Re: alias issue with snapshot #1175

[Sonic]

Sorry for the noise. It did turn out to be that the 3rd party device
was squatting on the .45 address.
Thanks to all!

Re: alias issue with snapshot #1175

[Sonic]

On Tue, May 9, 2023 at 2:24 AM Stuart Henderson  wrote:
> The only strange thing in there that I'm seeing is
>
> inet 10.68.73.1 255.255.255.248
> ...
> !route add -inet /24 10.68.73.1
> !route add -inet /24 10.68.73.1
>
> i.e. adding a route pointing at the local machine for those various
> networks, but that's not relating to the address where you mentioned
> having the problem.

I guess it might be better to point the route to the peer. Works either way.

> Perhaps diffing ifconfig -A (or maybe netstat -rn) between the working
> and non-working state will give a clue.

I just eyeballed it and they look the same but I'll run a diff to make sure.

Was able to test another system with a /29 and had no issues leaving
out an alias and having all the other addresses work fine, but in this
case there was no 3rd party device connected to the cable modem
utilizing that unused address. Hopefully by this weekend I can do some
testing by unplugging the 3rd party device and see what transpires.
Thanks!
Chris

Re: alias issue with snapshot #1175

[Sonic]

On Tue, May 9, 2023 at 12:35 AM Navan Carson  wrote:
> Do you have names that depend on DNS in pf.conf?

No.

Re: alias issue with snapshot #1175

[Stuart Henderson]

On 2023/05/08 10:48, Sonic wrote:
> On Mon, May 8, 2023 at 9:24 AM Stuart Henderson
>  wrote:
> > There's not enough information really. /etc/hostname.* and maybe results
> > of ifconfig -A and netstat -rn might give more clues.
> 
> Here's that info - hopefully not munged beyond use.
> Note that this is after the interface has been restarted (so the .45
> is working) but everything appeared normal before (ifconfig, etc.)
> although I won't be able to verify until late tonight when I can
> reboot the system.

The only strange thing in there that I'm seeing is

inet 10.68.73.1 255.255.255.248
...
!route add -inet /24 10.68.73.1
!route add -inet /24 10.68.73.1

i.e. adding a route pointing at the local machine for those various
networks, but that's not relating to the address where you mentioned
having the problem.

Perhaps diffing ifconfig -A (or maybe netstat -rn) between the working
and non-working state will give a clue.

Re: alias issue with snapshot #1175

[Navan Carson]

> On May 8, 2023, at 5:32 PM, Sonic  wrote:
> 
> No real difference in the output of ifconfig or netstat before and
> after restarting the network after a reboot.
> The .45 alias refuses to accept/pass data other than answer a ping
> after booting until the network, or at least the interface (em0) that
> contains the alias is restarted.
> From outside testing the ssh port I get "tcp closed" and after the
> network restart "tcp open", the other 3 addresses, .41, .42, .43 all
> work properly after booting.
> The .44 address being used by another device and not as an alias seems
> to be tripping something up, but only after boot, once the interface
> is restarted all is well.
> Absolutely nothing in the logs indicating any error.
> 
> 
>> On Mon, May 8, 2023 at 10:48 AM Sonic  wrote:
>> 
>>> On Mon, May 8, 2023 at 9:24 AM Stuart Henderson
>>>  wrote:
>>> There's not enough information really. /etc/hostname.* and maybe results
>>> of ifconfig -A and netstat -rn might give more clues.
>> 
>> Here's that info - hopefully not munged beyond use.
>> Note that this is after the interface has been restarted (so the .45
>> is working) but everything appeared normal before (ifconfig, etc.)
>> although I won't be able to verify until late tonight when I can
>> reboot the system.
> 

Do you have names that depend on DNS in pf.conf?

