Re: [gentoo-user] Internet slow at times. Can't figure out why. ISP??
J. Roeleveld wrote: > On Tuesday, April 7, 2020 5:14:14 AM CEST Dale wrote: >> Hey, >> >> As some may recall I bought a new router and modem. I was sort of >> hoping one or both of those would solve a issue I've noticed for a good >> long while. At times, my internet gets really slow, slower than it >> should be at least. I have DSL and it isn't to fast to begin with. At >> times tho, I'm only getting about 20 or 30% of what I should. This is >> what the modem shows for speed: >> >> Downstream Rate 1536 Kbps >> Upstream Rate 384 Kbps >> >> Don't laugh OK. I live in the sticks and for many years, I was lucky to >> get 26K down on dial-up. I hoping for faster one day but this is better >> than dial-up, mostly. ;-) > If it works. > And I remember when I was stuck with a 14k4 modem in the olden days. > >> Here's some info. This slow down seems to always happen in the >> evenings, somewhere between 6 and 9PM. > Isn't this when people sit down to eat and possible start watching netflix or > other streaming services? > Or the kids playing games before going to bed? > >> Generally, the rest of the time >> it is pretty close to its max speed. Because it works most of the time, >> I'm thinking this is not hardware or cable related. I'd think it more >> consistently slow if it was. That said, it does the same with any >> modem, any router or any sets of cables. I even bought some bulk cable >> and ends then made my own cables and tested them with a ohm meter to be >> sure they were really good. No improvement. I also disabled the >> wireless on my cell phone to be sure it wasn't doing something funny. It >> is set to download only when I tell it but there is one google thing >> that ignores that. > I agree. It doesn't sound like a hardware problem. If it were, the issue > would > be far more consistent and not limited to a, near fixed, time period. > >> The only things I see is in the logs. Here is some of the log from the >> modem, currently the Netgear 7550. >> >> >> 2020/04/06 21:54:15 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= >> MAC= SRC=185.175.93.23 DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 >> TTL=241 ID=29175 PROTO=TCP SPT=56054 DPT=5937 WINDOW=1024 RES=0x00 SYN >> URGP=0 OPT (020405AC) >> >> 2020/04/06 21:54:13 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= >> MAC= SRC=176.113.115.54 DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 >> TTL=240 ID=34879 PROTO=TCP SPT=50930 DPT=1683 WINDOW=1024 RES=0x00 SYN >> URGP=0 OPT (020405AC) 2020/04/06 21:54:03 CDT WRN | kernel | >> logInboundBlocked:IN=ppp0 OUT= MAC= SRC=176.113.115.52 >> DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=21875 PROTO=TCP >> SPT=50932 DPT=31240 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405AC) >> 2020/04/06 21:53:43 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= >> MAC= SRC=185.153.198.249 DST=74.188.249.233 LEN=44 TOS=0x08 PREC=0x20 >> TTL=234 ID=8388 PROTO=TCP SPT=58950 DPT=33995 WINDOW=1024 RES=0x00 SYN >> URGP=0 OPT (020405AC) 2020/04/06 21:53:39 CDT WRN | kernel | >> ICMP:logOutboundBlocked:IN= OUT=ppp0 SRC=74.188.249.233 >> DST=152.32.191.35 LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=6687 PROTO=ICMP >> TYPE=0 CODE=0 ID=16298 SEQ=0 2020/04/06 21:53:32 CDT WRN | kernel | >> logInboundBlocked:IN=ppp0 OUT= MAC= SRC=51.178.78.153 DST=74.188.249.233 >> LEN=44 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=58684 DPT=8000 >> WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC) 2020/04/06 21:53:24 CDT >> WRN | kernel | logInboundBlocked:IN=ppp0 OUT= MAC= SRC=185.153.198.240 >> DST=74.188.249.233 LEN=44 TOS=0x08 PREC=0x20 TTL=234 ID=43550 PROTO=TCP >> SPT=50631 DPT=47025 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405AC) >> 2020/04/06 21:53:19 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= >> MAC= SRC=216.58.193.142 DST=74.188.249.233 LEN=40 TOS=0x00 PREC=0x80 >> TTL=121 ID=0 DF PROTO=TCP SPT=443 DPT=50020 WINDOW=0 RES=0x00 RST URGP=0 >> 2020/04/06 21:53:01 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= >> MAC= SRC=146.88.240.4 DST=74.188.249.233 LEN=78 TOS=0x00 PREC=0x00 >> TTL=245 ID=54321 PROTO=UDP SPT=43443 DPT=137 LEN=58 2020/04/06 21:52:58 >> CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= MAC= >> SRC=176.113.115.247 DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 TTL=240 >> ID=64147 PROTO=TCP SPT=50902 DPT=31405 WINDOW=1024 RES=0x00 SYN URGP=0 >> OPT (020405AC) 2020/04/06 21:52:50 CDT WRN | kernel | >> logInboundBlocked:IN=ppp0 OUT= MAC= SRC=170.106.36.63 DST=74.188.249.233 >> LEN=44 TOS=0x08 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=59903 DPT=5938 >> WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC) >> >> >> I googled but didn't really find anything, good or bad, about those >> entries. This is from the router, the TP-Link I bought a few months ago. > Looks like standard port-scanners. The logs indicate they are blocked. So > should be ok. Make sure you have all the security settings enabled on the > router (and only disable the ones that are causing issues) > >> Index Time Type Level Log Content >>
Re: [gentoo-user] Internet slow at times. Can't figure out why. ISP??
