Post #61,434
11/6/02 4:00:53 PM
|
Wierd Debian Networking problem
Today, I've gotten a few errors from my Debian router/NAT box. It starts spitting these out on the console:
eth1: Transmit timed out, status 0000, PHY status 782d, resetting...
After a few of those, I get this message:
neighbour table overflow
These messages are also appearing in /var/log/kern.log, with a kernel prefix.
I tried searching on google, but the most I could find was what appeared to be a kernel dev guy talking about leaks.
Any ideas? Just a pointer about the right place to look is fine... thanks!
--\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
|
Post #61,438
11/6/02 4:22:20 PM
|
Hmm
Are you on token-ring? :)
This is probably a driver thing. Try another netcard.
-drl
|
Post #61,439
11/6/02 4:24:23 PM
|
Brainstorm
Do you have a hub that can do both 100 and 10? Make the network all one speed.
-drl
|
Post #61,604
11/7/02 10:26:29 AM
|
Card...
Unfortunately, I can't.
--\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
|
Post #61,459
11/6/02 5:37:23 PM
|
neighbor table overflow sounds like RIP problem
will work for cash and other incentives [link|http://home.tampabay.rr.com/boxley/resume/Resume.html|skill set]
"Money for jobs? No first you get the job, then you get the money" Raimondo
|
Post #61,589
11/7/02 9:44:26 AM
|
Newb to unix... what's RIP?
Something to do with routing, perhaps?
--\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------
|
Post #61,596
11/7/02 10:17:16 AM
|
RIP is a routing protocol
RIP is a vector distance protocol RFC 1058 a router will send RIP routing info every 30 seconds if it doesnt receive an update from an adjacent router it declares that route dead. After 180 seconds without an update it removes all info from its tables. Transmit timed out, status 0000, PHY status 782d, resetting... made me think it might not have gotten an update. RIP is the oldest and lowest level form of routing except for static routing. thanx, bill will work for cash and other incentives [link|http://home.tampabay.rr.com/boxley/resume/Resume.html|skill set]
"Money for jobs? No first you get the job, then you get the money" Raimondo
|
Post #61,598
11/7/02 10:19:23 AM
|
Routing Interchange Protocol
In the days before intelligent routers, this was the basic way for routers to tell each other what they were doing. The whole point of IP was redundancy, as in multiple routes from A to B, so that if some of the intermediate points got nuked, data could still flow by a rearrangement of routes. For this to work, routers have to know what their neighbors are doing.
RIP works via a periodic broadcast mechanism, like NetBIOS. The problem with this is - if something major gets horked, it can take a long time for the network to stabilize.
The modern solution is called OSPF, "Open Shortest Path First", which uses a completely different base algorithm that settles down rapidly in case of major horkings.
Here's an introduction:
[link|http://www.networkcomputing.com/unixworld/feature/002.html|http://www.networkco.../feature/002.html]
-drl
|
Post #61,636
11/7/02 11:48:36 AM
|
Re: Routing Interchange Protocol
s/interchange/information/
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #61,463
11/6/02 5:40:35 PM
|
Re: Wierd Debian Networking problem
[link|http://www.linuxgazette.com/issue65/tag/12.html|http://www.linuxgaze...sue65/tag/12.html]
Post output of ifconfig -a, please.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #61,587
11/7/02 9:43:29 AM
|
ifconfig -a output:
Here ya go! \r\n eth0 Link encap:Ethernet HWaddr 00:80:C8:EC:0C:A4 \r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 \r\n RX packets:399023 errors:0 dropped:0 overruns:0 frame:0 \r\n TX packets:308045 errors:0 dropped:0 overruns:0 carrier:0 \r\n collisions:6 txqueuelen:100 \r\n RX bytes:467950913 (446.2 MiB) TX bytes:76631874 (73.0 MiB) \r\n Interrupt:11 Base address:0x240 \r\n \r\neth1 Link encap:Ethernet HWaddr 00:50:BA:2B:57:1B \r\n inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 \r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 \r\n RX packets:307634 errors:0 dropped:0 overruns:0 frame:0 \r\n