Re: alias issue with snapshot #1175

[Sonic]

No real difference in the output of ifconfig or netstat before and
after restarting the network after a reboot.
The .45 alias refuses to accept/pass data other than answer a ping
after booting until the network, or at least the interface (em0) that
contains the alias is restarted.
>From outside testing the ssh port I get "tcp closed" and after the
network restart "tcp open", the other 3 addresses, .41, .42, .43 all
work properly after booting.
The .44 address being used by another device and not as an alias seems
to be tripping something up, but only after boot, once the interface
is restarted all is well.
Absolutely nothing in the logs indicating any error.


On Mon, May 8, 2023 at 10:48 AM Sonic  wrote:
>
> On Mon, May 8, 2023 at 9:24 AM Stuart Henderson
>  wrote:
> > There's not enough information really. /etc/hostname.* and maybe results
> > of ifconfig -A and netstat -rn might give more clues.
>
> Here's that info - hopefully not munged beyond use.
> Note that this is after the interface has been restarted (so the .45
> is working) but everything appeared normal before (ifconfig, etc.)
> although I won't be able to verify until late tonight when I can
> reboot the system.

Re: alias issue with snapshot #1175

[Sonic]

On Mon, May 8, 2023 at 9:24 AM Stuart Henderson
 wrote:
> There's not enough information really. /etc/hostname.* and maybe results
> of ifconfig -A and netstat -rn might give more clues.

Here's that info - hopefully not munged beyond use.
Note that this is after the interface has been restarted (so the .45
is working) but everything appeared normal before (ifconfig, etc.)
although I won't be able to verify until late tonight when I can
reboot the system.
lo0: flags=8049 mtu 32768
index 5 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff00
em0: flags=8843 mtu 1500
lladdr 68:05:ca:33:9b:46
description: external network
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT 
full-duplex,master,rxpause,txpause)
status: active
inet 51.67.20.41 netmask 0xfff8 broadcast 51.67.20.47
inet 51.67.20.42 netmask 0x
inet 51.67.20.43 netmask 0x
inet 51.67.20.45 netmask 0x
em1: flags=8802 mtu 1500
lladdr 00:25:90:87:9e:75
index 2 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em2: flags=8843 mtu 1500
lladdr 00:25:90:87:9e:74
description: internal network
index 3 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet  netmask 0xfe00 broadcast 
enc0: flags=0<>
index 4 priority 0 llprio 3
groups: enc
status: active
wg0: flags=80c3 mtu 1420
description: VPN
index 6 priority 0 llprio 3
wgport 
wgpubkey 
wgpeer 
wgpsk (present)
wgendpoint  61722
tx: 109217968, rx: 3820653136
last handshake: 96 seconds ago
wgaip /24
wgaip /24
wgaip /24
wgaip /32
wgpeer 
wgpsk (present)
wgendpoint  61723
tx: 3383156, rx: 2595500
last handshake: 30 seconds ago
wgaip /24
wgaip /24
wgaip /23
wgaip /23
wgaip /32
wgpeer 
wgpsk (present)
wgendpoint  32925
tx: 4543152, rx: 5454580
last handshake: 69 seconds ago
wgaip /24
wgaip /24
wgaip /24
wgaip /24
wgaip /32
wgpeer 
wgpsk (present)
wgendpoint  37666
tx: 21211976, rx: 3509392
last handshake: 77 seconds ago
wgaip /24
wgaip /32
groups: wg
inet 10.68.73.1 netmask 0xfff8 broadcast 10.68.73.7
pflog0: flags=141 mtu 33136
index 7 priority 0 llprio 3
groups: pflog
116 mbufs in use:
109 mbufs allocated to data
1 mbuf allocated to packet headers
6 mbufs allocated to socket names and addresses
0/40 mbuf 2048 byte clusters in use (current/peak)
107/210 mbuf 2112 byte clusters in use (current/peak)
0/8 mbuf 4096 byte clusters in use (current/peak)
0/8 mbuf 8192 byte clusters in use (current/peak)
0/0 mbuf 9216 byte clusters in use (current/peak)
0/0 mbuf 12288 byte clusters in use (current/peak)
0/0 mbuf 16384 byte clusters in use (current/peak)
0/0 mbuf 65536 byte clusters in use (current/peak)
660/676/524288 Kbytes allocated to network (current/peak/max)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines


hostname.em0
Description: Binary data


hostname.em2
Description: Binary data


hostname.wg0
Description: Binary data

Re: alias issue with snapshot #1175

[Stuart Henderson]