On Tuesday, April 7, 2020 5:14:14 AM CEST Dale wrote: > Hey, > > As some may recall I bought a new router and modem. I was sort of > hoping one or both of those would solve a issue I've noticed for a good > long while. At times, my internet gets really slow, slower than it > should be at least. I have DSL and it isn't to fast to begin with. At > times tho, I'm only getting about 20 or 30% of what I should. This is > what the modem shows for speed: > > Downstream Rate 1536 Kbps > Upstream Rate 384 Kbps > > Don't laugh OK. I live in the sticks and for many years, I was lucky to > get 26K down on dial-up. I hoping for faster one day but this is better > than dial-up, mostly. ;-) If it works. And I remember when I was stuck with a 14k4 modem in the olden days. > Here's some info. This slow down seems to always happen in the > evenings, somewhere between 6 and 9PM. Isn't this when people sit down to eat and possible start watching netflix or other streaming services? Or the kids playing games before going to bed? > Generally, the rest of the time > it is pretty close to its max speed. Because it works most of the time, > I'm thinking this is not hardware or cable related. I'd think it more > consistently slow if it was. That said, it does the same with any > modem, any router or any sets of cables. I even bought some bulk cable > and ends then made my own cables and tested them with a ohm meter to be > sure they were really good. No improvement. I also disabled the > wireless on my cell phone to be sure it wasn't doing something funny. It > is set to download only when I tell it but there is one google thing > that ignores that. I agree. It doesn't sound like a hardware problem. If it were, the issue would be far more consistent and not limited to a, near fixed, time period. > The only things I see is in the logs. Here is some of the log from the > modem, currently the Netgear 7550. > > > 2020/04/06 21:54:15 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= > MAC= SRC=185.175.93.23 DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 > TTL=241 ID=29175 PROTO=TCP SPT=56054 DPT=5937 WINDOW=1024 RES=0x00 SYN > URGP=0 OPT (020405AC) > > 2020/04/06 21:54:13 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= > MAC= SRC=176.113.115.54 DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 > TTL=240 ID=34879 PROTO=TCP SPT=50930 DPT=1683 WINDOW=1024 RES=0x00 SYN > URGP=0 OPT (020405AC) 2020/04/06 21:54:03 CDT WRN | kernel | > logInboundBlocked:IN=ppp0 OUT= MAC= SRC=176.113.115.52 > DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=21875 PROTO=TCP > SPT=50932 DPT=31240 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405AC) > 2020/04/06 21:53:43 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= > MAC= SRC=185.153.198.249 DST=74.188.249.233 LEN=44 TOS=0x08 PREC=0x20 > TTL=234 ID=8388 PROTO=TCP SPT=58950 DPT=33995 WINDOW=1024 RES=0x00 SYN > URGP=0 OPT (020405AC) 2020/04/06 21:53:39 CDT WRN | kernel | > ICMP:logOutboundBlocked:IN= OUT=ppp0 SRC=74.188.249.233 > DST=152.32.191.35 LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=6687 PROTO=ICMP > TYPE=0 CODE=0 ID=16298 SEQ=0 2020/04/06 21:53:32 CDT WRN | kernel | > logInboundBlocked:IN=ppp0 OUT= MAC= SRC=51.178.78.153 DST=74.188.249.233 > LEN=44 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=58684 DPT=8000 > WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC) 2020/04/06 21:53:24 CDT > WRN | kernel | logInboundBlocked:IN=ppp0 OUT= MAC= SRC=185.153.198.240 > DST=74.188.249.233 LEN=44 TOS=0x08 PREC=0x20 TTL=234 ID=43550 PROTO=TCP > SPT=50631 DPT=47025 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405AC) > 2020/04/06 21:53:19 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= > MAC= SRC=216.58.193.142 DST=74.188.249.233 LEN=40 TOS=0x00 PREC=0x80 > TTL=121 ID=0 DF PROTO=TCP SPT=443 DPT=50020 WINDOW=0 RES=0x00 RST URGP=0 > 2020/04/06 21:53:01 CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= > MAC= SRC=146.88.240.4 DST=74.188.249.233 LEN=78 TOS=0x00 PREC=0x00 > TTL=245 ID=54321 PROTO=UDP SPT=43443 DPT=137 LEN=58 2020/04/06 21:52:58 > CDT WRN | kernel | logInboundBlocked:IN=ppp0 OUT= MAC= > SRC=176.113.115.247 DST=74.188.249.233 LEN=44 TOS=0x00 PREC=0x00 TTL=240 > ID=64147 PROTO=TCP SPT=50902 DPT=31405 WINDOW=1024 RES=0x00 SYN URGP=0 > OPT (020405AC) 2020/04/06 21:52:50 CDT WRN | kernel | > logInboundBlocked:IN=ppp0 OUT= MAC= SRC=170.106.36.63 DST=74.188.249.233 > LEN=44 TOS=0x08 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=59903 DPT=5938 > WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC) > > > I googled but didn't really find anything, good or bad, about those > entries. This is from the router, the TP-Link I bought a few months ago. Looks like standard port-scanners. The logs indicate they are blocked. So should be ok. Make sure you have all the security settings enabled on the router (and only disable the ones that are causing issues) > Index Time Type Level Log Content > 199 Apr 6 21:57:17 DHCP INFO DHCPS:Send ACK to 192.168.0.100 > 198 Apr 6 21:57:17 DHCP INFO DHCPS:Recv REQUEST
Re: [gentoo-user] Internet security.
[2] http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php . I like to state some of what you say here as website certificates are only as trusted as the LEAST trustworthy CA in the trusted certificate store
Re: [gentoo-user] Internet security.
