|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
||||
Most bizarre
Ok, this is most bizarre.
Out of desperation I completely reinstalled FreeBSD (7.2) on one of the machines. I still have the exact same problem. Firewall/router issue? Then why is it ONLY affecting the FreeBSD machines and not the Linux machine?! |
|
||||
Doesn't look like it's the router. I restored the router to factory settings and put in information for my static IP's. Still have the same problem. I don't think anything is blocking the connection. The incoming connection anyway, because I can see a SYN_RCVD on the FreeBSD machines. But there is no response from the machine. The connection just times out. Oh, and the machines are able to talk to the outside world without any problem. They just seem to have a problem responding to INCOMING connections.
Last edited by vi5in; 27th October 2009 at 05:57 PM. |
|
||||
You haven't provided any configuration information, so here are two guesses. If they aren't applicable, try posting network configuration info. If you want to diagnose the problem, use tcpdump(1).
This "Sounds" like one of two things: 1) Route table mismanagement -- e.g. a missing default route, or bad subnet masking. See ifconfig(8) and route(8). If you use DHCP for configuration, and you see routing or other information is not configured properly see dhclient.conf(5). 2) Firewall settings. If you're using PF or ipfw, of course. Specific guidance will depend on which is implemented, and what is being blocked exactly. |
|
||||
Thanks jggimi!
I don't have pf or ipfw running (unless it starts up by default?? How do I check?). So I don't think it's a firewall issue. The odd thing is that on one machine I have a brand-new install and so I'm running on default settings. So I don't see why it shouldn't respond to connections. Here's my rc.conf (network settings): Code:
defaultrouter="209.x.y.54" hostname="andromeda.is-a-geek.net" ifconfig_fxp0="inet 209.x.y.50 netmask 255.255.255.248" ifconfig_rl0="DHCP" Code:
12:15:18.154543 arp who-has andromeda.is-a-geek.net tell 209.x.y.54 12:15:18.154568 arp reply andromeda.is-a-geek.net is-at 00:03:47:d3:55:4c (oui Unknown) 12:15:18.154702 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442576604 0,nop,wscale 2> 12:15:21.146989 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442579604 0,nop,wscale 2> 12:15:27.155046 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442585604 0,nop,wscale 2> 12:15:39.147315 IP 115.124.100.30.40174 > andromeda.is-a-geek.net.ssh: S 3999881339:3999881339(0) win 5840 <mss 1452,sackOK,timestamp 2442597604 0,nop,wscale 2> 12:15:46.148323 arp who-has 209.x.y.52 tell 209.x.y.54 12:15:47.148305 arp who-has 209.x.y.52 tell 209.x.y.54 12:15:48.148238 arp who-has 209.x.y.52 tell 209.x.y.54 12:15:48.829373 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442607286 0,nop,wscale 2> 12:15:51.829230 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442610286 0,nop,wscale 2> 12:15:53.827959 arp who-has andromeda.is-a-geek.net tell 209.x.y.54 12:15:53.827985 arp reply andromeda.is-a-geek.net is-at 00:03:47:d3:55:4c (oui Unknown) 12:15:57.831359 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442616286 0,nop,wscale 2> 12:16:09.829144 IP 115.124.100.30.40285 > andromeda.is-a-geek.net.ssh: S 4038856357:4038856357(0) win 5840 <mss 1452,sackOK,timestamp 2442628286 0,nop,wscale 2> Code:
12:11:19.711502 IP 115.124.100.30.39386 > tardis-2.local.ssh: S 3721978452:3721978452(0) win 5840 <mss 1452,sackOK,timestamp 2442315282 0,nop,wscale 2> 12:11:19.711537 IP tardis-2.local.ssh > 115.124.100.30.39386: S 3728537005:3728537005(0) ack 3721978453 win 5792 <mss 1460,sackOK,timestamp 10824721 2442315282,nop,wscale 6> 12:11:19.794368 IP 115.124.100.30.39386 > tardis-2.local.ssh: . ack 1 win 1460 <nop,nop,timestamp 2442315365 10824721> 12:11:19.805509 IP tardis-2.local.ssh > 115.124.100.30.39386: P 1:40(39) ack 1 win 91 <nop,nop,timestamp 10824745 2442315365> 12:11:19.887270 IP 115.124.100.30.39386 > tardis-2.local.ssh: . ack 40 win 1460 <nop,nop,timestamp 2442315458 10824745> 12:11:19.890600 IP 115.124.100.30.39386 > tardis-2.local.ssh: F 1:1(0) ack 40 win 1460 <nop,nop,timestamp 2442315461 10824745> 12:11:19.891645 IP tardis-2.local.ssh > 115.124.100.30.39386: F 40:40(0) ack 2 win 91 <nop,nop,timestamp 10824766 2442315461> 12:11:19.973379 IP 115.124.100.30.39386 > tardis-2.local.ssh: . ack 41 win 1460 <nop,nop,timestamp 2442315544 10824766> 12:11:24.706498 arp who-has tardis-2.local tell 209.x.y.54 Last edited by vi5in; 27th October 2009 at 10:05 PM. |
|
||||
You have two NICs, and rl0 uses DHCP. It is -possible- that the DHCP connection overlays your routing table. Did you look at your routing table, with both NICs operational, to confirm your default route was still properly in place? If not, try netstat -r or netstat -nr.
|
|
||||
Hmm...