On 2023-05-08, Sonic  wrote:
> This is repeatable every time. After a boot the .45 alias does not
> pass any traffic, its ports are closed. It will answer a ping, and
> shows up in "ifconfig -A" (or em0) and in netstat.
> The other 3 addresses work normally.
> Restarting the interface with "sh /etc/netstart em0" brings the .45
> alias back to an active state.

There's not enough information really. /etc/hostname.* and maybe results
of ifconfig -A and netstat -rn might give more clues.


-- 
Please keep replies on the mailing list.

Re: alias issue with snapshot #1175

[Sonic]

This is repeatable every time. After a boot the .45 alias does not
pass any traffic, its ports are closed. It will answer a ping, and
shows up in "ifconfig -A" (or em0) and in netstat.
The other 3 addresses work normally.
Restarting the interface with "sh /etc/netstart em0" brings the .45
alias back to an active state.

On Sun, May 7, 2023 at 8:43 PM Sonic  wrote:
>
> After doing a "sh /etc/netstart em0" that alias is back up and
> working. The problem occurs after boot.
>
> On Sun, May 7, 2023 at 7:23 PM Sonic  wrote:
> >
> > Hello,
> >
> > Upgrade a system to the latest snapshot - 1175 - and am seeing a
> > problem with an alias address.
> > The outside IP is part of a /29 (not actual addresses) :
> > inet 51.67.20.41 netmask 0xfff8 broadcast 51.67.20.47
> > inet 51.67.20.42 netmask 0x
> > inet 51.67.20.43 netmask 0x
> > inet 51.67.20.45 netmask 0x
> > The address 51.67.20.44 is used by another device connected to the
> > same cable modem.
> > All was working well until the upgrade and now the alias 51.67.20.45
> > will answer a ping but shows ports that should be open as closed, and
> > traffic does not pass.
> > The other 3 addresses (main and aliases) continue to work normally.
> >
> > Thanks for any assistance.
> > Chris

Re: alias issue with snapshot #1175

[Sonic]

After doing a "sh /etc/netstart em0" that alias is back up and
working. The problem occurs after boot.

On Sun, May 7, 2023 at 7:23 PM Sonic  wrote:
>
> Hello,
>
> Upgrade a system to the latest snapshot - 1175 - and am seeing a
> problem with an alias address.
> The outside IP is part of a /29 (not actual addresses) :
> inet 51.67.20.41 netmask 0xfff8 broadcast 51.67.20.47
> inet 51.67.20.42 netmask 0x
> inet 51.67.20.43 netmask 0x
> inet 51.67.20.45 netmask 0x
> The address 51.67.20.44 is used by another device connected to the
> same cable modem.
> All was working well until the upgrade and now the alias 51.67.20.45
> will answer a ping but shows ports that should be open as closed, and
> traffic does not pass.
> The other 3 addresses (main and aliases) continue to work normally.
>
> Thanks for any assistance.
> Chris

alias issue with snapshot #1175

[Sonic]

Hello,

Upgrade a system to the latest snapshot - 1175 - and am seeing a
problem with an alias address.
The outside IP is part of a /29 (not actual addresses) :
inet 51.67.20.41 netmask 0xfff8 broadcast 51.67.20.47
inet 51.67.20.42 netmask 0x
inet 51.67.20.43 netmask 0x
inet 51.67.20.45 netmask 0x
The address 51.67.20.44 is used by another device connected to the
same cable modem.
All was working well until the upgrade and now the alias 51.67.20.45
will answer a ping but shows ports that should be open as closed, and
traffic does not pass.
The other 3 addresses (main and aliases) continue to work normally.

Thanks for any assistance.
Chris