On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky mich...@orlitzky.comwrote: The CA infrastructure was never secure. It exists to transfer money away from website owners and into the bank accounts of the CAs and browser makers. Security may be one of their goals, but it's certainly not the motivating one. Well, at least CAcert doesn't exist for money. To avoid a tirade here, I've already written about this: [1] http://michael.orlitzky.com/articles/in_defense_of_self-signed_certificates.php [2] http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php I've got a question about Gentoo in this case. If we assume that stage3 is trusted, does portage check that mirrors are trusted? I'm not sure about this. But if it does, then distfiles checksums are also checked, so they are trusted, too. In this case you could trust a running browser. Until your system becomes compromised in other ways. This would be OS packaging system problem, not the problem with CA--user trust model.
Re: [gentoo-user] Internet security.
There's a lot FUD out there and equally there is some truth. the NSA we can decrypt everything statement was really very vague, and can easily be done if you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the level of security to something that is crackable. for 'compatibility' very many low powered encryption schemes are supported and it is these that are the issue. if you are using ipsec tunnels with aes encryption you can happily ignore these. if you are using mpls networks you can almost guarantee your isp and therefore your network is compromised. the question really is what do you define as security ? if someone was to hit you on the head with a hammer, how long til you willingly gave out your passwords ? [1] I agree with the lack of faith in certificate CA's and i feel that the reason that warnings over ssl are so severe is to spoon feed folks into the owned networks. I far more trust the way mozilla do their web of trust [2] but equally am aware that trolls live in the crowds. while ssh authorized_keys are more secure than passwords, i can't (and am hoping someone can point me to) find how to track failed logins as folks bruteforce their way in. yes it's orders of magnitude more difficult but then internet speed is now orders of magnitude faster, and OTP are looking more sensible every day [3] to me. i used to use windows live messenger and right near the end found that if you send someone a web link to a file filled with /dev/random called passwords.zip you would have some unknown ip connect and download it too. who then is doing that and i trust skype and it's peer2peer nonsense even less. who even knows you can TLS encrypt SIP ? there are many ways of encrypting email but this is not supported from one site to another, even TLS support is often lacking, and GPG the contents means that some folks you send email to cannot read it -- there is always a trade off between usability and security. i read in slashdot that there is a question mark over SELinux because it came from the NSA [4] but this is nonsense, as it is a means of securing processes not network connections. i find it difficult to believe that a backdoor in a locked cupboard in your house can somehow give access through the front door. how far does trust need to be lost [5] before you start fabricating your own chips ? the complexity involved in chip fabs is immense and if bugs can slip through, what else can [6] ultimately a multi layer security approach is required, and security itself needs to be defined. i like privacy so i have net curtains, i don't have a 3 foot thick titanium door with strengthened hinges. if someone looks in my windows, i can see them. either through the window or on cctv. security itself has to be defined so that risk can be managed. so many people buy the biggest lock they can find and forget the hinges. or leave the windows open. even then it doesn't help in terms of power failure or leaking water or gas mains exploding next door (i.e. the definition of security in the sense of safety) to some security means RAID, to others security means offsite backup i like techniques such as port knocking [7] for reducing the size of the scan target if you have a cheap virtual server on each continent and put asterisk on each one; linked by aes ipsec tunnels with a local sip provider in each one then you could probably hide your phone calls quite easily from snoops. until they saw your bank statement and wondered what all these VPS providers and SIP accounts were for, and then the authorities if they were tracking you would go after those. why would you do such a thing? perhaps because you cannot trust the monopoly provider of a country to screen its equipment [8] even things like cookie tracking for advertising purposes - on the lighter side what if your kids see the ads for the stuff you are buying them for christmas ? surprise ruined? where does it stop - its one thing for google to announce governments want your search history, and another for advertising companies to sell your profile and tracking, essentially ad companies are doing the governments snooping job for them. ultimately it's down to risk mitigation. do you care if someone is snooping on your grocery list? no? using cookie tracking ? yeah profiling is bad - wouldn't want to end up on a terrorist watchlist because of my amusement with the zombie apocalypse listmania [9] encryption is important because you don't know what other folks in the internet cafe are doing [10] but where do you draw the line ? if you go into a shop do you worry that you are on cctv ? ok i'll stop ranting now, my main point is always have multi layered security - and think about what you are protecting and from whom [1] http://xkcd.com/538/ [2] https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/ [3] http://blog.tremily.us/posts/OTP/ [4]
