FreeBSD Mail Archives

Date:      Thu, 27 Dec 2001 11:37:38 +0100
From:      Stefan de Zeeuw <stefan.de.zeeuw@wellance.com>
To:        "Freebsd-Questions@Freebsd. Org (E-mail)" <freebsd-questions@freebsd.org>
Subject:   Weird IP problem!
Message-ID:  <0107A170FEECD211ABE500104BD665BBFF020C@monster.wellance.com>

next in thread | raw e-mail | index | archive | help


[-- Attachment #1 --]

My setup:
FreeBSD4.4-RELEASE connected to a cablemodem via rl0
rl1 is connected to a HUB and 2 clients
And the machine acts as a firewall/NAT config

Yesterday my internet connection was dead, the cablemodem was acting
strange(the lights) and I did a power recycle on the modem, nothing happend,
same results.
After that I found this in my log:

Dec 25 17:07:37 FIREWALL /kernel: arp: unknown hardware address format
(0x0800)
Dec 26 03:01:44 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 03:02:54 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 03:04:14 FIREWALL last message repeated 2 times
Dec 26 03:14:56 FIREWALL last message repeated 14 times
Dec 26 03:19:10 FIREWALL last message repeated 13 times
Dec 26 05:15:02 FIREWALL natd[284]: failed to write packet back (No route to
host)
<snip>
Dec 26 09:23:25 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is
not on local network
Dec 26 09:47:33 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is
not on local network
Dec 26 09:50:16 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11
Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0
Dec 26 09:50:16 FIREWALL dhclient: New Broadcast Address(rl0):
192.168.100.255
Dec 26 10:23:49 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 10:23:51 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 10:23:51 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11
Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0
Dec 26 10:23:51 FIREWALL dhclient: New Broadcast Address(rl0):
192.168.100.255
Dec 26 10:24:43 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 10:24:51 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 10:24:52 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11
Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0
Dec 26 10:24:52 FIREWALL dhclient: New Broadcast Address(rl0):
192.168.100.255
Dec 26 10:26:40 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 10:26:43 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 10:26:43 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11
Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0
Dec 26 10:26:43 FIREWALL dhclient: New Broadcast Address(rl0):
192.168.100.255
Dec 26 10:39:01 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP
address 0.0.0.0!
Dec 26 10:39:01 FIREWALL last message repeated 51 times
Dec 26 11:37:59 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP
address 0.0.0.0!
Dec 26 11:37:59 FIREWALL last message repeated 256 times
Dec 26 11:52:13 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON ttyv0
Dec 26 12:24:02 FIREWALL natd[284]: failed to write packet back (No route to
host)
Dec 26 12:24:02 FIREWALL last message repeated 64 times
Dec 26 12:26:18 FIREWALL last message repeated 5 times
Dec 26 12:26:18 FIREWALL dhclient: New IP Address(rl0): 213.73.160.xxx
Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0
Dec 26 12:26:18 FIREWALL dhclient: New Broadcast Address(rl0):
213.73.160.255
Dec 26 12:26:18 FIREWALL dhclient: New Routers: 213.73.160.1

It is very strange and i do not understand what may have happend here. Was
it a error by my ISP or was it a intrusion attempt?

After this i killed my dhclient and started it up again, assigning me my
original ip address. And everything was fine.
But I would like to know what happend here. Anyone have some ideas??
I would like to hear them!

Sincerly
Stef

[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>Weird IP problem!</TITLE>
</HEAD>
<BODY>
<BR>

<P><FONT SIZE=2>My setup:</FONT>
<BR><FONT SIZE=2>FreeBSD4.4-RELEASE connected to a cablemodem via rl0</FONT>
<BR><FONT SIZE=2>rl1 is connected to a HUB and 2 clients</FONT>
<BR><FONT SIZE=2>And the machine acts as a firewall/NAT config</FONT>
</P>

<P><FONT SIZE=2>Yesterday my internet connection was dead, the cablemodem was acting strange(the lights) and I did a power recycle on the modem, nothing happend, same results.</FONT></P>