TX packets:398189 errors:135 dropped:0 overruns:0 carrier:4 \r\n collisions:3571 txqueuelen:100 \r\n RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) \r\n Interrupt:15 Base address:0x4000 \r\n \r\nlo Link encap:Local Loopback \r\n LOOPBACK MTU:3924 Metric:1 \r\n RX packets:0 errors:0 dropped:0 overruns:0 frame:0 \r\n TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 \r\n collisions:0 txqueuelen:0 \r\n RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) \r\n \r\nppp0 Link encap:Point-to-Point Protocol \r\n inet addr:65.94.178.182 P-t-P:64.230.254.252 Mask:255.255.255.255 \r\n UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 \r\n RX packets:399013 errors:0 dropped:0 overruns:0 frame:0 \r\n TX packets:308043 errors:0 dropped:0 overruns:0 carrier:0 \r\n collisions:0 txqueuelen:10 \r\n RX bytes:530824637 (506.2 MiB) TX bytes:83650892 (79.7 MiB) \r\n \r\n Do you think the patient is going to live, doctor?;) --\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------
|
Post #61,599
11/7/02 10:20:20 AM
|
eth1 is having collision issues and eth0 is not addressed
will work for cash and other incentives [link|http://home.tampabay.rr.com/boxley/resume/Resume.html|skill set]
"Money for jobs? No first you get the job, then you get the money" Raimondo
|
Post #61,601
11/7/02 10:23:33 AM
|
Re: eth1 is having collision issues and eth0 is not addresse
Yes. The hub in this office was the cheapest piece of shit they could buy... these guys are pals and don't have much money. Eth0 is not addressed because it's being used as a conduit for a DSL connection using PPPoE. That's the ppp0 interface you see... --\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------
|
Post #61,603
11/7/02 10:25:36 AM
|
Re: eth1 is having collision issues and eth0 is not addresse
Again, this sounds like an interaction of your driver and the hub in regards to linking - probably related to 10/100 capability. Define everything to run at either 10 or 100 but not "auto".
-drl
|
Post #61,609
11/7/02 10:34:06 AM
|
also swap the cable and see if it makes a difference
will work for cash and other incentives [link|http://home.tampabay.rr.com/boxley/resume/Resume.html|skill set]
"Money for jobs? No first you get the job, then you get the money" Raimondo
|
Post #61,614
11/7/02 10:46:44 AM
|
This is using the mii-diag program, I take it?
--\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------
|
Post #61,616
11/7/02 10:51:38 AM
|
Re: This is using the mii-diag program, I take it?
Uh, no - this is using the "I've seen every fucked up thing imaginable" intuition generation process.
-drl
|
Post #61,626
11/7/02 11:21:41 AM
|
:)
Yeah... I was just wondering if you happened to know if that was the right tool. I'm going to have to dl and compile it if I want to use it, so I want to make sure that it's the one I need.
--\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
|
Post #61,806
11/8/02 3:45:15 AM
|
Re: ifconfig -a output:
jake123 wrote: lo Link encap:Local Loopback \n LOOPBACK MTU:3924 Metric:1 \n RX packets:0 errors:0 dropped:0 overruns:0 frame:0 \n TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 \n collisions:0 txqueuelen:0 \n RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) You'll notice the complete and utter lack of any IP address in there. That's your problem. You know, a line like "inet addr:127.0.0.1 Mask:255.0.0.0". So, time to fix yr. loopback network. And make sure /etc/hosts has "127.0.0.1 localhost" in it. Rick Moen rick@linuxmafia.com
If you lived here, you'd be $HOME already.
|
Post #61,857
11/8/02 10:58:09 AM
|
Yikes
I can't believe that one slipped by me.
I've fixed it in /etc/network/interfaces.
Thanks!
--\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
|
Post #61,918
11/8/02 6:11:20 PM
|
Re: Yikes
You're welcome.
In case I was too cryptic, that was the cause of your "neighbour table overflow" errors. It wasn't a driver bug, a hardware error, hub or switch negotiation, RIP malfunctions, frame collisions, or cabling problems. Yes, it was an overflowing ARP table, but that was in turn just a result of the underlying cause: /dev/lo being invalid.
