:: Re: [DNG] Routing or maybe router i…
Top Page
Delete this message
Reply to this message
Author: crichmon
Date:  
To: 'o1bigtenor'
CC: dng
Subject: Re: [DNG] Routing or maybe router issues
OK, now were getting somewhere...
>> OK, so what does the new service connect to? There must be some ISP
>> box to convert fiber to ethernet.
> 1st box is a "fiber media converter" from the isp.


>> What all is hooked to the ISP's box?
>one ethernet cable

Does it have more than one LAN port? If not, do you have a switch you can put
between the fiber media converter and the router? The point is to be able to set
up the OPNsense box without disturbing your existing network. BTW, have you
ever set up an OPNsense box before? Do you have a good tutorial to work from?

>> Does this ISP box have an interface of some sort to check it's status?
> 6 leds on one side of box (same as cables and opposite of power entry)

I meant a web page or console login. Inside, it has to have something running
a minimal network stack and maybe a dhcp server, unless it's simply a bridge.
Do you know one way or the other?

>> Which side of the router is 192.128.1.9? The LAN port? What address
>> is on the WAN port?
> lan port is 192.168.1.9
> wan port is 38.xx.xx.xxx

And the 38.x.x.x is coming from the ISP's box or the ISP remotely? (bridging question)

>> What all hooks to the LAN port(s) on the router? What other
>> networking devices are on your LAN?
>1 cable to a 16 port unmanaged switch (10/100 MBit - - - new 10/100/1000 24 port is coming)

OK

>> Naming devices what they are would help describing your environment.
>Only if you understood my naming system.

:^)

>> Are you sure it's DNS issues? How do you know?
> Well when the router itself says that the cable is disconnected (and its visually not true)

Which cable? Does that connection have idiot light blinking or are they dark?

> and a power cycle on the router clears the web access issue - - - well the previous isp tech team was the source of that likelihood.

So, on Windows, this is supposed to work: ipconfig /flushdns. For Linux, it depends on if you even have
a DNS server and which one. Unless you set one up, I'm guessing you don't have one configured.
One thing you can do on your Linux boxes is: cat /etc/resolv.conf
This will tell you who on your network claims to be your DNS server.
Similarly, you should be able to figure out who your dhcp server is. On one of my
RPi's requires this: dhcpcd --dumplease eth0
On a devuan VM, this works: cat /var/lib/dhcp/dhclient.eth0.leases
I'm betting in both cases, your router is the DNS cache as well as the DHCP server. If
that's the case, then rebooting your main box shouldn't be required.

>>> Usually taking a router power cycle AND me to reboot my main box so
>>> that I could have web access again (wireless access would happen without system reboot).)
>> What sort of "main box" do you have?
>Linux devuanmain 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1

And that takes 10's of minutes to reboot? Too much stuff loading? Not enough memory?

>> It is unlikely you have to reboot it because of network issues.
>Correct in theory but when I can't figure out how to clear the dns cache - - - well its the likeliest solution (even if it's a pita).

If you don't have a DNS cache on that box, there's nothing to clear.

>> There are commands to drop and restart networking on Linux and for
>> Windows, if you are using DHCP, you can ipconfig /release and ipconfig /renew your address.


> I have asked a number of times about this.
> Have been told that I'm supposed to install more software - - - unbound was one recommended hasn't happened because I knew the new isp was happening soon and didn't want even more things that could go wrong with the previous > ISP (world class uselessness they were generally).
> Wanted to have the opnsense box ready and configured before they completed the install.
> They surprised me after taking 8 weeks doing nothing they did the final 2 steps in one morning and I didn't have the opnsense box configured (still don't - - - - that's why this ask - - - I need a way to get online with the router AND have
> access to the opnsense box - - - that's the problem in a nutshell!).


So... it seems to me you are trying to debug using a giant hammer rather than a small tack hammer, meaning
you are using big changes and a lot of hope rather than understanding the problem and dealing with that first.
For one thing, you can bring down and up your interface with (assuming your connection is eth0, and you have ifconfig installed):
ifconfig eth0 down
ifconfig eth0 up
Here's a guide if you only have the 'ip' command: https://www.tecmint.com/ip-command-examples/

>> This is separate from your main box? What do you have OPNsense configured to do?
> nothing at this point - - - have been unable to access the opnsense box over the last 2 days.


