq 3, length 64

But packets from DomU to Dom0 seems to be sent to Dom0:

root@srv04:~# tcpdump -n -i vif114.0  src 88.191.223.138 or dst 88.191.223.138
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vif114.0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:22:13.224780 IP 62.147.184.98  88.191.223.138: ICMP echo request, id 1459, 
seq 1, length 64
10:22:13.224866 IP 88.191.223.138  62.147.184.98: ICMP echo reply, id 1459, 
seq 1, length 64
10:22:14.224020 IP 62.147.184.98  88.191.223.138: ICMP echo request, id 1459, 
seq 2, length 64
10:22:14.224114 IP 88.191.223.138  62.147.184.98: ICMP echo reply, id 1459, 
seq 2, length 64
10:22:18.223371 ARP, Request who-has 88.191.223.138 tell 88.191.108.41, length 
28
10:22:18.223467 ARP, Reply 88.191.223.138 is-at 00:16:3e:6b:9e:3c, length 28

Routes are:

Dom0:
root@srv04:~# ip route
88.191.222.127 dev vif115.0  scope link  src 88.191.108.41 
88.191.223.138 dev vif114.0  scope link  src 88.191.108.41 
88.191.229.230 dev vif113.0  scope link  src 88.191.108.41 
88.191.226.108 dev vif116.0  scope link  src 88.191.108.41 
88.191.108.0/24 dev eth0  proto kernel  scope link  src 88.191.108.41 
88.191.110.0/24 dev eth1  proto kernel  scope link  src 88.191.110.41 
default via 88.191.110.1 dev eth1 
default via 88.191.108.1 dev eth0 

Working DomU:
88.191.229.0/24 dev eth0  proto kernel  scope link  src 88.191.229.230 
default dev eth0  scope link 

Not working DomU:
88.191.223.0/24 dev eth0  proto kernel  scope link  src 88.191.223.138 
default dev eth0  scope link 

Any ideas are welcome


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87li5warkj@tourde.org

Re: Strange network problem

[Jude DaShiell]

To download a web page with lynx hit the (p) key and you'll be presented 
with a menu of built-in choices.





--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Strange network problem

[Robin]

On 28/01/2008, hce [EMAIL PROTECTED] wrote:

 Hi,

 I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP
 to get IP address, I can ping www.google.com or any domain name, but
 my browser could not see www.google.com or any web site. Any
 explanations of why I could ping www.google.com (which means the DNS
 and route worked fine), but the brower could not download web pages
 (browser does not any problem if using other network connections)?
 I've disabled all firewall and service block in the ADSL modem. My
 debian system does not have any problem if connects to other network.
 Could it be the modem problem?

 Thank you.

 Jim

 This may be a silly question but prior to getting your new modem was your
browser set up to use a proxy?

-- 
rob


http://www.worldcommunitygrid.org/team/viewTeamInfo.do?teamId=82BS4ZCMFR1

Strange network problem

[hce]

Hi,

I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP
to get IP address, I can ping www.google.com or any domain name, but
my browser could not see www.google.com or any web site. Any
explanations of why I could ping www.google.com (which means the DNS
and route worked fine), but the brower could not download web pages
(browser does not any problem if using other network connections)?
I've disabled all firewall and service block in the ADSL modem. My
debian system does not have any problem if connects to other network.
Could it be the modem problem?

Thank you.

Jim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Strange network problem

[Celejar]

On Tue, 29 Jan 2008 08:48:28 +1100
hce [EMAIL PROTECTED] wrote:

 Hi,
 
 I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP
 to get IP address, I can ping www.google.com or any domain name, but
 my browser could not see www.google.com or any web site. Any
 explanations of why I could ping www.google.com (which means the DNS
 and route worked fine), but the brower could not download web pages
 (browser does not any problem if using other network connections)?
 I've disabled all firewall and service block in the ADSL modem. My
 debian system does not have any problem if connects to other network.
 Could it be the modem problem?

Have you tried more than one browser?  What about other protocols, such
as telnet, ssh, SMTP/POP/IMAP?

 Thank you.
 
 Jim

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Strange network problem

[hce]

On Jan 29, 2008 12:26 PM, Celejar [EMAIL PROTECTED] wrote:

 On Tue, 29 Jan 2008 08:48:28 +1100
 hce [EMAIL PROTECTED] wrote:

  Hi,
 
  I bought a new ADSL2+ modem and connected to my debian PC. I used DHCP
  to get IP address, I can ping www.google.com or any domain name, but
  my browser could not see www.google.com or any web site. Any
  explanations of why I could ping www.google.com (which means the DNS
  and route worked fine), but the brower could not download web pages
  (browser does not any problem if using other network connections)?
  I've disabled all firewall and service block in the ADSL modem. My
  debian system does not have any problem if connects to other network.
  Could it be the modem problem?

 Have you tried more than one browser?  What about other protocols, such
 as telnet, ssh, SMTP/POP/IMAP?

I tried lynx, it did display with www.google.com and other web pages,
but I have never played with lynx before, not sure it worked fine or
not.

The mail had problem as well, it could not connect to gmail pop server
in most time, but I could ping that. The mail did connecte to pop
gmail server sometime. The other thing I have to mention that ping
time was about 200ms - 800ms, not sure that would cause the brower and
mail problem or not?

Thank you.

Jim
  Thank you.
 