Rick Moen
rick@linuxmafia.com
If you lived here, you'd be $HOME already.
|
Post #62,006
11/9/02 11:31:04 PM
|
Well, time will tell
as in all things:). It's set up properly now... we'll see if it happens again or not.
--\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------
|
Post #61,933
11/8/02 8:42:45 PM
|
Re: Yikes
How did it happen? This must be a Debian thing. I've never seen a single IP machine with a misconfigured loopback address.
Good eyes to Rick for spotting that.
-drl
|
Post #61,937
11/8/02 9:18:29 PM
|
Debian thing?
Doubt that.
I mean, I REALLY doubt that.
Debian has the best QA in the Linux business.
More like a slip of the fingers whilst editing the file.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #61,940
11/8/02 9:23:09 PM
|
Slip of fingers?
lo is automatically configured when you install IP networking. Why did it get the wrong address? I can't see any scenario other than deliberately setting lo=0.0.0.0, which I'm sure Jack would not have done.
-drl
|
Post #61,941
11/8/02 9:44:27 PM
|
Re: Slip of fingers?
All it would take, in emacs, would be, on the wrong line:
CTRL-SPACE
down-arrow
CTRL-W
and poof! It's gone.
I can execute the above keystrokes in well under a second. It's easily done.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #61,947
11/9/02 12:36:59 AM
|
Re: Yikes
deSitter wrote:
Good eyes to Rick for spotting that.
Thanks. Truth to tell, it had to percolate through my brain for a while. That is, the original problem description with the "neighbour table overflow" message rang a distant bell when Jack posted it, but I couldn't remember what it was supposed to remind me of. Much later, he posted that /sbin/ifconfig output, and my unconscious tapped me on the shoulder, saying "Hello. That's the loopback misconfiguration problem I was trying to remind you about, earlier."
I've encountered the problem before, but not recently.
Rick Moen
rick@linuxmafia.com
If you lived here, you'd be $HOME already.
|
Post #61,961
11/9/02 6:09:12 AM
|
lo (and bug, incidentally)
I saw the problem and recognized, it, but kept losing my posts here from a w3m session. I'll try to track this down further. \r\n\r\n I'm not sure what the cause of the unconfigured lo was, but I've seen this show up from time to time, I don't believe the ifupdown package configures /etc/network/interfaces in all instances. If any other Debian types know where this configuration is initated from normally (as opposed to manually) please share. --\r\nKarsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]\r\n[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]\r\n
What part of "gestalt" don't you understand?\r\n
[link|http://twiki.iwethey.org/twiki/bin/view/Main/|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n
\r\n
Keep software free. Oppose the CBDTPA. Kill S.2048 dead.\r\n[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
|
Post #62,007
11/9/02 11:39:07 PM
|
Re: lo (and bug, incidentally)
Yes... there's no way I would have disabled loopback... and being a dedicated ViM user, I know that I didn't kill that in interfaces. The thing I was going yikes about was that I never noticed that loopback didn't have an address defined in the output of ifconfig... I can't believe that I looked over that output so many times without noticing that. Forest -> Trees, I guess.
--\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------
|
Post #62,019
11/10/02 1:57:14 AM
|
Re: lo (and bug, incidentally)
Jack wrote:
The thing I was going yikes about was that I never noticed that loopback didn't have an address defined in the output of ifconfig... I can't believe that I looked over that output so many times without noticing that. Forest -> Trees, I guess.
It's easy to miss. I'm pretty much conditioned to look for it. ;-)
Rick Moen
rick@linuxmafia.com
If you lived here, you'd be $HOME already.
|
Post #61,527
11/6/02 9:48:10 PM
|
Common ploy by....
Overflowing a routers ARP Table... especially older ones that only have 2K or so to use.
What happens is that with routers that are possibly vulnerable due to "UN-attentive Administration" can be caused to restart themselves... which then reverts EVERYTHING cponnected to it to the same network until fully init'd. This is especially true with Real Routers that also do VLAN 802.1Q tagging as well as Layer-3 Switches posing as routers doing the VLAN taggin crap they *CAN* do.
