:: Re: [DNG] Routing or maybe router i…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: o1bigtenor
Date:  
À: tito
CC: dng
Sujet: Re: [DNG] Routing or maybe router issues
On Sat, Sep 2, 2023 at 5:42 PM tito via Dng <dng@???> wrote:
>
> On Sat, 2 Sep 2023 17:05:57 -0500
> o1bigtenor <o1bigtenor@???> wrote:
>
> > On Sat, Sep 2, 2023 at 3:03 PM tito via Dng <dng@???> wrote:
> > >
> > > On Sat, 2 Sep 2023 13:54:23 -0600
> > > <crichmon@???> wrote:
> > >
> > > > OK, now were getting somewhere...
> > > > >> OK, so what does the new service connect to? There must be some ISP
> > > > >> box to convert fiber to ethernet.
> > > > > 1st box is a "fiber media converter" from the isp.
> > > >
> > > > >> What all is hooked to the ISP's box?
> > > > >one ethernet cable
> > > > Does it have more than one LAN port? If not, do you have a switch you can put
> > > > between the fiber media converter and the router? The point is to be able to set
> > > > up the OPNsense box without disturbing your existing network. BTW, have you
> > > > ever set up an OPNsense box before? Do you have a good tutorial to work from?
> > > >
> > > > >> Does this ISP box have an interface of some sort to check it's status?
> > > > > 6 leds on one side of box (same as cables and opposite of power entry)
> > > > I meant a web page or console login. Inside, it has to have something running
> > > > a minimal network stack and maybe a dhcp server, unless it's simply a bridge.
> > > > Do you know one way or the other?
> > > >
> > > > >> Which side of the router is 192.128.1.9? The LAN port? What address
> > > > >> is on the WAN port?
> > > > > lan port is 192.168.1.9
> > > > > wan port is 38.xx.xx.xxx
> > > > And the 38.x.x.x is coming from the ISP's box or the ISP remotely? (bridging question)
> > > >
> > > > >> What all hooks to the LAN port(s) on the router? What other
> > > > >> networking devices are on your LAN?
> > > > >1 cable to a 16 port unmanaged switch (10/100 MBit - - - new 10/100/1000 24 port is coming)
> > > > OK
> > > >
> > > > >> Naming devices what they are would help describing your environment.
> > > > >Only if you understood my naming system.
> > > > :^)
> > > >
> > > > >> Are you sure it's DNS issues? How do you know?
> > > > > Well when the router itself says that the cable is disconnected (and its visually not true)
> > > > Which cable? Does that connection have idiot light blinking or are they dark?
> > > >
> > > > > and a power cycle on the router clears the web access issue - - - well the previous isp tech team was the source of that likelihood.
> > > > So, on Windows, this is supposed to work: ipconfig /flushdns. For Linux, it depends on if you even have
> > > > a DNS server and which one. Unless you set one up, I'm guessing you don't have one configured.
> > > > One thing you can do on your Linux boxes is: cat /etc/resolv.conf
> > > > This will tell you who on your network claims to be your DNS server.
> > > > Similarly, you should be able to figure out who your dhcp server is. On one of my
> > > > RPi's requires this: dhcpcd --dumplease eth0
> > > > On a devuan VM, this works: cat /var/lib/dhcp/dhclient.eth0.leases
> > > > I'm betting in both cases, your router is the DNS cache as well as the DHCP server. If
> > > > that's the case, then rebooting your main box shouldn't be required.
> > > >
> > > > >>> Usually taking a router power cycle AND me to reboot my main box so
> > > > >>> that I could have web access again (wireless access would happen without system reboot).)
> > > > >> What sort of "main box" do you have?
> > > > >Linux devuanmain 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1
> > > > And that takes 10's of minutes to reboot? Too much stuff loading? Not enough memory?
> > > >
> > > > >> It is unlikely you have to reboot it because of network issues.
> > > > >Correct in theory but when I can't figure out how to clear the dns cache - - - well its the likeliest solution (even if it's a pita).
> > > > If you don't have a DNS cache on that box, there's nothing to clear.
> > > >
> > > > >> There are commands to drop and restart networking on Linux and for
> > > > >> Windows, if you are using DHCP, you can ipconfig /release and ipconfig /renew your address.
> > > >
> > > > > I have asked a number of times about this.
> > > > > Have been told that I'm supposed to install more software - - - unbound was one recommended hasn't happened because I knew the new isp was happening soon and didn't want even more things that could go wrong with the previous > ISP (world class uselessness they were generally).
> > > > > Wanted to have the opnsense box ready and configured before they completed the install.
