[olug] Linux networking weirdness

Obi-Wan obiwan at jedi.com
Mon Oct 26 12:10:36 CDT 2015

Thanks, I'll inspect those ARP requests.

I did put the firewall's IP on my laptop when I hooked it up in place of 
the firewall.  I didn't snoop for ARP traffic then, but since I was able 
to send traffic through that gateway, I have to assume that I got an ARP 

Hard coding a MAC address might get things working for now, but that 
sounds like it's just asking for trouble down the road when my ISP 
changes hardware without telling me and I've forgotten about that 
hardcoded entry.  It's worth a shot for debugging purposes, though.

On 10/26/2015 11:58 AM, Matthew G. Marsh wrote:
> If you connect your laptop again & do a TCPdump do you see the ARP 
> answers from the ISP gateway?
> Then if you put your Servers MAC address on your laptop do you still 
> see the ARP answers?
> If so maybe look and see what is different between the ARP packets. 
> You can also try hard coding the ISP MAC into your ARP table on the 
> firewall to force the sending. Just use the MAC address given to your 
> laptop.
> That is what I saw when reading through.
> mgm
> On Mon, 26 Oct 2015, Obi-Wan wrote:
>> Hey folks,
>> My home Internet stopped working suddenly last Friday night, and I'm 
>> at a loss to explain what I'm seeing.  It was an instantaneous 
>> failure, not a slow degradation, and nobody was doing anything on my 
>> firewall at the time.  The kids were just web browsing on their 
>> tablets, which is how we first saw the problem.  If any of you have 
>> any suggestions after reading this entire treatise, I'd love to hear 
>> them.  Here's what I think I know:
>> Normal setup:  Internet comes wirelessly via a Future Tech radio dish 
>> on my roof.  An ethernet cable (with POE) connects the radio to my 
>> firewall, which is a dedicated Linux server.  Only the POE power 
>> injector sits between the two.  The firewall has a static public IP 
>> address on a /25 network that sends traffic to a gateway at my ISP's 
>> site.  The firewall runs IPtables and handles NATting / DNS / DHCP 
>> for my home LAN.
>> Problem symptoms:
>> My LAN (both wired & WiFi) can still reach the firewall from the 
>> inside just fine.  The firewall can no longer reach the ISP's gateway 
>> IP or hence the Internet at large.  TCPdump on the firewall's 
>> external NIC shows repeated unanswered ARP requests for the gateway 
>> from my firewall.  I tried turning off IPtables entirely, but that 
>> had no effect on my firewall's ability to see the outside world.  The 
>> firewall's external NIC still shows link lights and traffic 
>> flashing.  I've tried replacing all the short cables, and the visible 
>> portion of the long cable running from my roof to my basement shows 
>> no visible damage.  I've tried powering down & un/re-plugging all the 
>> related equipment, but to no effect.
>> The ISP can connect to the rooftop radio from the outside, so that 
>> link to my house seems to be good.
>> If I disconnect my firewall from the radio and plug my linux laptop 
>> directly into the radio (configuring it to have the firewall's static 
>> IP), then my laptop can get out to the Internet just fine. That seems 
>> to indicate that the POE injector, the long cable, and the gateway 
>> configuration are fine. Physical distances forced me to use a 
>> different cable to connect my laptop to the POE injector than I use 
>> to connect the firewall to the POE injector.
>> If I connect my laptop directly to the external NIC on my firewall 
>> using a crossover cable (configuring my laptop to be a different IP 
>> on the external /25 subnet), then the laptop & the firewall can 
>> communicate with each other just fine.  That seems to indicate that 
>> the firewall is working just fine.
>> If I connect the rooftop radio directly into my LAN switch (bypassing 
>> the linux firewall) and let the radio handle NAT / DHCP on a 
>> non-routable subnet that it provides, then the rest of my LAN can get 
>> to the Internet at large, but at an unusably slow speed (240 Kbps 
>> download).  That's how I left things at the moment.  I didn't have to 
>> change any config on the radio to make this happen, so apparently 
>> it's able to do this and serve my normal static IP simultaneously.
>> If both the radio and the firewall both test fine, and the cable 
>> between them has already been replaced, why isn't this working? What 
>> else should I be looking at?
>> I tried calling Future Tech's phone support on Saturday, but I could 
>> hear the guy's eyes glazing over when I described my normal setup 
>> with a linux firewall.  He wasn't able to offer any suggestions.
>> As I type this, it occurs to me that it's *possible* (though highly 
>> unlikely) that *both* the cables I tried using to connect the POE 
>> injector to the firewall could be bad.  I'll have to verify that when 
>> I get home tonight.  In the mean time, I'm at a complete loss.
> --------------------------------------------------
> Matthew G. Marsh
> Special Email Addr for OLUG ;-}
> Phone: (402) 932-7250
> Email: olug4mgm at paktronix.com
> WWW:  http://www.paksecured.org
> --------------------------------------------------
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

*Ben "Obi-Wan" Hollingsworth* obiwan at jedi.com <mailto:obiwan at jedi.com> 
www.Jedi.com <http://www.jedi.com>
The stuff of earth competes for the allegiance I owe only to the
Giver of all good things, so if I stand, let me stand on the
promise that You will pull me through. /-- Rich Mullins/

More information about the OLUG mailing list