<P><FONT SIZE=2>After that I found this in my log:</FONT>
</P>

<P><FONT SIZE=2>Dec 25 17:07:37 FIREWALL /kernel: arp: unknown hardware address format (0x0800)</FONT>
<BR><FONT SIZE=2>Dec 26 03:01:44 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 03:02:54 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 03:04:14 FIREWALL last message repeated 2 times</FONT>
<BR><FONT SIZE=2>Dec 26 03:14:56 FIREWALL last message repeated 14 times</FONT>
<BR><FONT SIZE=2>Dec 26 03:19:10 FIREWALL last message repeated 13 times</FONT>
<BR><FONT SIZE=2>Dec 26 05:15:02 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>&lt;snip&gt;</FONT>
<BR><FONT SIZE=2>Dec 26 09:23:25 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network</FONT>
<BR><FONT SIZE=2>Dec 26 09:47:33 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network</FONT>
<BR><FONT SIZE=2>Dec 26 09:50:16 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11</FONT>
<BR><FONT SIZE=2>Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0</FONT>
<BR><FONT SIZE=2>Dec 26 09:50:16 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255</FONT>
<BR><FONT SIZE=2>Dec 26 10:23:49 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 10:23:51 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 10:23:51 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11</FONT>
<BR><FONT SIZE=2>Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0</FONT>
<BR><FONT SIZE=2>Dec 26 10:23:51 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255</FONT>
<BR><FONT SIZE=2>Dec 26 10:24:43 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 10:24:51 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 10:24:52 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11</FONT>
<BR><FONT SIZE=2>Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0</FONT>
<BR><FONT SIZE=2>Dec 26 10:24:52 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255</FONT>
<BR><FONT SIZE=2>Dec 26 10:26:40 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 10:26:43 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 10:26:43 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11</FONT>
<BR><FONT SIZE=2>Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0</FONT>
<BR><FONT SIZE=2>Dec 26 10:26:43 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255</FONT>
<BR><FONT SIZE=2>Dec 26 10:39:01 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0!</FONT>
<BR><FONT SIZE=2>Dec 26 10:39:01 FIREWALL last message repeated 51 times</FONT>
<BR><FONT SIZE=2>Dec 26 11:37:59 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0!</FONT>
<BR><FONT SIZE=2>Dec 26 11:37:59 FIREWALL last message repeated 256 times</FONT>
<BR><FONT SIZE=2>Dec 26 11:52:13 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON ttyv0</FONT>
<BR><FONT SIZE=2>Dec 26 12:24:02 FIREWALL natd[284]: failed to write packet back (No route to host)</FONT>
<BR><FONT SIZE=2>Dec 26 12:24:02 FIREWALL last message repeated 64 times</FONT>
<BR><FONT SIZE=2>Dec 26 12:26:18 FIREWALL last message repeated 5 times</FONT>
<BR><FONT SIZE=2>Dec 26 12:26:18 FIREWALL dhclient: New IP Address(rl0): 213.73.160.xxx</FONT>
<BR><FONT SIZE=2>Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0</FONT>
<BR><FONT SIZE=2>Dec 26 12:26:18 FIREWALL dhclient: New Broadcast Address(rl0): 213.73.160.255</FONT>
<BR><FONT SIZE=2>Dec 26 12:26:18 FIREWALL dhclient: New Routers: 213.73.160.1</FONT>
</P>

<P><FONT SIZE=2>It is very strange and i do not understand what may have happend here. Was it a error by my ISP or was it a intrusion attempt?</FONT></P>

<P><FONT SIZE=2>After this i killed my dhclient and started it up again, assigning me my original ip address. And everything was fine.</FONT>
<BR><FONT SIZE=2>But I would like to know what happend here. Anyone have some ideas??</FONT>
<BR><FONT SIZE=2>I would like to hear them!</FONT>
</P>

<P><FONT SIZE=2>Sincerly</FONT>
<BR><FONT SIZE=2>Stef</FONT>
</P>

</BODY>
</HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0107A170FEECD211ABE500104BD665BBFF020C>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation