Date: Thu, 27 Dec 2001 12:29:21 +0100 From: Stefan de Zeeuw <stefan.de.zeeuw@wellance.com> To: "Freebsd-Questions@Freebsd. Org (E-mail)" <freebsd-questions@freebsd.org> Subject: RE: Weird IP problem! Message-ID: <0107A170FEECD211ABE500104BD665BBFF020F@monster.wellance.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C18EC9.BA7E13C0 Content-Type: text/plain; charset="iso-8859-1" Well i allways get the same IP from the DHCP server from my ISP so I don't think this may be the problem. Even if my cable modem is off for an hour or so. So I think theoretical everyone has his own (half static)IP number, but can be changed if the ISP finds it neccesery in the future e.g. ip expansion or so. ----- Original Message ----- Hi Don't know about your cable modem but it sounds like it does the same as mine. They have a build in DHCP server and your PC will grab an address from the cable modem itself if it can't find a DHCP server up-stream. You can test the theory by removing the lead from the back of the cable modem and restarting dhclient!!!!! Gordon ----- Original Message ----- From: Stefan de Zeeuw To: Freebsd-Questions@Freebsd. Org (E-mail) Sent: Thursday, December 27, 2001 10:37 AM Subject: Weird IP problem! My setup: FreeBSD4.4-RELEASE connected to a cablemodem via rl0 rl1 is connected to a HUB and 2 clients And the machine acts as a firewall/NAT config Yesterday my internet connection was dead, the cablemodem was acting strange(the lights) and I did a power recycle on the modem, nothing happend, same results. After that I found this in my log: Dec 25 17:07:37 FIREWALL /kernel: arp: unknown hardware address format (0x0800) Dec 26 03:01:44 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 03:02:54 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 03:04:14 FIREWALL last message repeated 2 times Dec 26 03:14:56 FIREWALL last message repeated 14 times Dec 26 03:19:10 FIREWALL last message repeated 13 times Dec 26 05:15:02 FIREWALL natd[284]: failed to write packet back (No route to host) <snip> Dec 26 09:23:25 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network Dec 26 09:47:33 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network Dec 26 09:50:16 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 09:50:16 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:23:49 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:23:51 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:23:51 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:23:51 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:24:43 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:24:51 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:24:52 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:24:52 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:26:40 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:26:43 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:26:43 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:26:43 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:39:01 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! Dec 26 10:39:01 FIREWALL last message repeated 51 times Dec 26 11:37:59 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! Dec 26 11:37:59 FIREWALL last message repeated 256 times Dec 26 11:52:13 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON ttyv0 Dec 26 12:24:02 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 12:24:02 FIREWALL last message repeated 64 times Dec 26 12:26:18 FIREWALL last message repeated 5 times Dec 26 12:26:18 FIREWALL dhclient: New IP Address(rl0): 213.73.160.xxx Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 12:26:18 FIREWALL dhclient: New Broadcast Address(rl0): 213.73.160.255 Dec 26 12:26:18 FIREWALL dhclient: New Routers: 213.73.160.1 It is very strange and i do not understand what may have happend here. Was it a error by my ISP or was it a intrusion attempt? After this i killed my dhclient and started it up again, assigning me my original ip address. And everything was fine. But I would like to know what happend here. Anyone have some ideas?? I would like to hear them! Sincerly Stef ------_=_NextPart_001_01C18EC9.BA7E13C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: Weird IP problem!</TITLE> </HEAD> <BODY> <BR> <P><FONT SIZE=3D2>Well i allways get the same IP from the DHCP server = from my ISP so I don't think this may be the problem. Even if my cable = modem is off for an hour or so. So I think theoretical everyone has his = own (half static)IP number, but can be changed if the ISP finds it = neccesery in the future e.g. ip expansion or so.