> > > > > They surprised me after taking 8 weeks doing nothing they did the final 2 steps in one morning and I didn't have the opnsense box configured (still don't - - - - that's why this ask - - - I need a way to get online with the router AND have
> > > > > access to the opnsense box - - - that's the problem in a nutshell!).
> > > >
> > > > So... it seems to me you are trying to debug using a giant hammer rather than a small tack hammer, meaning
> > > > you are using big changes and a lot of hope rather than understanding the problem and dealing with that first.
> > > > For one thing, you can bring down and up your interface with (assuming your connection is eth0, and you have ifconfig installed):
> > > > ifconfig eth0 down
> > > > ifconfig eth0 up
> > > > Here's a guide if you only have the 'ip' command: https://www.tecmint.com/ip-command-examples/
> > > >
> > > > >> This is separate from your main box? What do you have OPNsense configured to do?
> > > > > nothing at this point - - - have been unable to access the opnsense box over the last 2 days.
> > > >
> > > > >> How many interfaces? Can you hook up a monitor and keyboard and
> > > > >> configure it locally verses over the network?
> > > >
> > > > > In an ideal world - - - yes - - - but they have things set up so the best configuration tools are when one using web access to the box. I have access to the
> > > > > opnsense box through a monitor and keyboard/mouse. I have NOT been able to find any configuration menus available for a cli configuration is the various
> > > > > parts of opnsense (it's a router/firewall and definitely NOT simple nor straightforward none of which is helped that I'm a noob at it.)
> > > > You know, if you can run a GUI on this machine and a browser, you can point the browser to http://127.0.0.1/ (or whatever the web page port is), right?
> > > > If not, you are back to "over the network." And I guess that answers the question about your experience with OPNsense. :^)
> > > > Any thoughts on why you picked OPNsense over the various alternatives?
> > > > My experience has been with ipchains and iptables, but recently switched to
> > > > pfSense in a VM. pfSense runs on FreeBSD, so similar but different from Linux.
> > >
> > > Maybe you could try IpFire on this router as at least it is linux.
> > >
> > > https://www.ipfire.org/
> > >
> > > IPFire is a fortified open-source Linux distribution that serves primarily
> > > as a firewall and router. It has a web-based management console for
> > > configuration. IPFire Linux Firewall is one of the best and most effective
> > > open-source firewalls for any individual or an enterprise network.
> > >
> >
> > IPFire was under consideration - - - until I found that it doesn't support ipv6
> > and they've been working to get that support for some 4 or 5 years already
> > and haven't been able to get things completed. (I'm no programmer so I would
> > be no help in that odyssey!) That was when I went to:
> >
> > I considered both pfsense and opnsense.
> > pfsense was in my opinion deprecated when I found a bunch of emails to and
> > from support where it seemed like the trend in pfsense was to closed source.
> > Even if I'm not a programmer I want to use open source.
> >
> > Got badly burned with VMs a few years ago and haven't ventured back.
> > I don't really have that much time to spare to blow a few hundred hours
> > like the last time to find myself with a system that someone else was
> > controlling. (Sorry - - - I'm seeing little benign from too many of the
> > vm proponent architectures.)
> >
> > It would seem that all of these type of systems are designed for
> > experts - - - of which I am not one. I have gotten some interesting stuff
> > done here but I follow 'recipes'.
> >
> > I may have to go back to considering something like ipfire.
>
> Otherwise did you consider setting up your router with
> devuan by hand putting all the pieces together. This will
> be highly educative even if somewhat bumpy at the start.
> I went this way and never regretted it and I've learned a lot.
> Forget about the shiny web interfaces they aren't worth
> the hassle, ssh is the way.
> Once you understood how it works you wouldn't want
> to go back, in the end a router is just one more computer
> with a bunch a configuration files.
> if you DIY you can add any feature you like or need:
> firewall.....done
> vpn.....done
> dhcp....done
> dns.....done
> adblocking....done
> ntp....done
> suricata....done
> hostapd....done
> apcupsd....done
> and so on...you name it you do it.
>


(I missed seeing this earlier - - - apologies!!!)

Thanks mr Tito!!

This idea appeals a lot - - - except - - I haven't been able to find anything
to even outline how to configure opnsense from the command line - - -
I've looked.
If I could find that information I'd be busy - - - but it would get done!!!

(Great idea - - - now to find a cheat sheet.)

regards