Re: [gentoo-user] Internet security.
On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: There's a lot FUD out there and equally there is some truth. the NSA we can decrypt everything statement was really very vague, and can easily be done if you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the level of security to something that is crackable. for 'compatibility' very many low powered encryption schemes are supported and it is these that are the issue. if you are using ipsec tunnels with aes encryption you can happily ignore these. if you are using mpls networks you can almost guarantee your isp and therefore your network is compromised. the question really is what do you define as security ? if someone was to hit you on the head with a hammer, how long til you willingly gave out your passwords ? [1] I agree with the lack of faith in certificate CA's and i feel that the reason that warnings over ssl are so severe is to spoon feed folks into the owned networks. I far more trust the way mozilla do their web of trust [2] but equally am aware that trolls live in the crowds. while ssh authorized_keys are more secure than passwords, i can't (and am hoping someone can point me to) find how to track failed logins as folks bruteforce their way in. yes it's orders of magnitude more difficult but then internet speed is now orders of magnitude faster, and OTP are looking more sensible every day [3] to me. i used to use windows live messenger and right near the end found that if you send someone a web link to a file filled with /dev/random called passwords.zip you would have some unknown ip connect and download it too. who then is doing that and i trust skype and it's peer2peer nonsense even less. who even knows you can TLS encrypt SIP ? there are many ways of encrypting email but this is not supported from one site to another, even TLS support is often lacking, and GPG the contents means that some folks you send email to cannot read it -- there is always a trade off between usability and security. i read in slashdot that there is a question mark over SELinux because it came from the NSA [4] but this is nonsense, as it is a means of securing processes not network connections. i find it difficult to believe that a backdoor in a locked cupboard in your house can somehow give access through the front door. how far does trust need to be lost [5] before you start fabricating your own chips ? the complexity involved in chip fabs is immense and if bugs can slip through, what else can [6] ultimately a multi layer security approach is required, and security itself needs to be defined. i like privacy so i have net curtains, i don't have a 3 foot thick titanium door with strengthened hinges. if someone looks in my windows, i can see them. either through the window or on cctv. security itself has to be defined so that risk can be managed. so many people buy the biggest lock they can find and forget the hinges. or leave the windows open. even then it doesn't help in terms of power failure or leaking water or gas mains exploding next door (i.e. the definition of security in the sense of safety) to some security means RAID, to others security means offsite backup i like techniques such as port knocking [7] for reducing the size of the scan target if you have a cheap virtual server on each continent and put asterisk on each one; linked by aes ipsec tunnels with a local sip provider in each one then you could probably hide your phone calls quite easily from snoops. until they saw your bank statement and wondered what all these VPS providers and SIP accounts were for, and then the authorities if they were tracking you would go after those. why would you do such a thing? perhaps because you cannot trust the monopoly provider of a country to screen its equipment [8] even things like cookie tracking for advertising purposes - on the lighter side what if your kids see the ads for the stuff you are buying them for christmas ? surprise ruined? where does it stop - its one thing for google to announce governments want your search history, and another for advertising companies to sell your profile and tracking, essentially ad companies are doing the governments snooping job for them. ultimately it's down to risk mitigation. do you care if someone is snooping on your grocery list? no? using cookie tracking ? yeah profiling is bad - wouldn't want to end up on a terrorist watchlist because of my amusement with the zombie apocalypse listmania [9] encryption is important because you don't know what other folks in the internet cafe are doing [10] but where do you draw the line ? if you go into a shop do you worry that you are on cctv ? ok i'll stop ranting now, my main point is always have multi layered security - and think about what you are protecting and from whom [1] http://xkcd.com/538/ [2]
Re: [gentoo-user] Internet security.