  Jim

 Celejar
 --
 mailmin.sourceforge.net - remote access via secure (OpenPGP) email
 ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

strange network problem

[S. M. Ibrahim (lavluda)]

Currently i am using a EDGE connection with my mobile phone. Every thing was fine. But recently i got that some thing is wrong my downoad is very poor now, but browsing speed is ok. Any body know the reason ?





S. M. Ibrahim (Lavlu)
Home page: http://lavluda.tripod.com
Blog: http://lavluda.blogspot.com
Cute Pic: http://cutepicture.blogspot.com
Yahoo!! ID: lavluda MSN ID: lavluda Skype : lavluda







signature.asc
Description: This is a digitally signed message part

Resolved: Strange Network problem

[Greg Green]

Martin,

I thought it was DNS at first also, then I was covinced it was routing, now I am
pretty sure that it is DHCP on the Winblows
machine.  In NT you cannot change to a smaller subnet that 255.255.255.0 ( for
DHCP), and mine is .224.  I decided to start using static and now everything is
fine.  This is a good temporary solution until I get the router on a real router
and set up my own DNS server.  Then I think DHCP will work better over our
network, and I think the NT machine will serve better as a coffee table.

Thanks,

Gregory Green
AdvantageCom, Inc.
http://www.advantagecom.com


Martin Bialasinski wrote:

 Greg Green [EMAIL PROTECTED] writes:

  machine since it is not acting as the router.  Also, when I add a
  certain host to my Debian /etc/hosts file.the access is great.  The

  I can also flood the machines on the network with ping -f and not lose
  any packets

  pop server = qpopper (2.2).one-reocurring 110 error ( connot get
  canonical name of  ip xxx.xxx.xxx.xxx) in /var/adm/messages...I think
  this particular machine is just configured wrong in its email setup.

 I think this is a DNS problem. Your linuxbox has trouble resolving the
 names of the machines in your LAN.

 Do you have a line nameserver xxx.xxx.xxx.xxx in your /etc/resolv.conf ?

 I had a similar problem today. I deleted the nameserver lines and couldn't
 connect with telnet and ftp timed-out after one statusline. Other services
 worked as well, as long as they didn't try to resolv a name. Ping worked
 just right.

 In my case, the tcp wrapper wanted to use 0.0.0.0 as address for a
 nameserver when it didn't find an entry in resolv.conf .

 Hope this helps.

 Ciao,
 Martin

 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



--



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Strange Network problem

[Greg Green]

Hello,

I am experiencing a strange network problem and I do not know if my
Debian 1.3.1 kernel 2.0.32 machine is the problem, or an NT Server being
the cause.  I have an NT Server acting as a router with my Debian
machine serving my web page and mail server.  Here's the problem, when I
hit the web server or mail server from outside my network (via internet)
my access is great.  The mail pulls fast and the web site loads quick.
However, when I am dialed into my network or plugged into the hub on my
subnet, connecting to my web server or mail server is very slow.
I will eventually connect and then the mail pulls fine, but the next
time I need to send a message or refresh the web site, it is super slow
connecting again.  I am not the only one, everyone has the same problem.

Here is the strange part, I can surf outside my network great and come
in from outside my network just great.

I do not know if I need to add any kind of routing entries to the Debian
machine since it is not acting as the router.  Also, when I add a
certain host to my Debian /etc/hosts file.the access is great.  The
only reason I do not want to add every host in the /etc/host file is
becuase the NT machine is running DHCP and everything used to work
anyway.  It only started being this slow when the NT machine got
rebooted.
The NT Server is the only machine in the host file outside of the
loopback.

I can also flood the machines on the network with ping -f and not lose
any packets
My setup = debian 1.3.1 kernel 2.0.32 on a pentium 150.
web server = apache  no errors
mail server = smail .no errors
pop server = qpopper (2.2).one-reocurring 110 error ( connot get
canonical name of  ip xxx.xxx.xxx.xxx) in /var/adm/messages...I think
this particular machine is just configured wrong in its email setup.

No errors in dmesg either.
We burned down the NT machine and reloaded everything.problem
persists.  I put a LAN Meter on the network, nothing out of the ordinary
such as the minimal amount of broadcast packets.  There seems to be no
way to pin this one down.

Has anyone ever seen this before?  Am I just missing some sort of
ifconfig command somewhere?  Any fresh ideas would greatly be
appreciated.

Thanks much
--
Gregory Green
AdvantageCom, Inc.
http://www.advantagecom.com


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Strange Network problem

[Martin Bialasinski]

Greg Green [EMAIL PROTECTED] writes:

 machine since it is not acting as the router.  Also, when I add a
 certain host to my Debian /etc/hosts file.the access is great.  The

 I can also flood the machines on the network with ping -f and not lose
 any packets

 pop server = qpopper (2.2).one-reocurring 110 error ( connot get
 canonical name of  ip xxx.xxx.xxx.xxx) in /var/adm/messages...I think
 this particular machine is just configured wrong in its email setup.

I think this is a DNS problem. Your linuxbox has trouble resolving the
names of the machines in your LAN.

Do you have a line nameserver xxx.xxx.xxx.xxx in your /etc/resolv.conf ?

I had a similar problem today. I deleted the nameserver lines and couldn't
connect with telnet and ftp timed-out after one statusline. Other services
worked as well, as long as they didn't try to resolv a name. Ping worked
just right. 

In my case, the tcp wrapper wanted to use 0.0.0.0 as address for a
nameserver when it didn't find an entry in resolv.conf .

Hope this helps.

Ciao,
Martin


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]