</FONT></P> <BR> <P><FONT SIZE=3D2>----- Original Message ----- </FONT> <BR><FONT SIZE=3D2>Hi</FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>Don't know about your cable modem but it sounds like = it does the same as mine. They have a build in DHCP server and = your PC will grab an address from the cable modem itself if it can't = find a DHCP server up-stream. You can test the theory by removing = the lead from the back of the cable modem and restarting = dhclient!!!!!</FONT></P> <P><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>Gordon</FONT> <BR><FONT SIZE=3D2>----- Original Message ----- </FONT> <BR><FONT SIZE=3D2>From: Stefan de Zeeuw </FONT> <BR><FONT SIZE=3D2>To: Freebsd-Questions@Freebsd. Org (E-mail) </FONT> <BR><FONT SIZE=3D2>Sent: Thursday, December 27, 2001 10:37 AM</FONT> <BR><FONT SIZE=3D2>Subject: Weird IP problem!</FONT> </P> <BR> <BR> <BR> <P><FONT SIZE=3D2>My setup: </FONT> <BR><FONT SIZE=3D2>FreeBSD4.4-RELEASE connected to a cablemodem via rl0 = </FONT> <BR><FONT SIZE=3D2>rl1 is connected to a HUB and 2 clients </FONT> <BR><FONT SIZE=3D2>And the machine acts as a firewall/NAT config = </FONT> </P> <P><FONT SIZE=3D2>Yesterday my internet connection was dead, the = cablemodem was acting strange(the lights) and I did a power recycle on = the modem, nothing happend, same results.</FONT></P> <P><FONT SIZE=3D2>After that I found this in my log: </FONT> </P> <P><FONT SIZE=3D2>Dec 25 17:07:37 FIREWALL /kernel: arp: unknown = hardware address format (0x0800) </FONT> <BR><FONT SIZE=3D2>Dec 26 03:01:44 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 03:02:54 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 03:04:14 FIREWALL last message repeated 2 = times </FONT> <BR><FONT SIZE=3D2>Dec 26 03:14:56 FIREWALL last message repeated 14 = times </FONT> <BR><FONT SIZE=3D2>Dec 26 03:19:10 FIREWALL last message repeated 13 = times </FONT> <BR><FONT SIZE=3D2>Dec 26 05:15:02 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2><snip> </FONT> <BR><FONT SIZE=3D2>Dec 26 09:23:25 FIREWALL /kernel: arplookup = 192.168.100.1 failed: host is not on local network </FONT> <BR><FONT SIZE=3D2>Dec 26 09:47:33 FIREWALL /kernel: arplookup = 192.168.100.1 failed: host is not on local network </FONT> <BR><FONT SIZE=3D2>Dec 26 09:50:16 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11 </FONT> <BR><FONT SIZE=3D2>Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0 </FONT> <BR><FONT SIZE=3D2>Dec 26 09:50:16 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:49 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:43 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:51 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:52 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:52 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:40 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255 </FONT> <BR><FONT SIZE=3D2>Dec 26 10:39:01 FIREWALL /kernel: arp: = 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! </FONT> <BR><FONT SIZE=3D2>Dec 26 10:39:01 FIREWALL last message repeated 51 = times </FONT> <BR><FONT SIZE=3D2>Dec 26 11:37:59 FIREWALL /kernel: arp: = 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! </FONT> <BR><FONT SIZE=3D2>Dec 26 11:37:59 FIREWALL last message repeated 256 = times </FONT> <BR><FONT SIZE=3D2>Dec 26 11:52:13 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON = ttyv0 </FONT> <BR><FONT SIZE=3D2>Dec 26 12:24:02 FIREWALL natd[284]: failed to write = packet back (No route to host) </FONT> <BR><FONT SIZE=3D2>Dec 26 12:24:02 FIREWALL last message repeated 64 = times </FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL last message repeated 5 = times </FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New IP = Address(rl0): 213.73.160.xxx </FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0 </FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New Broadcast = Address(rl0): 213.73.160.255 </FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New Routers: = 213.73.160.1 </FONT> </P> <P><FONT SIZE=3D2>It is very strange and i do not understand what may = have happend here. Was it a error by my ISP or was it a intrusion = attempt?</FONT></P> <P><FONT SIZE=3D2>After this i killed my dhclient and started it up = again, assigning me my original ip address. And everything was fine. = </FONT> <BR><FONT SIZE=3D2>But I would like to know what happend here. Anyone = have some ideas?? </FONT> <BR><FONT SIZE=3D2>I would like to hear them! </FONT> </P> <P><FONT SIZE=3D2>Sincerly </FONT> <BR><FONT SIZE=3D2>Stef </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C18EC9.BA7E13C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0107A170FEECD211ABE500104BD665BBFF020F>