Date: Thu, 27 Dec 2001 10:52:27 -0000 From: "G D McKee" <freebsd@gdmckee.com> To: "Stefan de Zeeuw" <stefan.de.zeeuw@wellance.com>, "Freebsd-Questions@Freebsd. Org (E-mail)" <freebsd-questions@freebsd.org> Subject: Re: Weird IP problem! Message-ID: <000d01c18ec4$933542c0$0a00a8c0@p1000> References: <0107A170FEECD211ABE500104BD665BBFF020C@monster.wellance.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C18EC4.9330AEE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Weird IP problem!Hi Don't know about your cable modem but it sounds like it does the same as = mine. They have a build in DHCP server and your PC will grab an address = from the cable modem itself if it can't find a DHCP server up-stream. = You can test the theory by removing the lead from the back of the cable = modem and restarting dhclient!!!!! Gordon ----- Original Message -----=20 From: Stefan de Zeeuw=20 To: Freebsd-Questions@Freebsd. Org (E-mail)=20 Sent: Thursday, December 27, 2001 10:37 AM Subject: Weird IP problem! My setup:=20 FreeBSD4.4-RELEASE connected to a cablemodem via rl0=20 rl1 is connected to a HUB and 2 clients=20 And the machine acts as a firewall/NAT config=20 Yesterday my internet connection was dead, the cablemodem was acting = strange(the lights) and I did a power recycle on the modem, nothing = happend, same results. After that I found this in my log:=20 Dec 25 17:07:37 FIREWALL /kernel: arp: unknown hardware address format = (0x0800)=20 Dec 26 03:01:44 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 03:02:54 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 03:04:14 FIREWALL last message repeated 2 times=20 Dec 26 03:14:56 FIREWALL last message repeated 14 times=20 Dec 26 03:19:10 FIREWALL last message repeated 13 times=20 Dec 26 05:15:02 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 <snip>=20 Dec 26 09:23:25 FIREWALL /kernel: arplookup 192.168.100.1 failed: host = is not on local network=20 Dec 26 09:47:33 FIREWALL /kernel: arplookup 192.168.100.1 failed: host = is not on local network=20 Dec 26 09:50:16 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 = Dec 26 09:50:16 FIREWALL dhclient: New Subnet Mask (rl0): = 255.255.255.0=20 Dec 26 09:50:16 FIREWALL dhclient: New Broadcast Address(rl0): = 192.168.100.255=20 Dec 26 10:23:49 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 10:23:51 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 10:23:51 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 = Dec 26 10:23:51 FIREWALL dhclient: New Subnet Mask (rl0): = 255.255.255.0=20 Dec 26 10:23:51 FIREWALL dhclient: New Broadcast Address(rl0): = 192.168.100.255=20 Dec 26 10:24:43 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 10:24:51 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 10:24:52 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 = Dec 26 10:24:52 FIREWALL dhclient: New Subnet Mask (rl0): = 255.255.255.0=20 Dec 26 10:24:52 FIREWALL dhclient: New Broadcast Address(rl0): = 192.168.100.255=20 Dec 26 10:26:40 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 10:26:43 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 10:26:43 FIREWALL dhclient: New IP Address(rl0): 192.168.100.11 = Dec 26 10:26:43 FIREWALL dhclient: New Subnet Mask (rl0): = 255.255.255.0=20 Dec 26 10:26:43 FIREWALL dhclient: New Broadcast Address(rl0): = 192.168.100.255=20 Dec 26 10:39:01 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my = IP address 0.0.0.0!=20 Dec 26 10:39:01 FIREWALL last message repeated 51 times=20 Dec 26 11:37:59 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my = IP address 0.0.0.0!=20 Dec 26 11:37:59 FIREWALL last message repeated 256 times=20 Dec 26 11:52:13 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 12:20:47 FIREWALL login: ROOT LOGIN (root) ON ttyv0=20 Dec 26 12:24:02 FIREWALL natd[284]: failed to write packet back (No = route to host)=20 Dec 26 12:24:02 FIREWALL last message repeated 64 times=20 Dec 26 12:26:18 FIREWALL last message repeated 5 times=20 Dec 26 12:26:18 FIREWALL dhclient: New IP Address(rl0): 213.73.160.xxx = Dec 26 12:26:18 FIREWALL dhclient: New Subnet Mask (rl0): = 255.255.255.0=20 Dec 26 12:26:18 FIREWALL dhclient: New Broadcast Address(rl0): = 213.73.160.255=20 Dec 26 12:26:18 FIREWALL dhclient: New Routers: 213.73.160.1=20 It is very strange and i do not understand what may have happend here. = Was it a error by my ISP or was it a intrusion attempt? After this i killed my dhclient and started it up again, assigning me = my original ip address. And everything was fine.=20 But I would like to know what happend here. Anyone have some ideas??=20 I would like to hear them!=20 Sincerly=20 Stef=20 ------=_NextPart_000_000A_01C18EC4.9330AEE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Weird IP problem!</TITLE> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2712.300" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hi</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Don't know about your cable modem but = it sounds=20 like it does the same as mine. They have a build in DHCP server = and your=20 PC will grab an address from the cable modem itself if it can't find a = DHCP=20 server up-stream. You can test the theory by removing the lead = from the=20 back of the cable modem and restarting dhclient!!!!!</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Gordon</FONT></DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A title=3Dstefan.de.zeeuw@wellance.com=20 href=3D"mailto:stefan.de.zeeuw@wellance.com">Stefan de Zeeuw</A> = </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20 title=3Dfreebsd-questions@freebsd.org=20 href=3D"mailto:Freebsd-Questions@Freebsd. Org = (E-mail)">Freebsd-Questions@Freebsd.=20 Org (E-mail)</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, December 27, = 2001 10:37=20 AM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Weird IP = problem!</DIV> <DIV><BR></DIV><BR> <P><FONT size=3D2>My setup:</FONT> <BR><FONT = size=3D2>FreeBSD4.4-RELEASE connected=20 to a cablemodem via rl0</FONT> <BR><FONT size=3D2>rl1 is connected to = a HUB and=20 2 clients</FONT> <BR><FONT size=3D2>And the machine acts as a = firewall/NAT=20 config</FONT> </P> <P><FONT size=3D2>Yesterday my internet connection was dead, the = cablemodem was=20 acting strange(the lights) and I did a power recycle on the modem, = nothing=20 happend, same results.</FONT></P> <P><FONT size=3D2>After that I found this in my log:</FONT> </P> <P><FONT size=3D2>Dec 25 17:07:37 FIREWALL /kernel: arp: unknown = hardware=20 address format (0x0800)</FONT> <BR><FONT size=3D2>Dec 26 03:01:44 = FIREWALL=20 natd[284]: failed to write packet back (No route to host)</FONT> = <BR><FONT=20 size=3D2>Dec 26 03:02:54 FIREWALL natd[284]: failed to write packet = back (No=20 route to host)</FONT> <BR><FONT size=3D2>Dec 26 03:04:14 FIREWALL last = message=20 repeated 2 times</FONT> <BR><FONT size=3D2>Dec 26 03:14:56 FIREWALL = last message=20 repeated 14 times</FONT> <BR><FONT size=3D2>Dec 26 03:19:10 FIREWALL = last=20 message repeated 13 times</FONT> <BR><FONT size=3D2>Dec 26 05:15:02 = FIREWALL=20 natd[284]: failed to write packet back (No route to host)</FONT> = <BR><FONT=20 size=3D2><snip></FONT> <BR><FONT size=3D2>Dec 26 09:23:25 = FIREWALL /kernel:=20 arplookup 192.168.100.1 failed: host is not on local network</FONT> = <BR><FONT=20 size=3D2>Dec 26 09:47:33 FIREWALL /kernel: arplookup 192.168.100.1 = failed: host=20 is not on local network</FONT> <BR><FONT size=3D2>Dec 26 09:50:16 = FIREWALL=20 dhclient: New IP Address(rl0): 192.168.100.11</FONT> <BR><FONT = size=3D2>Dec 26=20 09:50:16 FIREWALL dhclient: New Subnet Mask (rl0): = 255.255.255.0</FONT>=20 <BR><FONT size=3D2>Dec 26 09:50:16 FIREWALL dhclient: New Broadcast=20 Address(rl0): 192.168.100.255</FONT> <BR><FONT size=3D2>Dec 26 = 10:23:49 FIREWALL=20 natd[284]: failed to write packet back (No route to host)</FONT> = <BR><FONT=20 size=3D2>Dec 26 10:23:51 FIREWALL natd[284]: failed to write packet = back (No=20 route to host)</FONT> <BR><FONT size=3D2>Dec 26 10:23:51 FIREWALL = dhclient: New=20 IP Address(rl0): 192.168.100.11</FONT> <BR><FONT size=3D2>Dec 26 = 10:23:51=20 FIREWALL dhclient: New Subnet Mask (rl0): 255.255.255.0</FONT> = <BR><FONT=20 size=3D2>Dec 26 10:23:51 FIREWALL dhclient: New Broadcast = Address(rl0):=20 192.168.100.255</FONT> <BR><FONT size=3D2>Dec 26 10:24:43 FIREWALL = natd[284]:=20 failed to write packet back (No route to host)</FONT> <BR><FONT = size=3D2>Dec 26=20 10:24:51 FIREWALL natd[284]: failed to write packet back (No route to=20 host)</FONT> <BR><FONT size=3D2>Dec 26 10:24:52 FIREWALL dhclient: New = IP=20 Address(rl0): 192.168.100.11</FONT> <BR><FONT size=3D2>Dec 26 10:24:52 = FIREWALL=20 dhclient: New Subnet Mask (rl0): 255.255.255.0</FONT> <BR><FONT = size=3D2>Dec 26=20 10:24:52 FIREWALL dhclient: New Broadcast Address(rl0): = 192.168.100.255</FONT>=20 <BR><FONT size=3D2>Dec 26 10:26:40 FIREWALL natd[284]: failed to write = packet=20 back (No route to host)</FONT> <BR><FONT size=3D2>Dec 26 10:26:43 = FIREWALL=20 natd[284]: failed to write packet back (No route to host)</FONT> = <BR><FONT=20 size=3D2>Dec 26 10:26:43 FIREWALL dhclient: New IP Address(rl0):=20 192.168.100.11</FONT> <BR><FONT size=3D2>Dec 26 10:26:43 FIREWALL = dhclient: New=20 Subnet Mask (rl0): 255.255.255.0</FONT> <BR><FONT size=3D2>Dec 26 = 10:26:43=20 FIREWALL dhclient: New Broadcast Address(rl0): 192.168.100.255</FONT>=20 <BR><FONT size=3D2>Dec 26 10:39:01 FIREWALL /kernel: arp: = 00:20:40:e3:1d:7b is=20 using my IP address 0.0.0.0!</FONT> <BR><FONT size=3D2>Dec 26 10:39:01 = FIREWALL=20 last message repeated 51 times</FONT> <BR><FONT size=3D2>Dec 26 = 11:37:59=20 FIREWALL /kernel: arp: 00:20:40:e3:1d:7b is using my IP address=20 0.0.0.0!</FONT> <BR><FONT size=3D2>Dec 26 11:37:59 FIREWALL last = message=20 repeated 256 times</FONT> <BR><FONT size=3D2>Dec 26 11:52:13 FIREWALL = natd[284]:=20 failed to write packet back (No route to host)</FONT> <BR><FONT = size=3D2>Dec 26=20 12:20:47 FIREWALL login: ROOT LOGIN (root) ON ttyv0</FONT> <BR><FONT=20 size=3D2>Dec 26 12:24:02 FIREWALL natd[284]: failed to write packet = back (No=20 route to host)</FONT> <BR><FONT size=3D2>Dec 26 12:24:02 FIREWALL last = message=20 repeated 64 times</FONT> <BR><FONT size=3D2>Dec 26 12:26:18 FIREWALL = last=20 message repeated 5 times</FONT> <BR><FONT size=3D2>Dec 26 12:26:18 = FIREWALL=20 dhclient: New IP Address(rl0): 213.73.160.xxx</FONT> <BR><FONT = size=3D2>Dec 26=20 12:26:18 FIREWALL dhclient: New Subnet Mask (rl0): = 255.255.255.0</FONT>=20 <BR><FONT size=3D2>Dec 26 12:26:18 FIREWALL dhclient: New Broadcast=20 Address(rl0): 213.73.160.255</FONT> <BR><FONT size=3D2>Dec 26 12:26:18 = FIREWALL=20 dhclient: New Routers: 213.73.160.1</FONT> </P> <P><FONT size=3D2>It is very strange and i do not understand what may = have=20 happend here. Was it a error by my ISP or was it a intrusion=20 attempt?</FONT></P> <P><FONT size=3D2>After this i killed my dhclient and started it up = again,=20 assigning me my original ip address. And everything was fine.</FONT> = <BR><FONT=20 size=3D2>But I would like to know what happend here. Anyone have some=20 ideas??</FONT> <BR><FONT size=3D2>I would like to hear them!</FONT> = </P> <P><FONT size=3D2>Sincerly</FONT> <BR><FONT size=3D2>Stef</FONT>=20 </P></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_000A_01C18EC4.9330AEE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c18ec4$933542c0$0a00a8c0>