[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trouble accessing internet after dhcp renewal

To: Andreas <andreaja@ifi.uio.no>
Subject: Re: Trouble accessing internet after dhcp renewal
From: Magellanic <magellanic@optushome.com.au>
Date: 11 Apr 2005 03:31:55 +1000
Cc: misc@openbsd.org
References: <5.2.0.9.2.20030401083305.01ea0928@ifi.uio.no>

One thing to note, you need to insert your DNS addresses into the file
/etc/resolv.conf file, here is an example:

# cat /etc/resolv.conf
search nsw.optushome.com.au
nameserver 1.1.1.1
nameserver 2.2.2.2 



If you find a way to make DHCP automatically update this file, let me
know,

Thx :-D
Cheers

On Tue, 2003-04-01 at 16:35, Andreas wrote:
> Hello,
> 
> I installed OpenBSD (3.2-stable) a little over a week ago with the intent 
> to use it as a nat/gateway/web/ftp server (home use.) So far everything 
> works wonderfully. I've disabled unneeded services. With the help of pf 
> I've got the nat working properly. However, my ISP is Chello (cable), who 
> are renowned for their lack of reliability. Every now and then the 
> connection drops, revived by a simple reboot of the cable modem (power off 
> for ~1-5 minutes.) After I rebooted my cable modem today, I'm unable to 
> access the internet[1] directly from the OpenBSD box, but it's working fine 
> from the nated machine. I had a similar problem (most likely the same) a 
> few days ago, but it was gone after a (scheduled) reboot. I also noted that 
> unlike the slackware linux install I used earlier, OpenBSD acquires a new 
> IP address on dhcp renewal. My current pf ruleset is:
> 
> external="rl0"
> internal="rl1"
> 
> nat on $external from 192.168.100.0/24  to any -> ($external)
> 
> pass in all
> pass out all
> #pass in log all
> #pass out log all
> 
> Where external is the if to Chello, and internal is 192.168.100.1. I've 
> tried adding logging, but I'm afraid I can't make heads or tails of most of it.
> 
> Some examples:
> 
> $ ftp ulrik.uio.no
> ftp: ulrik.uio.no: no address associated with name
> ftp>
> 
> # tcpdump -n -e -ttt -r /var/log/pflog  | egrep 'ulrik'
> Apr 01 08:19:59.621877 rule 1/0(match): pass out on rl0: 
> 62.179.210.79.37528 > 62.179.100.29.53:  54518+ AAAA? ulrik.uio.no. (30)
> Apr 01 08:20:04.630200 rule 1/0(match): pass out on rl0: 
> 62.179.210.79.34428 > 62.179.100.30.53:  54518+ AAAA? ulrik.uio.no. (30)
> Apr 01 08:20:09.640246 rule 1/0(match): pass out on rl0: 
> 62.179.210.79.13744 > 129.240.64.2.53:  54518+ AAAA? ulrik.uio.no. (30)
> 
> (and several more), 62.179.100.29 and 30 are Chello's default dns servers, 
> 129.240.64.2 is one of University of Oslo's (uio.no) name servers (which, 
> quite obviously, should resolve ulrik.uio.no).
> 
> # tcpdump -n -e -ttt -r /var/log/pflog  | egrep 'rl0: 62.179.100.'
> Apr 01 08:20:00.557265 rule 0/0(match): pass in on rl0: 62.179.100.29.53 > 
> 62.179.210.79.37528:  54518 0/1/0 (84) (DF)
> Apr 01 08:20:05.321472 rule 0/0(match): pass in on rl0: 62.179.100.30.53 > 
> 62.179.210.79.34428:  54518 0/1/0 (84) (DF)
> ...
> Apr 01 08:22:42.438274 rule 0/0(match): pass in on rl0: 62.179.100.29.53 > 
> 62.179.210.79.4677:  58678 NXDomain 0/1/0 (92) (DF)
> Apr 01 08:22:47.873978 rule 0/0(match): pass in on rl0: 62.179.100.30.53 > 
> 62.179.210.79.6847:  58678 NXDomain 0/1/0 (92) (DF)
> # tcpdump -n -e -ttt -r /var/log/pflog  | egrep 'rl0: 129.240'
> Apr 01 08:20:10.178854 rule 0/0(match): pass in on rl0: 129.240.64.2.53 > 
> 62.179.210.79.13744:  54518* 0/1/0 (84) (DF)
> ...
> Apr 01 08:23:03.650607 rule 0/0(match): pass in on rl0: 129.240.64.2.53 > 
> 62.179.210.79.34910:  58678 NXDomain 0/1/0 (92) (DF)
> 
> So dns doesn't work. From my win2k machine (behind the nat, using UiO's dns 
> server), however, I get:
> 
> C:\>ping ulrik.uio.no
> 
> Pinging ulrik.uio.no [129.240.12.4] with 32 bytes of data:
> 
> Reply from 129.240.12.4: bytes=32 time=391ms TTL=248
> 
> and so on. Again from the OpenBSD machine:
> 
> ftp> ftp 129.240.12.4
> ftp: connect: Connection timed out
> ftp>
> 
> # tcpdump -n -e -ttt -r /var/log/pflog  | egrep 'rl0: .* 129.240.12.4'
> Apr 01 08:25:07.749005 rule 1/0(match): pass out on rl0: 62.179.211.128 > 
> 129.240.12.4: icmp: echo request
> Apr 01 08:25:58.491322 rule 1/0(match): pass out on rl0: 
> 62.179.210.79.13331 > 129.240.12.4.21: S 4110754767:4110754767(0) win 16384 
> <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1002866374 0> (DF)
