:: Re: [DNG] Routing or maybe router i…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: tito
Date:  
À: dng
Sujet: Re: [DNG] Routing or maybe router issues
On Sat, 2 Sep 2023 13:54:23 -0600
<crichmon@???> wrote:

> OK, now were getting somewhere...
> >> OK, so what does the new service connect to? There must be some ISP
> >> box to convert fiber to ethernet.
> > 1st box is a "fiber media converter" from the isp.
>
> >> What all is hooked to the ISP's box?
> >one ethernet cable
> Does it have more than one LAN port? If not, do you have a switch you can put
> between the fiber media converter and the router? The point is to be able to set
> up the OPNsense box without disturbing your existing network. BTW, have you
> ever set up an OPNsense box before? Do you have a good tutorial to work from?
>
> >> Does this ISP box have an interface of some sort to check it's status?
> > 6 leds on one side of box (same as cables and opposite of power entry)
> I meant a web page or console login. Inside, it has to have something running
> a minimal network stack and maybe a dhcp server, unless it's simply a bridge.
> Do you know one way or the other?
>
> >> Which side of the router is 192.128.1.9? The LAN port? What address
> >> is on the WAN port?
> > lan port is 192.168.1.9
> > wan port is 38.xx.xx.xxx
> And the 38.x.x.x is coming from the ISP's box or the ISP remotely? (bridging question)
>
> >> What all hooks to the LAN port(s) on the router? What other
> >> networking devices are on your LAN?
> >1 cable to a 16 port unmanaged switch (10/100 MBit - - - new 10/100/1000 24 port is coming)
> OK
>
> >> Naming devices what they are would help describing your environment.
> >Only if you understood my naming system.
> :^)
>
> >> Are you sure it's DNS issues? How do you know?
> > Well when the router itself says that the cable is disconnected (and its visually not true)
> Which cable? Does that connection have idiot light blinking or are they dark?
>
> > and a power cycle on the router clears the web access issue - - - well the previous isp tech team was the source of that likelihood.
> So, on Windows, this is supposed to work: ipconfig /flushdns. For Linux, it depends on if you even have
> a DNS server and which one. Unless you set one up, I'm guessing you don't have one configured.
> One thing you can do on your Linux boxes is: cat /etc/resolv.conf
> This will tell you who on your network claims to be your DNS server.
> Similarly, you should be able to figure out who your dhcp server is. On one of my
> RPi's requires this: dhcpcd --dumplease eth0
> On a devuan VM, this works: cat /var/lib/dhcp/dhclient.eth0.leases
> I'm betting in both cases, your router is the DNS cache as well as the DHCP server. If
> that's the case, then rebooting your main box shouldn't be required.
>
> >>> Usually taking a router power cycle AND me to reboot my main box so
> >>> that I could have web access again (wireless access would happen without system reboot).)
> >> What sort of "main box" do you have?
> >Linux devuanmain 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1
> And that takes 10's of minutes to reboot? Too much stuff loading? Not enough memory?
>
> >> It is unlikely you have to reboot it because of network issues.
> >Correct in theory but when I can't figure out how to clear the dns cache - - - well its the likeliest solution (even if it's a pita).
> If you don't have a DNS cache on that box, there's nothing to clear.
>
> >> There are commands to drop and restart networking on Linux and for
> >> Windows, if you are using DHCP, you can ipconfig /release and ipconfig /renew your address.
>
> > I have asked a number of times about this.
> > Have been told that I'm supposed to install more software - - - unbound was one recommended hasn't happened because I knew the new isp was happening soon and didn't want even more things that could go wrong with the previous > ISP (world class uselessness they were generally).
> > Wanted to have the opnsense box ready and configured before they completed the install.
> > They surprised me after taking 8 weeks doing nothing they did the final 2 steps in one morning and I didn't have the opnsense box configured (still don't - - - - that's why this ask - - - I need a way to get online with the router AND have
> > access to the opnsense box - - - that's the problem in a nutshell!).
>
> So... it seems to me you are trying to debug using a giant hammer rather than a small tack hammer, meaning
> you are using big changes and a lot of hope rather than understanding the problem and dealing with that first.
> For one thing, you can bring down and up your interface with (assuming your connection is eth0, and you have ifconfig installed):
> ifconfig eth0 down
> ifconfig eth0 up
> Here's a guide if you only have the 'ip' command: https://www.tecmint.com/ip-command-examples/
>
> >> This is separate from your main box? What do you have OPNsense configured to do?
> > nothing at this point - - - have been unable to access the opnsense box over the last 2 days.
>
> >> How many interfaces? Can you hook up a monitor and keyboard and
> >> configure it locally verses over the network?
>
> > In an ideal world - - - yes - - - but they have things set up so the best configuration tools are when one using web access to the box. I have access to the
> > opnsense box through a monitor and keyboard/mouse. I have NOT been able to find any configuration menus available for a cli configuration is the various
> > parts of opnsense (it's a router/firewall and definitely NOT simple nor straightforward none of which is helped that I'm a noob at it.)
> You know, if you can run a GUI on this machine and a browser, you can point the browser to http://127.0.0.1/ (or whatever the web page port is), right?
> If not, you are back to "over the network." And I guess that answers the question about your experience with OPNsense. :^)
> Any thoughts on why you picked OPNsense over the various alternatives?
> My experience has been with ipchains and iptables, but recently switched to
> pfSense in a VM. pfSense runs on FreeBSD, so similar but different from Linux.