The common ploy allows crackers to spoof things in that brief instant to get further along on a crack. I know I've used it to humble some admins that say thier CheckPoint Firewall is impervious... Well, when they change the default rule from anything other than REJECT, changing from Negative logic to Positive Logic or a combo of both as well as a bad order of rules... Well what you expect?
So, overall I see those errors alot on Misconfigured Public Interfaces and on Properly Configured Public Interfaces... just that someone is testing your Firewall... of course since your are Masqurading... and you have a *NIX machine in place... you should be good if they are testing... provided you have your rules right and config'd properly... Wrong Subnet mask still allows some trickery that few people would really catch, but yet allow info out or in.
The best part of the whole thing... unless you have remote logging enabled... The evidence is gone as soon as the router barfs and resets...
[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT
[link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Your friendly Homeland Security Officer reminds:
Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or
Just continue to type on your keyboard, and we'll just sample your DNA.
|
Post #61,567
11/7/02 3:34:08 AM
|
Re: Common ploy by....
gfolkert said:
The common ploy allows crackers to spoof things in that brief instant to get further along on a crack. I know I've used it to humble some admins that say thier CheckPoint Firewall is impervious... Well, when they change the default rule from anything other than REJECT, changing from Negative logic to Positive Logic or a combo of both as well as a bad order of rules... Well what you expect?
Yeah, what he said. The pity of it is that this is such an elementary, dumbass error: Practically the first thing you learn, in setting up routers, is that you should ensure that they reject everything as the very first step upon initialising the interfaces.
People don't realise that filtering routers are actually much trickier than application-level proxy gateways, in that sense. With the latter, only traffic that's been explicitly permitted will be handled at all. With the former, one little error with the rulesets, or a ruleset enacted only in the runtime state but not in the NVRAM, and you're vulnerable.
But routers with only 2K RAM should be dumpster fodder, no?
Rick Moen
rick@linuxmafia.com
If you lived here, you'd be $HOME already.
|
Post #61,600
11/7/02 10:22:02 AM
|
Ok, what do you think of this firewall script?
I'm using ipchains on this one. \r\n
\r\n #!/bin/sh \r\n \r\n# This script sets up the NAT and firewall for the box, and is run when the \r\n# ppp connection to Bell comes up. \r\n \r\n/sbin/ipchains -A input -j ACCEPT -i ppp0 -s 0/0 67 -d 0/0 68 -p udp \r\n \r\n/sbin/depmod -a \r\n/sbin/modprobe ip_masq_ftp \r\n/sbin/modprobe ip_masq_raudio \r\n \r\necho "1" > /proc/sys/net/ipv4/ip_dynaddr \r\necho "1" > /proc/sys/net/ipv4/ip_forward \r\necho "1" > /proc/sys/net/ipv4/ip_always_defrag \r\necho "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose \r\n \r\n/sbin/ipchains -M -S 7200 10 160 \r\n \r\nipchains -F input \r\nipchains -F output \r\nipchains -F forward \r\n \r\nipchains -P input ACCEPT \r\nipchains -P output ACCEPT \r\nipchains -P forward DENY \r\nipchains -A input -s 192.168.0.0/24 -i ppp0 -j DENY \r\nipchains -A input -s 127.0.0.0/8 -i ppp0 -j deny \r\nipchains -A forward -s 192.168.0.0/24 -i ppp0 -j MASQ \r\n
\r\n I'd like to be able to set the policy of input deny, but whenever I do I end up being able to send things out by explicitly allowing input traffic from 192.168.0.0 to eth1 (internal interface) but I never get anything back as the incoming packets get killed. At any rate... pointers on this one would be welcome. Thanks! --\r\n-------------------------------------------------------------------\r\n* Jack Troughton jake at consultron.ca *\r\n* [link|http://consultron.ca|http://consultron.ca] [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\r\n* Laval Qu\ufffdbec Canada [link|news://news.consultron.ca|news://news.consultron.ca] *\r\n-------------------------------------------------------------------
|
