Date: Thu, 27 Dec 2001 11:37:38 +0100 From: Stefan de Zeeuw <stefan.de.zeeuw@wellance.com> To: "Freebsd-Questions@Freebsd. Org (E-mail)" <freebsd-questions@freebsd.org> Subject: Weird IP problem! Message-ID: <0107A170FEECD211ABE500104BD665BBFF020C@monster.wellance.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C18EC2.81620990 Content-Type: text/plain; charset="iso-8859-1" My setup: FreeBSD4.4-RELEASE connected to a cablemodem via rl0 rl1 is connected to a HUB and 2 clients And the machine acts as a firewall/NAT config Yesterday my internet connection was dead, the cablemodem was acting strange(the lights) and I did a power recycle on the modem, nothing happend, same results. After that I found this in my log: Dec 25 17:07:37 FIREWALL /kernel: arp: unknown hardware address format (0x0800) Dec 26 03:01:44 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 03:02:54 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 03:04:14 FIREWALL last message repeated 2 times Dec 26 03:14:56 FIREWALL last message repeated 14 times Dec 26 03:19:10 FIREWALL last message repeated 13 times Dec 26 05:15:02 FIREWALL natd[284]: failed to write packet back (No route to host) <snip> Dec 26 09:23:25 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network Dec 26 09:47:33 FIREWALL /kernel: arplookup 192.168.100.1 failed: host is not on local network Dec 26 09:50:16 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 09:50:16 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:23:49 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:23:51 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:23:51 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:23:51 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:24:43 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:24:51 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:24:52 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:24:52 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:26:40 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:26:43 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 10:26:43 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 10:26:43 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255 Dec 26 10:39:01 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! Dec 26 10:39:01 FIREWALL last message repeated 51 times Dec 26 11:37:59 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address 0.0.0.0! Dec 26 11:37:59 FIREWALL last message repeated 256 times Dec 26 11:52:13 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON ttyv0 Dec 26 12:24:02 FIREWALL natd[284]: failed to write packet back (No route to host) Dec 26 12:24:02 FIREWALL last message repeated 64 times Dec 26 12:26:18 FIREWALL last message repeated 5 times Dec 26 12:26:18 FIREWALL dhclient: New IP Address(rl0): 213.73.160.xxx Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0 Dec 26 12:26:18 FIREWALL dhclient: New Broadcast Address(rl0): 213.73.160.255 Dec 26 12:26:18 FIREWALL dhclient: New Routers: 213.73.160.1 It is very strange and i do not understand what may have happend here. Was it a error by my ISP or was it a intrusion attempt? After this i killed my dhclient and started it up again, assigning me my original ip address. And everything was fine. But I would like to know what happend here. Anyone have some ideas?? I would like to hear them! Sincerly Stef ------_=_NextPart_001_01C18EC2.81620990 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>Weird IP problem!</TITLE> </HEAD> <BODY> <BR> <P><FONT SIZE=3D2>My setup:</FONT> <BR><FONT SIZE=3D2>FreeBSD4.4-RELEASE connected to a cablemodem via = rl0</FONT> <BR><FONT SIZE=3D2>rl1 is connected to a HUB and 2 clients</FONT> <BR><FONT SIZE=3D2>And the machine acts as a firewall/NAT config</FONT> </P> <P><FONT SIZE=3D2>Yesterday my internet connection was dead, the = cablemodem was acting strange(the lights) and I did a power recycle on = the modem, nothing happend, same results.</FONT></P> <P><FONT SIZE=3D2>After that I found this in my log:</FONT> </P> <P><FONT SIZE=3D2>Dec 25 17:07:37 FIREWALL /kernel: arp: unknown = hardware address format (0x0800)</FONT> <BR><FONT SIZE=3D2>Dec 26 03:01:44 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 03:02:54 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 03:04:14 FIREWALL last message repeated 2 = times</FONT> <BR><FONT SIZE=3D2>Dec 26 03:14:56 FIREWALL last message repeated 14 = times</FONT> <BR><FONT SIZE=3D2>Dec 26 03:19:10 FIREWALL last message repeated 13 = times</FONT> <BR><FONT SIZE=3D2>Dec 26 05:15:02 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2><snip></FONT> <BR><FONT SIZE=3D2>Dec 26 09:23:25 FIREWALL /kernel: arplookup = 192.168.100.1 failed: host is not on local network</FONT> <BR><FONT SIZE=3D2>Dec 26 09:47:33 FIREWALL /kernel: arplookup = 192.168.100.1 failed: host is not on local network</FONT> <BR><FONT SIZE=3D2>Dec 26 09:50:16 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11</FONT> <BR><FONT SIZE=3D2>Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0</FONT> <BR><FONT SIZE=3D2>Dec 26 09:50:16 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255</FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:49 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11</FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0</FONT> <BR><FONT SIZE=3D2>Dec 26 10:23:51 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255</FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:43 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:51 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:52 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11</FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0</FONT> <BR><FONT SIZE=3D2>Dec 26 10:24:52 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255</FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:40 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL dhclient: New IP = Address(rl0): 192.168.100.11</FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0</FONT> <BR><FONT SIZE=3D2>Dec 26 10:26:43 FIREWALL dhclient: New Broadcast = Address(rl0): 192.168.100.255</FONT> <BR><FONT SIZE=3D2>Dec 26 10:39:01 FIREWALL /kernel: arp: = 00:20:40:e3:1d:7b is using my IP address 0.0.0.0!</FONT> <BR><FONT SIZE=3D2>Dec 26 10:39:01 FIREWALL last message repeated 51 = times</FONT> <BR><FONT SIZE=3D2>Dec 26 11:37:59 FIREWALL /kernel: arp: = 00:20:40:e3:1d:7b is using my IP address 0.0.0.0!</FONT> <BR><FONT SIZE=3D2>Dec 26 11:37:59 FIREWALL last message repeated 256 = times</FONT> <BR><FONT SIZE=3D2>Dec 26 11:52:13 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON = ttyv0</FONT> <BR><FONT SIZE=3D2>Dec 26 12:24:02 FIREWALL natd[284]: failed to write = packet back (No route to host)</FONT> <BR><FONT SIZE=3D2>Dec 26 12:24:02 FIREWALL last message repeated 64 = times</FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL last message repeated 5 = times</FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New IP = Address(rl0): 213.73.160.xxx</FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask = (rl0): 255.255.255.0</FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New Broadcast = Address(rl0): 213.73.160.255</FONT> <BR><FONT SIZE=3D2>Dec 26 12:26:18 FIREWALL dhclient: New Routers: = 213.73.160.1</FONT> </P> <P><FONT SIZE=3D2>It is very strange and i do not understand what may = have happend here. Was it a error by my ISP or was it a intrusion = attempt?</FONT></P> <P><FONT SIZE=3D2>After this i killed my dhclient and started it up = again, assigning me my original ip address. And everything was = fine.</FONT> <BR><FONT SIZE=3D2>But I would like to know what happend here. Anyone = have some ideas??</FONT> <BR><FONT SIZE=3D2>I would like to hear them!</FONT> </P> <P><FONT SIZE=3D2>Sincerly</FONT> <BR><FONT SIZE=3D2>Stef</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C18EC2.81620990-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0107A170FEECD211ABE500104BD665BBFF020C>