>> How many interfaces? Can you hook up a monitor and keyboard and
>> configure it locally verses over the network?


> In an ideal world - - - yes - - - but they have things set up so the best configuration tools are when one using web access to the box. I have access to the
> opnsense box through a monitor and keyboard/mouse. I have NOT been able to find any configuration menus available for a cli configuration is the various
> parts of opnsense (it's a router/firewall and definitely NOT simple nor straightforward none of which is helped that I'm a noob at it.)

You know, if you can run a GUI on this machine and a browser, you can point the browser to http://127.0.0.1/ (or whatever the web page port is), right?
If not, you are back to "over the network." And I guess that answers the question about your experience with OPNsense. :^)
Any thoughts on why you picked OPNsense over the various alternatives?
My experience has been with ipchains and iptables, but recently switched to
pfSense in a VM. pfSense runs on FreeBSD, so similar but different from Linux.

>> (I cannot ping this machine from my main box. Cannot get access
>> using a web portal either. Need to complete the configuration of this setup
>> and would like this to be my new router.)

Noble goal, but you've got way bigger problems at the moment.

> > Have a NanoPiR4S (4GB version) with OpenWRT > . > installed but not
> configured. Asus router says that its lan ip is 192.168.1.1 .

So... isn't OpenWRT yet another router OS install? What is your intent with this box?

>>> (I cannot ping this machine from my main box. Cannot get access using Luci
>>> either because I cannot complete the configuration of the machine.)
>> Same question; Can you hook up a monitor and keyboard and configure it
>> locally verses over the network?
>Nope its a SoC (like a RaspberryPi) but without graphics capabilities.
>(mini-SD card port, 2 - USB3.0 ports, 2 - RJ45 ports (1 WAN and 1 LAN).

Personally, this little thing sounds unpleasant to live with.

>> Wife's cell phone says its connected to the network but has not web access.

I'm near an idiot when it comes to cell phones. Doesn't it failover to the cell
network if WiFi doesn't work?

> > My cell phone is connected to the network and has web access.
> Over WiFI or via the cell network?

???

> > I only have one option for internet access so when I shut down the
> > asus router - - - no web - - - so I can't troubleshoot or access
> configuration recipes.
> That doesn't make sense. In your entire network using WiFi? If so,
> you might have better luck running some ethernet cables for a while
> until things are stable.

Let me restate. Web access to me, is outside your LAN. So you are saying that
when things are broken, you can't access web pages that are internal? That's not
a "Web" problem, that's a LAN problem.

>>> So - - - - am I having all these issues because I have a number of router
>>> class m/cs running all at the same time?
>> What is a "router class m/c"?
>Asus router, opnsense box (firewall/router), NanoPi R4S - could be an OpenWRT router (if I could ever configure it!).

Probably not, but haven't got that far to determine.

>Well unplugged both the opnsense box and the nanopi R4S box.
>Network works - - - - but I still don't have a way to access either of these boxes so that I can get rid of the Asus router from primary position (its to be demoted to a wireless AP point).

So, this may be telling. It's possible you've got some sort of IP address conflict or routing loop that's
cratering your network. So, on the one Devuan box I do most of my work on, this lists off network
traffic. It takes some getting used to, but nothing seems out of place.
tcpdump -i eth0 -c 1000 port not 5901
Since I'm accessing it from a VNC viewer in Window, I'm filtering out port 5901 to avoid the VNC traffic.
wireshark is a better interface over the same data source. In both cases, you have to have some idea of
what you are seeing. One other thing... when you have networking switches, you can't monitor all traffic
from any machine, because switches contain traffic between the two relevant ports. Slightly fancier switches
can monitor third ports, and managed switches can do most anything you want in that area.

One other thought. What if you connect your main boxes ethernet cable directly to your router, next to
the cable that goes to your 16 port switch. Does that change the picture any?

One main point, is that you are trying to debug a less-than-simple network without trying to simplify things.
Start small, verify that works, then work up to bigger things.

Chris