Maybe you could try IpFire on this router as at least it is linux.

https://www.ipfire.org/

IPFire is a fortified open-source Linux distribution that serves primarily
as a firewall and router. It has a web-based management console for
configuration. IPFire Linux Firewall is one of the best and most effective
open-source firewalls for any individual or an enterprise network.

> >> (I cannot ping this machine from my main box. Cannot get access
> >> using a web portal either. Need to complete the configuration of this setup
> >> and would like this to be my new router.)
> Noble goal, but you've got way bigger problems at the moment.
>
> > > Have a NanoPiR4S (4GB version) with OpenWRT > . > installed but not
> > configured. Asus router says that its lan ip is 192.168.1.1 .
> So... isn't OpenWRT yet another router OS install? What is your intent with this box?
>
> >>> (I cannot ping this machine from my main box. Cannot get access using Luci
> >>> either because I cannot complete the configuration of the machine.)
> >> Same question; Can you hook up a monitor and keyboard and configure it
> >> locally verses over the network?
> >Nope its a SoC (like a RaspberryPi) but without graphics capabilities.
> >(mini-SD card port, 2 - USB3.0 ports, 2 - RJ45 ports (1 WAN and 1 LAN).
> Personally, this little thing sounds unpleasant to live with.
>
> >> Wife's cell phone says its connected to the network but has not web access.
> I'm near an idiot when it comes to cell phones. Doesn't it failover to the cell
> network if WiFi doesn't work?
>
> > > My cell phone is connected to the network and has web access.
> > Over WiFI or via the cell network?
> ???
>
> > > I only have one option for internet access so when I shut down the
> > > asus router - - - no web - - - so I can't troubleshoot or access
> > configuration recipes.
> > That doesn't make sense. In your entire network using WiFi? If so,
> > you might have better luck running some ethernet cables for a while
> > until things are stable.
> Let me restate. Web access to me, is outside your LAN. So you are saying that
> when things are broken, you can't access web pages that are internal? That's not
> a "Web" problem, that's a LAN problem.
>
> >>> So - - - - am I having all these issues because I have a number of router
> >>> class m/cs running all at the same time?
> >> What is a "router class m/c"?
> >Asus router, opnsense box (firewall/router), NanoPi R4S - could be an OpenWRT router (if I could ever configure it!).
> Probably not, but haven't got that far to determine.
>
> >Well unplugged both the opnsense box and the nanopi R4S box.
> >Network works - - - - but I still don't have a way to access either of these boxes so that I can get rid of the Asus router from primary position (its to be demoted to a wireless AP point).
> So, this may be telling. It's possible you've got some sort of IP address conflict or routing loop that's
> cratering your network. So, on the one Devuan box I do most of my work on, this lists off network
> traffic. It takes some getting used to, but nothing seems out of place.
> tcpdump -i eth0 -c 1000 port not 5901
> Since I'm accessing it from a VNC viewer in Window, I'm filtering out port 5901 to avoid the VNC traffic.
> wireshark is a better interface over the same data source. In both cases, you have to have some idea of
> what you are seeing. One other thing... when you have networking switches, you can't monitor all traffic
> from any machine, because switches contain traffic between the two relevant ports. Slightly fancier switches
> can monitor third ports, and managed switches can do most anything you want in that area.
>
> One other thought. What if you connect your main boxes ethernet cable directly to your router, next to
> the cable that goes to your 16 port switch. Does that change the picture any?
>
> One main point, is that you are trying to debug a less-than-simple network without trying to simplify things.
> Start small, verify that works, then work up to bigger things.
>
> Chris
>
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng