solarbird: (molly-thats-not-good-green)
[personal profile] solarbird
The 1995 P166 that has been until now has formally and abruptly retired itself. So I'm having to move the new box into place now. This is the DMZ box I was talking about earlier.

Henceforth, "Door" refers to "New Door," not the old machine that is broken. It is latest Debian.

Door has three network cards: eth0 going to cable modem, eth1 going to fixed IP LAN segment, eth2 going to DHCP LAN segment. Door is running both DNS and DHCP servers.

Door can see everything in the world, on all cards. Complete functionality.

DHCP side can see everything in the world, on all cards. Complete functionality.

Fixed IP machines can all see Door (including its DNS services), and each other, and talk to the DHCP side, but can talk to nothing living out on eth0.

tcpdump on Door shows Door handing off ICMP packets on eth0, so that direction seems okay.

I am not seeing ACKs coming back to Door on eth0 from but I can't be sure they aren't doing something tricky and my filters are confused.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 eth0 U     0      0        0 eth1 UH    0      0        0 eth1 UH    0      0        0 eth1 UH    0      0        0 eth1 UH    0      0        0 eth0   U     0      0        0 eth2

Door is (on eth0), (on eth1), (on eth2). is the modem. is a network to eth1.

Anybody know wtf?

eta: The router - in addition to not showing door any ACKs for anything from .42 and .43 - is sending out a lot of ARP packets looking for and, and I'm starting to think it won't talk to a gateway box in the fixed-IP range. I try to add .41 as a gateway address for .42 and .43 and it refuses, saying illegal LAN address. SUPER RAGIFICATION ENGAGED.

eta2: And the new problem is that the PS4 won't pick up the gateway information from the Linux-based DHCP server. It will pick up an address! It's also not getting the DNS server number either. Why? Fuck if I know, everything else does it right.

Date: 2017-06-26 10:34 am (UTC)
wrog: (Default)
From: [personal profile] wrog
Have you looked at or done anything with the iptables rules (i.e., what does iptables -L -n on door give you?

My current crazy theory is that there's a default DROP rule in there that's screwing you, say, if the default iptables config only expects there to be 2 interfaces... or is doing the usual firewall thing of aggressively DROPping everything coming from "outside" that's not explicitly approved, and it's treating everything other than eth2 as "outside"
Edited Date: 2017-06-26 10:41 am (UTC)

Date: 2017-06-30 01:34 am (UTC)
wrog: (howitzer)
From: [personal profile] wrog
I am a bit boggled that they don't let you put the Comcast box into bridge mode

(also iptables can, in fact, be blocking stuff in one direction, but if door isn't actually serving as a firewall, then I guess you don't need to mess with that unless you want to be paranoid...)
Edited Date: 2017-06-30 01:34 am (UTC)

October 2017

12 3 4 567
8 91011 12 1314
15 16 17 1819 2021
22 232425262728

Most Popular Tags

Page Summary