Well, this is what I have: 209.x.y.49 -> enterprise 209.x.y.50 -> andromeda 209.x.y.51 -> tardis 209.x.y.52 -> unassigned 209.x.y.53 -> wireless router (48, 54, and 55 are unusable) And when I do netstat -nr I get this: Code:
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.1.1 UGS 0 2 rl0 10.0.1.0/24 link#2 UC 0 0 rl0 10.0.1.1 00:16:cb:c6:3e:19 UHLW 2 0 rl0 1191 10.0.1.6 00:90:f5:3e:fc:9c UHLW 1 44436 rl0 1191 127.0.0.1 127.0.0.1 UH 0 0 lo0 209.x.y.48/29 link#1 UC 0 0 fxp0 209.x.y.53 00:16:cb:c6:3e:19 UHLW 1 51 fxp0 1187 On the linux machine (tardis) I get: Code:
Destination Gateway Genmask Flags MSS Window irtt Iface 209.x.y.48 0.0.0.0 255.255.255.248 U 0 0 0 eth0 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 209.x.y.54 0.0.0.0 UG 0 0 0 eth0 Edit: I restarted the machine, and changed around the order of the interfaces in rc.conf (not sure if that changes anything): Code:
hostname="andromeda.is-a-geek.net" ifconfig_rl0="DHCP" ifconfig_fxp0="inet 209.x.y.50 netmask 255.255.255.248" defaultrouter="209.x.y.54" Code:
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.1.1 UGS 0 3 rl0 10.0.1.0/24 link#2 UC 0 0 rl0 10.0.1.1 00:16:cb:c6:3e:19 UHLW 2 10 rl0 1171 10.0.1.196 00:30:1b:19:df:f8 UHLW 1 0 rl0 1057 10.0.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 23 rl0 127.0.0.1 127.0.0.1 UH 0 4 lo0 209.x.y.48/29 link#1 UC 0 0 fxp0 209.x.y.53 00:16:cb:c6:3e:19 UHLW 1 73 fxp0 1085 209.x.y.54 link#1 UHLW 1 0 fxp0 Last edited by vi5in; 27th October 2009 at 10:06 PM. |
|
||||
Your DHCP server is setting your default route to 10.0.1.1. You don't -want- that for an Internet-exposed platform. (You do want a firewall, or very limited services, obviously).
In simplest terms, a route is where to send packets outside the local subnets. Your local LAN is 10.0.1.0/24, and your Internet LAN is 201.x.y.z/29. If you have no -specific- routes defined, any address that falls outside these two subnets will use your default route, which is 10.0.1.1. And that is on a different (and wrong) NIC, which is why you don't see the packets on fxp0. You need to set your dhclient.conf to ignore the route information from your DHCP server, or, set that address as static as well. (You should learn to hide any internet facing domain names and IP addresses in public forums, else you will give attackers lots of information they otherwise might not have.) |
|
||||
If you run tcpdump on rl0 you will likely see the replies to 115.124.100.30 trying to get out (for the reason jggimi already stated -- your desired default gateway is overruled by the one set by DHCP) . So your machine is responding to incoming packets, but to the wrong network.
|
|
||||
Thanks!
You're a lifesaver! I've been pulling my hair out for since yesterday
Yeah, I shouldn't have displayed my IP's (I don't have ftp or telnet; I have SSH and I have set AllowUsers in the config to my name. I also don't allow root logins) since that is information that attackers can use! So you were right! The dhcp server running on the router plugged into my second interface was overwriting everything. I looked up the manpage of dhclient.conf and found a few howtos. I forced the default router to be 209.x.y.54 and that seemed to work! Here's my dhclient.conf: Code:
backoff-cutoff 2; initial-interval 1; retry 10; select-timeout 0; timeout 30; interface "vr0" { supersede routers 209.x.y.54; supersede host-name "enterprise"; supersede domain-name "xxxx.xxx"; request subnet-mask, domain-name-servers; require subnet-mask, domain-name-servers; } Last edited by vi5in; 27th October 2009 at 10:28 PM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
postfix incoming only on external | vdubjunkie | General software and network | 5 | 7th June 2009 08:02 PM |
Serial connections | JMJ_coder | General software and network | 9 | 25th July 2008 03:28 PM |
More tcp connections | tad1214 | FreeBSD General | 8 | 5th June 2008 03:05 PM |
BSD n00b needs to block incoming SQL on 3306 | renolinux | FreeBSD Security | 5 | 27th May 2008 02:26 PM |
OpenVPN - Problem with connections | MME | General software and network | 2 | 26th May 2008 06:42 PM |