:: Re: [DNG] Routing or maybe router i…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: o1bigtenor
日付:  
To: crichmon
CC: dng
題目: Re: [DNG] Routing or maybe router issues
On Sat, Sep 2, 2023 at 2:54 PM <crichmon@???> wrote:
>
> OK, now were getting somewhere...
> >> OK, so what does the new service connect to? There must be some ISP
> >> box to convert fiber to ethernet.
> > 1st box is a "fiber media converter" from the isp.
>
> >> What all is hooked to the ISP's box?
> >one ethernet cable
> Does it have more than one LAN port? If not, do you have a switch you can put
> between the fiber media converter and the router? The point is to be able to set
> up the OPNsense box without disturbing your existing network. BTW, have you
> ever set up an OPNsense box before? Do you have a good tutorial to work from?


One port for the optical cable in and one port for the ethernet cable
(cat 6 IIRC)
for out.
Have another switch coming so will try further some time next week.
Have never set up an opnsense box.
Tutorials - - - well if I can get to where I can access the box using a web
connection - - I think so. Otherwise - - - gulp - not really!
>
> >> Does this ISP box have an interface of some sort to check it's status?
> > 6 leds on one side of box (same as cables and opposite of power entry)
> I meant a web page or console login. Inside, it has to have something running
> a minimal network stack and maybe a dhcp server, unless it's simply a bridge.
> Do you know one way or the other?


Its just a media converter - - AIUI a box that converts from optical pulses to
electrical ones and I don't think there is really much software happening.

see figure 3 in the following:
https://community.fs.com/blog/how-fiber-media-converter-works.html
>
> >> Which side of the router is 192.128.1.9? The LAN port? What address
> >> is on the WAN port?
> > lan port is 192.168.1.9
> > wan port is 38.xx.xx.xxx
> And the 38.x.x.x is coming from the ISP's box or the ISP remotely? (bridging question)

That's the WAN address of my router.
>
> >> What all hooks to the LAN port(s) on the router? What other
> >> networking devices are on your LAN?
> >1 cable to a 16 port unmanaged switch (10/100 MBit - - - new 10/100/1000 24 port is coming)
> OK
>
> >> Naming devices what they are would help describing your environment.
> >Only if you understood my naming system.
> :^)
>
> >> Are you sure it's DNS issues? How do you know?
> > Well when the router itself says that the cable is disconnected (and its visually not true)
> Which cable? Does that connection have idiot light blinking or are they dark?


router doesn't have lights like a switch
front panel of the router had all lights in question lit - - - ie not
good for much
>
> > and a power cycle on the router clears the web access issue - - - well the previous isp tech team was the source of that likelihood.
> So, on Windows, this is supposed to work: ipconfig /flushdns. For Linux, it depends on if you even have
> a DNS server and which one. Unless you set one up, I'm guessing you don't have one configured.
> One thing you can do on your Linux boxes is: cat /etc/resolv.conf
> This will tell you who on your network claims to be your DNS server.
> Similarly, you should be able to figure out who your dhcp server is. On one of my
> RPi's requires this: dhcpcd --dumplease eth0
> On a devuan VM, this works: cat /var/lib/dhcp/dhclient.eth0.leases
> I'm betting in both cases, your router is the DNS cache as well as the DHCP server. If
> that's the case, then rebooting your main box shouldn't be required.


Maybe shouldn't be required but haven't been able to find any shorter
solution yet.
>
> >>> Usually taking a router power cycle AND me to reboot my main box so
> >>> that I could have web access again (wireless access would happen without system reboot).)
> >> What sort of "main box" do you have?
> >Linux devuanmain 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1
> And that takes 10's of minutes to reboot? Too much stuff loading? Not enough memory?