> Apr 01 08:25:58.753263 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> Apr 01 08:26:02.122333 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> Apr 01 08:26:04.490102 rule 1/0(match): pass out on rl0: 
> 62.179.210.79.13331 > 129.240.12.4.21: S 4110754767:4110754767(0) win 16384 
> <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1002866386 0> (DF)
> Apr 01 08:26:05.252678 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> Apr 01 08:26:08.873285 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> Apr 01 08:26:16.490107 rule 1/0(match): pass out on rl0: 
> 62.179.210.79.13331 > 129.240.12.4.21: S 4110754767:4110754767(0) win 16384 
> <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1002866410 0> (DF)
> Apr 01 08:26:16.680848 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> Apr 01 08:26:22.376686 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> Apr 01 08:26:40.490114 rule 1/0(match): pass out on rl0: 
> 62.179.210.79.13331 > 129.240.12.4.21: S 4110754767:4110754767(0) win 16384 
> <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1002866458 0> (DF)
> Apr 01 08:26:41.104593 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> Apr 01 08:26:49.377655 rule 1/0(match): pass out on rl0: 127.0.0.1 > 
> 129.240.12.4: icmp: time exceeded in-transit
> 
> At this point I'm not sure what more information I can give without it 
> turning to spam. I've read the FAQ, I've tried google, and I've tried man 
> pages. I couldn't find any similar accounts, however, I can't guarantee 
> against bugs in read(). Apologies if wordwrapping isn't working properly.
> 
> Sincere thanks for all help,
> Andreas Jacobsen
> 
> [1] - tcpdump shows that pf is logging packets from the internet, but 
> programs such as ftp and ping.
> 
> 
> 
> #dmsg
> OpenBSD 3.2-stable (dungeon) #3: Mon Mar 31 18:59:25 CEST 2003
>      andjacob@dungeon.chello.no:/usr/src/sys/arch/i386/compile/dungeon
> cpu0: Intel Pentium III (Coppermine) ("GenuineIntel" 686-class, 128KB L2 
> cache) 601 MHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SIMD
> real mem  = 133738496 (130604K)
> avail mem = 121298944 (118456K)
> using 1658 buffers containing 6791168 bytes (6632K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(5d) BIOS, date 04/26/00, BIOS32 rev. 0 @ 0xfb380
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xb808
> pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfdf00/144 (7 entries)
> pcibios0: PCI Exclusive IRQs: 10 11 12
> pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371SB PCI-ISA" rev 0x00)
> pcibios0: PCI bus #1 is the last bus
> bios0: ROM list: 0xc0000/0x8000 0xc8000/0x4000!
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82443BX PCI-AGP" rev 0x03
> ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
> pci1 at ppb0 bus 1
> vga0 at pci1 dev 0 function 0 "Matrox MGA G200 AGP" rev 0x01
> wsdisplay0 at vga0: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
> pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 
> 0 wired to compatibility, channel 1 wired to compatibility
> wd0 at pciide0 channel 0 drive 0: <FUJITSU MPE3204AH>
> wd0: 16-sector PIO, LBA, 19540MB, 16383 cyl, 16 head, 63 sec, 40019532 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> "Intel 82371AB USB" rev 0x01 at pci0 dev 7 function 2 not configured
> "Intel 82371AB Power Mgmt" rev 0x02 at pci0 dev 7 function 3 not configured
> rl0 at pci0 dev 9 function 0 "Realtek 8139" rev 0x10: irq 10 address 
> 00:c1:26:0f:a0:61
> rlphy0 at rl0 phy 0: RTL internal phy
> rl1 at pci0 dev 13 function 0 "Realtek 8139" rev 0x10: irq 11 address 
> 00:40:33:d3:2b:69
> rlphy1 at rl1 phy 0: RTL internal phy
> isa0 at pcib0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> npx0 at isa0 port 0xf0/16: using exception 16
> biomask 4000 netmask 4c00 ttymask 4c02
> pctr: 686-class user-level performance counters enabled
> mtrr: Pentium Pro MTRR support
> dkcsum: wd0 matched BIOS disk 80
> root on wd0a
> rootdev=0x0 rrootdev=0x300 rawdev=0x302

Follow-Ups:
- Re: Trouble accessing internet after dhcp renewal
  - From: Paddy Newman <paddy@openbsd.bsdhammer.zapto.org>
- Re: Trouble accessing internet after dhcp renewal
  - From: Breen Ouellette <the.man@breeno.net>

References:
- Trouble accessing internet after dhcp renewal
  - From: Andreas <andreaja@ifi.uio.no>

Prev by Date: Re: Opening port
Next by Date: Re: ppp error message
Prev by thread: Trouble accessing internet after dhcp renewal
Next by thread: Re: Trouble accessing internet after dhcp renewal
Index(es):
- Date
- Thread