View previous topic :: View next topic |
Author |
Message |
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Sun May 05, 2019 2:13 am Post subject: [solved] Blew up my internet access |
|
|
Actually, I have it at the point where I can emerge but I can't ping!
Code: | tony@MSI ~ $ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=12.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=11.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=120 time=11.3 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 11.309/11.774/12.271/0.393 ms
tony@MSI ~ $ ssh root@192.168.0.130
Password:
k6 ~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
155 packets transmitted, 0 received, 100% packet loss, time 174ms
|
I was trying to setup shorewall and screwed up somehow. This box has three NIC's and I was trying to set up the three zone example.
I have stopped two off the NIC's leaving only the one that been DMZ live. I unmerged shorewall, cleared iptables, turned iptables off and rebooted to no avail.
Attempting to pastebin /etc/conf.d/net resulted in: Code: | k6 ~ # wgetpaste /etc/conf.d/net
Apparently nothing was received. Perhaps the connection failed. Enable --verbose or
--debug to get the output from wget that can help diagnose it correctly. |
Here is /etc/conf.d/net Code: | config_eth0="dhcp"
#config_wan0="dhcp"
rc_verbose="no"
#configure WAN
config_wan0="192.168.0.107 netmask 255.255.0.0"
routes_wan0="default gw 192.168.0.1"
dns_servers_wan0="8.8.8.8 "
#configure LAN
config_lan0="192.168.0.106 netmask 255.255.255.0"
routes_lan0="default gw 192.168.0.1"
dns_servers_lan0="8.8.8.8 "
#configure WIRELESS
#config_wlan0="192.168.0.2 netmask 255.255.0.0"
#routes_wlan0="default gw 192.168.0.1"
config_lan2="192.168.0.130 netmask 255.255.255.0"
routes_lan2="default gw 192.168.0.1"
dns_servers_lan2="8.8.8.8 "
#config_eth2="192.168.0.131 netmask 255.255.255.0"
#routes_eth2="default gw 192.168.0.1"
#dns_servers_eth2="127.0.0.1 "
#modules="${modules} !adsl !br2684ctl !bridge !clip !netplugd !ifplugd !ipppd !pump !pppd "
modules="ethtool !iproute2" #prefer ifconfig
#modules_wlan0=" ${modules} wpa_supplicant"
#use local dnsmasq
carrier_timeout_lan0=10 #fix for e1000
# The network scripts are now part of net-misc/netifrc
# In order to avoid sys-apps/openrc-0.12.4 from removing this file, this comment was
# added; you can safely remove this comment. Please see
# /usr/share/doc/netifrc*/README* for more information.
ifdown_lan0="no"
ethtool_change_lan0="wol g"
ifdown="no"
postdown() {
[ "${IFACE}" = "lan0" ] && ethtool -s "${IFACE}" wol g
return 0
} |
EDIT: This is a 32 bit system.
EDIT 2: The router log is full of these: Code: | [INFO] Sat May 04 22:04:04 2019 Dropped packet from 192.168.0.130 to 8.8.8.8 (IP protocol 1) as unable to create new session
[INFO] Sat May 04 22:04:04 2019 Internet access port filter dropped packet from 192.168.0.130 to 0.0.0.34 (protocol 134744072)
[INFO] Sat May 04 22:04:04 2019 Dropped packet from 192.168.0.130 to 8.8.8.8 (IP protocol 1) as unable to create new session
[INFO] Sat May 04 22:04:04 2019 Internet access port filter dropped packet from 192.168.0.130 to 0.0.0.33 (protocol 134744072) |
Last edited by Tony0945 on Sun May 05, 2019 12:10 pm; edited 1 time in total |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun May 05, 2019 3:27 am Post subject: |
|
|
Sounds like something is corrupting packets. 134744072 is decimal for 0x08080808 - that's the IP address, not a protocol.
"unable to create new session" isn't a string that exists in the kernel, so something else is causing it. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Sun May 05, 2019 12:09 pm Post subject: |
|
|
192.168.0.130 Was the problem. That address was already assigned to a HP wireless printer. The printer's net access is restricted so the router was blocking traffic, but not all traffic. Not to mention duplicate addresses on the same local net. It was a wonder that I could ssh in.
I apologize for wasting forum time on such a stupid mistake. |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Sun May 05, 2019 12:38 pm Post subject: |
|
|
Tony0945 wrote: | I apologize for wasting forum time on such a stupid mistake. |
you're wrong, people will see your mistake and might remember to check that ; almost all threads are useful and not a waste of time. |
|
Back to top |
|
|
|