Its called setting up things like desktop switcher, starting a number
of programs, modifying
some setup (xrandr) it all takes time. Actual startup is maybe 20
seconds after I type in
the log in - - - - likely less than that from the reboot to time to
set up stuff.
>
> >> It is unlikely you have to reboot it because of network issues.
> >Correct in theory but when I can't figure out how to clear the dns cache - - - well its the likeliest solution (even if it's a pita).
> If you don't have a DNS cache on that box, there's nothing to clear.
>
> >> There are commands to drop and restart networking on Linux and for
> >> Windows, if you are using DHCP, you can ipconfig /release and ipconfig /renew your address.
>
> > I have asked a number of times about this.
> > Have been told that I'm supposed to install more software - - - unbound was one recommended hasn't happened because I knew the new isp was happening soon and didn't want even more things that could go wrong with the previous > ISP (world class uselessness they were generally).
> > Wanted to have the opnsense box ready and configured before they completed the install.
> > They surprised me after taking 8 weeks doing nothing they did the final 2 steps in one morning and I didn't have the opnsense box configured (still don't - - - - that's why this ask - - - I need a way to get online with the router AND have
> > access to the opnsense box - - - that's the problem in a nutshell!).
>
> So... it seems to me you are trying to debug using a giant hammer rather than a small tack hammer, meaning
> you are using big changes and a lot of hope rather than understanding the problem and dealing with that first.
> For one thing, you can bring down and up your interface with (assuming your connection is eth0, and you have ifconfig installed):
> ifconfig eth0 down
> ifconfig eth0 up
> Here's a guide if you only have the 'ip' command: https://www.tecmint.com/ip-command-examples/
>

One command I really haven't been able to find.
(url is for systemd machines and systemctl is used.)
What is the equivalent for $ systemctl restart networking ?

Something like service xxxxxxxxxx restart
(but what service?)

I can drive tacks using a 3# hammer - - grin.
If one only knows of one way to deal with a problem - - - well then
that's the way things
will be done. I have spent likely 10 hours if not more looking for
sysV init methods for
resolving this stuff - - - - haven't been able to find diddley on the
web - - - asking here
got me software recommendations to change the DNS server.

> >> This is separate from your main box? What do you have OPNsense configured to do?
> > nothing at this point - - - have been unable to access the opnsense box over the last 2 days.
>
> >> How many interfaces? Can you hook up a monitor and keyboard and
> >> configure it locally verses over the network?
>
> > In an ideal world - - - yes - - - but they have things set up so the best configuration tools are when one using web access to the box. I have access to the
> > opnsense box through a monitor and keyboard/mouse. I have NOT been able to find any configuration menus available for a cli configuration is the various
> > parts of opnsense (it's a router/firewall and definitely NOT simple nor straightforward none of which is helped that I'm a noob at it.)
> You know, if you can run a GUI on this machine and a browser, you can point the browser to http://127.0.0.1/ (or whatever the web page port is), right?
> If not, you are back to "over the network." And I guess that answers the question about your experience with OPNsense. :^)


Once you install opnsense (running on freebsd (AIUI a hardened variant)
you don't have things like a browser available anymore.
(Check on your pfsense box - - - would be reasonably similar.)

> Any thoughts on why you picked OPNsense over the various alternatives?
> My experience has been with ipchains and iptables, but recently switched to
> pfSense in a VM. pfSense runs on FreeBSD, so similar but different from Linux.


IPFire doesn't do ipv6, pfsense seems to be headed toward closing their source
code so that left opnsense.
>
> >> (I cannot ping this machine from my main box. Cannot get access
> >> using a web portal either. Need to complete the configuration of this setup
> >> and would like this to be my new router.)
> Noble goal, but you've got way bigger problems at the moment.


Well - - - after unplugging the opnsense box from the RJ-45 socket on the
unmanaged switch - - - I have internet on my main box and everything else seems
to be working - - - I'm just not able to do what I want on the other 2 boxen.
>
> > > Have a NanoPiR4S (4GB version) with OpenWRT > . > installed but not
> > configured. Asus router says that its lan ip is 192.168.1.1 .
> So... isn't OpenWRT yet another router OS install? What is your intent with this box?


