:: Re: [DNG] Routing or maybe router i…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: tito
Date:  
À: dng
Sujet: Re: [DNG] Routing or maybe router issues
On Sat, 2 Sep 2023 17:05:57 -0500
o1bigtenor <o1bigtenor@???> wrote:

> On Sat, Sep 2, 2023 at 3:03 PM tito via Dng <dng@???> wrote:
> >
> > On Sat, 2 Sep 2023 13:54:23 -0600
> > <crichmon@???> wrote:
> >
> > > OK, now were getting somewhere...
> > > >> OK, so what does the new service connect to? There must be some ISP
> > > >> box to convert fiber to ethernet.
> > > > 1st box is a "fiber media converter" from the isp.
> > >
> > > >> What all is hooked to the ISP's box?
> > > >one ethernet cable
> > > Does it have more than one LAN port? If not, do you have a switch you can put
> > > between the fiber media converter and the router? The point is to be able to set
> > > up the OPNsense box without disturbing your existing network. BTW, have you
> > > ever set up an OPNsense box before? Do you have a good tutorial to work from?
> > >
> > > >> Does this ISP box have an interface of some sort to check it's status?
> > > > 6 leds on one side of box (same as cables and opposite of power entry)
> > > I meant a web page or console login. Inside, it has to have something running
> > > a minimal network stack and maybe a dhcp server, unless it's simply a bridge.
> > > Do you know one way or the other?
> > >
> > > >> Which side of the router is 192.128.1.9? The LAN port? What address
> > > >> is on the WAN port?
> > > > lan port is 192.168.1.9
> > > > wan port is 38.xx.xx.xxx
> > > And the 38.x.x.x is coming from the ISP's box or the ISP remotely? (bridging question)
> > >
> > > >> What all hooks to the LAN port(s) on the router? What other
> > > >> networking devices are on your LAN?
> > > >1 cable to a 16 port unmanaged switch (10/100 MBit - - - new 10/100/1000 24 port is coming)
> > > OK
> > >
> > > >> Naming devices what they are would help describing your environment.
> > > >Only if you understood my naming system.
> > > :^)
> > >
> > > >> Are you sure it's DNS issues? How do you know?
> > > > Well when the router itself says that the cable is disconnected (and its visually not true)
> > > Which cable? Does that connection have idiot light blinking or are they dark?
> > >
> > > > and a power cycle on the router clears the web access issue - - - well the previous isp tech team was the source of that likelihood.
> > > So, on Windows, this is supposed to work: ipconfig /flushdns. For Linux, it depends on if you even have
> > > a DNS server and which one. Unless you set one up, I'm guessing you don't have one configured.
> > > One thing you can do on your Linux boxes is: cat /etc/resolv.conf
> > > This will tell you who on your network claims to be your DNS server.
> > > Similarly, you should be able to figure out who your dhcp server is. On one of my
> > > RPi's requires this: dhcpcd --dumplease eth0
> > > On a devuan VM, this works: cat /var/lib/dhcp/dhclient.eth0.leases
> > > I'm betting in both cases, your router is the DNS cache as well as the DHCP server. If
> > > that's the case, then rebooting your main box shouldn't be required.
> > >
> > > >>> Usually taking a router power cycle AND me to reboot my main box so
> > > >>> that I could have web access again (wireless access would happen without system reboot).)
> > > >> What sort of "main box" do you have?
> > > >Linux devuanmain 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1
> > > And that takes 10's of minutes to reboot? Too much stuff loading? Not enough memory?
> > >
> > > >> It is unlikely you have to reboot it because of network issues.
> > > >Correct in theory but when I can't figure out how to clear the dns cache - - - well its the likeliest solution (even if it's a pita).
> > > If you don't have a DNS cache on that box, there's nothing to clear.
> > >
> > > >> There are commands to drop and restart networking on Linux and for
> > > >> Windows, if you are using DHCP, you can ipconfig /release and ipconfig /renew your address.
> > >
> > > > I have asked a number of times about this.
> > > > Have been told that I'm supposed to install more software - - - unbound was one recommended hasn't happened because I knew the new isp was happening soon and didn't want even more things that could go wrong with the previous > ISP (world class uselessness they were generally).
> > > > Wanted to have the opnsense box ready and configured before they completed the install.
