:: Re: [DNG] Routing or maybe router i…
Top Page
Delete this message
Reply to this message
Author: o1bigtenor
Date:  
To: tito
CC: dng
Subject: Re: [DNG] Routing or maybe router issues
On Sat, Sep 2, 2023 at 3:03 PM tito via Dng <dng@???> wrote:
>
> On Sat, 2 Sep 2023 13:54:23 -0600
> <crichmon@???> wrote:
>
> > OK, now were getting somewhere...
> > >> OK, so what does the new service connect to? There must be some ISP
> > >> box to convert fiber to ethernet.
> > > 1st box is a "fiber media converter" from the isp.
> >
> > >> What all is hooked to the ISP's box?
> > >one ethernet cable
> > Does it have more than one LAN port? If not, do you have a switch you can put
> > between the fiber media converter and the router? The point is to be able to set
> > up the OPNsense box without disturbing your existing network. BTW, have you
> > ever set up an OPNsense box before? Do you have a good tutorial to work from?
> >
> > >> Does this ISP box have an interface of some sort to check it's status?
> > > 6 leds on one side of box (same as cables and opposite of power entry)
> > I meant a web page or console login. Inside, it has to have something running
> > a minimal network stack and maybe a dhcp server, unless it's simply a bridge.
> > Do you know one way or the other?
> >
> > >> Which side of the router is 192.128.1.9? The LAN port? What address
> > >> is on the WAN port?
> > > lan port is 192.168.1.9
> > > wan port is 38.xx.xx.xxx
> > And the 38.x.x.x is coming from the ISP's box or the ISP remotely? (bridging question)
> >
> > >> What all hooks to the LAN port(s) on the router? What other
> > >> networking devices are on your LAN?
> > >1 cable to a 16 port unmanaged switch (10/100 MBit - - - new 10/100/1000 24 port is coming)
> > OK
> >
> > >> Naming devices what they are would help describing your environment.
> > >Only if you understood my naming system.
> > :^)
> >
> > >> Are you sure it's DNS issues? How do you know?
> > > Well when the router itself says that the cable is disconnected (and its visually not true)
> > Which cable? Does that connection have idiot light blinking or are they dark?
> >
> > > and a power cycle on the router clears the web access issue - - - well the previous isp tech team was the source of that likelihood.
> > So, on Windows, this is supposed to work: ipconfig /flushdns. For Linux, it depends on if you even have
> > a DNS server and which one. Unless you set one up, I'm guessing you don't have one configured.
> > One thing you can do on your Linux boxes is: cat /etc/resolv.conf
> > This will tell you who on your network claims to be your DNS server.
> > Similarly, you should be able to figure out who your dhcp server is. On one of my
> > RPi's requires this: dhcpcd --dumplease eth0
> > On a devuan VM, this works: cat /var/lib/dhcp/dhclient.eth0.leases
> > I'm betting in both cases, your router is the DNS cache as well as the DHCP server. If
> > that's the case, then rebooting your main box shouldn't be required.
> >
> > >>> Usually taking a router power cycle AND me to reboot my main box so
> > >>> that I could have web access again (wireless access would happen without system reboot).)
> > >> What sort of "main box" do you have?
> > >Linux devuanmain 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1
> > And that takes 10's of minutes to reboot? Too much stuff loading? Not enough memory?
> >
> > >> It is unlikely you have to reboot it because of network issues.
> > >Correct in theory but when I can't figure out how to clear the dns cache - - - well its the likeliest solution (even if it's a pita).
> > If you don't have a DNS cache on that box, there's nothing to clear.
> >
> > >> There are commands to drop and restart networking on Linux and for
> > >> Windows, if you are using DHCP, you can ipconfig /release and ipconfig /renew your address.
> >
> > > I have asked a number of times about this.
> > > Have been told that I'm supposed to install more software - - - unbound was one recommended hasn't happened because I knew the new isp was happening soon and didn't want even more things that could go wrong with the previous > ISP (world class uselessness they were generally).
> > > Wanted to have the opnsense box ready and configured before they completed the install.
> > > They surprised me after taking 8 weeks doing nothing they did the final 2 steps in one morning and I didn't have the opnsense box configured (still don't - - - - that's why this ask - - - I need a way to get online with the router AND have
> > > access to the opnsense box - - - that's the problem in a nutshell!).
> >
> > So... it seems to me you are trying to debug using a giant hammer rather than a small tack hammer, meaning
> > you are using big changes and a lot of hope rather than understanding the problem and dealing with that first.
> > For one thing, you can bring down and up your interface with (assuming your connection is eth0, and you have ifconfig installed):
> > ifconfig eth0 down
> > ifconfig eth0 up
> > Here's a guide if you only have the 'ip' command: https://www.tecmint.com/ip-command-examples/
> >
> > >> This is separate from your main box? What do you have OPNsense configured to do?
> > > nothing at this point - - - have been unable to access the opnsense box over the last 2 days.
> >
> > >> How many interfaces? Can you hook up a monitor and keyboard and
> > >> configure it locally verses over the network?
> >
> > > In an ideal world - - - yes - - - but they have things set up so the best configuration tools are when one using web access to the box. I have access to the
> > > opnsense box through a monitor and keyboard/mouse. I have NOT been able to find any configuration menus available for a cli configuration is the various
> > > parts of opnsense (it's a router/firewall and definitely NOT simple nor straightforward none of which is helped that I'm a noob at it.)
> > You know, if you can run a GUI on this machine and a browser, you can point the browser to http://127.0.0.1/ (or whatever the web page port is), right?
> > If not, you are back to "over the network." And I guess that answers the question about your experience with OPNsense. :^)
> > Any thoughts on why you picked OPNsense over the various alternatives?
> > My experience has been with ipchains and iptables, but recently switched to
> > pfSense in a VM. pfSense runs on FreeBSD, so similar but different from Linux.
>
> Maybe you could try IpFire on this router as at least it is linux.
>
> https://www.ipfire.org/
>
> IPFire is a fortified open-source Linux distribution that serves primarily
> as a firewall and router. It has a web-based management console for
> configuration. IPFire Linux Firewall is one of the best and most effective
> open-source firewalls for any individual or an enterprise network.
>


IPFire was under consideration - - - until I found that it doesn't support ipv6
and they've been working to get that support for some 4 or 5 years already
and haven't been able to get things completed. (I'm no programmer so I would
be no help in that odyssey!) That was when I went to:

I considered both pfsense and opnsense.
pfsense was in my opinion deprecated when I found a bunch of emails to and
from support where it seemed like the trend in pfsense was to closed source.
Even if I'm not a programmer I want to use open source.

Got badly burned with VMs a few years ago and haven't ventured back.
I don't really have that much time to spare to blow a few hundred hours
like the last time to find myself with a system that someone else was
controlling. (Sorry - - - I'm seeing little benign from too many of the
vm proponent architectures.)

It would seem that all of these type of systems are designed for
experts - - - of which I am not one. I have gotten some interesting stuff
done here but I follow 'recipes'.

I may have to go back to considering something like ipfire.

Alternative is getting another switch - - - one is coming next week.

Thanks for the time and assistance.