Well - - - if I can't get opnsense running (I do get tired of beating
my head against a
wall) then I need a better router and that little box would handle far
more than the
connection speed I'm paying for.
>
> >>> (I cannot ping this machine from my main box. Cannot get access using Luci
> >>> either because I cannot complete the configuration of the machine.)
> >> Same question; Can you hook up a monitor and keyboard and configure it
> >> locally verses over the network?
> >Nope its a SoC (like a RaspberryPi) but without graphics capabilities.
> >(mini-SD card port, 2 - USB3.0 ports, 2 - RJ45 ports (1 WAN and 1 LAN).
> Personally, this little thing sounds unpleasant to live with.


AIUI its got almost as much capability as the router the isp wanted me to
lease or buy (they weren't offering any deals, its microtik (sp?), and they
wanted to manage it remotely using M$ winblows - - - no way in my place
for that kind of truckle!
>
> >> Wife's cell phone says its connected to the network but has not web access.
> I'm near an idiot when it comes to cell phones. Doesn't it failover to the cell
> network if WiFi doesn't work?


If you have access to good cell network access - - - yes - - - we have terrible
cell network access here.
>

snip
>
> > > I only have one option for internet access so when I shut down the
> > > asus router - - - no web - - - so I can't troubleshoot or access
> > configuration recipes.
> > That doesn't make sense. In your entire network using WiFi? If so,
> > you might have better luck running some ethernet cables for a while
> > until things are stable.
> Let me restate. Web access to me, is outside your LAN. So you are saying that
> when things are broken, you can't access web pages that are internal? That's not
> a "Web" problem, that's a LAN problem.


Dunno how it works at your house - - - here when the router isn't
working I really
have a hard time searching the web for web pages. I can have ONE page up
but when was the last time something like a router used only ONE page of
destructions?
>
> >>> So - - - - am I having all these issues because I have a number of router
> >>> class m/cs running all at the same time?
> >> What is a "router class m/c"?
> >Asus router, opnsense box (firewall/router), NanoPi R4S - could be an OpenWRT router (if I could ever configure it!).
> Probably not, but haven't got that far to determine.
>
> >Well unplugged both the opnsense box and the nanopi R4S box.
> >Network works - - - - but I still don't have a way to access either of these boxes so that I can get rid of the Asus router from primary position (its to be demoted to a wireless AP point).
> So, this may be telling. It's possible you've got some sort of IP address conflict or routing loop that's
> cratering your network. So, on the one Devuan box I do most of my work on, this lists off network
> traffic. It takes some getting used to, but nothing seems out of place.


I would like to be able to do this - - - - don't have the foggiest how
to though.

> tcpdump -i eth0 -c 1000 port not 5901
> Since I'm accessing it from a VNC viewer in Window, I'm filtering out port 5901 to avoid the VNC traffic.
> wireshark is a better interface over the same data source. In both cases, you have to have some idea of
> what you are seeing. One other thing... when you have networking switches, you can't monitor all traffic
> from any machine, because switches contain traffic between the two relevant ports. Slightly fancier switches
> can monitor third ports, and managed switches can do most anything you want in that area.


All I have available to date are simple unmanaged switches - - - -
have started looking into using
openwrt on a managed switch but that's one more big mountain of stuff
to learn - - so that's for
down the road.
(Computers (that includes networking) are tools that I use to do
and/or manage other things - - -
I hadn't really wanted another full time job worth of things to do - -
- I'm already stretched sorta
thin and the pocketbook is getting close to dead flat.)

Have heard of wireshark - - - haven't done any more with that though.
>
> One other thought. What if you connect your main boxes ethernet cable directly to your router, next to
> the cable that goes to your 16 port switch. Does that change the picture any?


Haven't tried this yet.
>
> One main point, is that you are trying to debug a less-than-simple network without trying to simplify things.
> Start small, verify that works, then work up to bigger things.
>

It sounds like you're suggesting that I take my network apart so that
I can change things.

If you're serious about that idea then I suggest that you try it for
your house first.
Please let me know how your family reacts to losing internet and entertainment
until you get everything under control. I would prefer if you do not
call from your
hospital room though (LOL).

Lots of good ideas - - will try adding in another switch when the
previously ordered
one hits here - - - likely mid week.

Thanking you for your time and suggestions.

Regards