> > > > They surprised me after taking 8 weeks doing nothing they did the final 2 steps in one morning and I didn't have the opnsense box configured (still don't - - - - that's why this ask - - - I need a way to get online with the router AND have
> > > > access to the opnsense box - - - that's the problem in a nutshell!).
> > >
> > > So... it seems to me you are trying to debug using a giant hammer rather than a small tack hammer, meaning
> > > you are using big changes and a lot of hope rather than understanding the problem and dealing with that first.
> > > For one thing, you can bring down and up your interface with (assuming your connection is eth0, and you have ifconfig installed):
> > > ifconfig eth0 down
> > > ifconfig eth0 up
> > > Here's a guide if you only have the 'ip' command: https://www.tecmint.com/ip-command-examples/
> > >
> > > >> This is separate from your main box? What do you have OPNsense configured to do?
> > > > nothing at this point - - - have been unable to access the opnsense box over the last 2 days.
> > >
> > > >> How many interfaces? Can you hook up a monitor and keyboard and
> > > >> configure it locally verses over the network?
> > >
> > > > In an ideal world - - - yes - - - but they have things set up so the best configuration tools are when one using web access to the box. I have access to the
> > > > opnsense box through a monitor and keyboard/mouse. I have NOT been able to find any configuration menus available for a cli configuration is the various
> > > > parts of opnsense (it's a router/firewall and definitely NOT simple nor straightforward none of which is helped that I'm a noob at it.)
> > > You know, if you can run a GUI on this machine and a browser, you can point the browser to http://127.0.0.1/ (or whatever the web page port is), right?
> > > If not, you are back to "over the network." And I guess that answers the question about your experience with OPNsense. :^)
> > > Any thoughts on why you picked OPNsense over the various alternatives?
> > > My experience has been with ipchains and iptables, but recently switched to
> > > pfSense in a VM. pfSense runs on FreeBSD, so similar but different from Linux.
> >
> > Maybe you could try IpFire on this router as at least it is linux.
> >
> > https://www.ipfire.org/
> >
> > IPFire is a fortified open-source Linux distribution that serves primarily
> > as a firewall and router. It has a web-based management console for
> > configuration. IPFire Linux Firewall is one of the best and most effective
> > open-source firewalls for any individual or an enterprise network.
> >
>
> IPFire was under consideration - - - until I found that it doesn't support ipv6
> and they've been working to get that support for some 4 or 5 years already
> and haven't been able to get things completed. (I'm no programmer so I would
> be no help in that odyssey!) That was when I went to:
>
> I considered both pfsense and opnsense.
> pfsense was in my opinion deprecated when I found a bunch of emails to and
> from support where it seemed like the trend in pfsense was to closed source.
> Even if I'm not a programmer I want to use open source.
>
> Got badly burned with VMs a few years ago and haven't ventured back.
> I don't really have that much time to spare to blow a few hundred hours
> like the last time to find myself with a system that someone else was
> controlling. (Sorry - - - I'm seeing little benign from too many of the
> vm proponent architectures.)
>
> It would seem that all of these type of systems are designed for
> experts - - - of which I am not one. I have gotten some interesting stuff
> done here but I follow 'recipes'.
>
> I may have to go back to considering something like ipfire.


Otherwise did you consider setting up your router with
devuan by hand putting all the pieces together. This will
be highly educative even if somewhat bumpy at the start.
I went this way and never regretted it and I've learned a lot.
Forget about the shiny web interfaces they aren't worth
the hassle, ssh is the way.
Once you understood how it works you wouldn't want
to go back, in the end a router is just one more computer
with a bunch a configuration files.
if you DIY you can add any feature you like or need:
firewall.....done
vpn.....done
dhcp....done
dns.....done
adblocking....done
ntp....done
suricata....done
hostapd....done
apcupsd....done
and so on...you name it you do it.

Ciao,
Tito

>
> Alternative is getting another switch - - - one is coming next week.
>
> Thanks for the time and assistance.