When a top-post is that long did you read it before noticing? Well, if you opened this email, All ur base r belong to us! :$ oops, was more focussed on my rant than the etiquette
Re: [gentoo-user] Internet security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 01:28 AM, Mick wrote: Are you saying that 2048 RSA keys are no good anymore? They're probably fine, but when you're making them yourself, the extra bits are free. I would assume that the NSA can crack 1024-bit RSA[1], so why not jump to 4096 so you don't have to do this again in a few years? The performance overhead is also mostly negligible: the only thing the public key crypto is used for is to exchange a secret which is then used to do simpler (and faster) crypto. [1] http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) iQIcBAEBAgAGBQJSLdBEAAoJEBxJck0inpOiGg4P/1fBRpLoSsNnzjhFGro6vHOr uf5/xUR8y2M+7sBXsyS6d7uU1GfKcyWW2UnhuMabz6/bLWSmhCeGAZrAw1n1/oqp DcxvT9Z/SWM/taYCGkMcxAh3pMxCTohS7Dpq1NxjjB2J7+GgITCNfn6b1bxrAjjO cWCjrAh9ozESiP7AGM2vt2CR9mC0AsWMEoUk5zF0wd0BZq7cCSbcnxV54E784OVz TXcmhvISHz5cgC5nWTylCgy4BqLp94A7ZjtuvZntTBhAeU9MFWX1FpnrBbbnOwW4 WPCYF3mRJKKapE6IIN2jHp1l0w8oM/EFrMoGYYQkAG393TWaRgDLqGqAJBDpLDwP +fmeT/xdfn7nyQNV1IwfdeAdcHFPoKw9dcr2kWVYlx8oJQteibSaQmT9L/LLdJfk 5+XgFg2Va6xTx1YsBfRGXc/PIjrQwlJ0rZ2osjKYfE6G1747+sz0fD74rDRoLTrl j8I4QVuMeOqxdXp9hQv6TNuEHXw9vlbKRlOwT/E7sTHWerK5EXFqgUS8txl3Os+3 2iNgz7v/0AhMrH0evtzn2k88agjXY1UrqUotHuGndJxyc1ZhXZuoJAOSFcgLv/ko L1Vzl3lOdaj1nF23RMWZoqdaI4BZyBM4zDx7K+0g3e7YadQ/EkD6mof0sVNGpO4a q6PNGNy9oZaWflDAOHaN =Ni4r -END PGP SIGNATURE-
Re: [gentoo-user] Internet security.
On 09/09/2013 02:50 AM, Adam Carter wrote: [2] http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php . I like to state some of what you say here as website certificates are only as trusted as the LEAST trustworthy CA in the trusted certificate store Right, and most of them you wouldn't even consider trustworthy a priori. If the NSA can hack or persuade *any* of them, every single website on the net is compromised. Here's a list of the ones included with Firefox: http://www.mozilla.org/projects/security/certs/included/index.html The ones in the USA, we already know, can be forced to do whatever under gag order. Of the ones outside the USA, well, I see a couple that belong to countries where I would be executed for the things I did this weekend.
Re: [gentoo-user] Internet security.
On 09/09/2013 03:19 AM, Pavel Volkov wrote: On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky mich...@orlitzky.com mailto:mich...@orlitzky.com wrote: The CA infrastructure was never secure. It exists to transfer money away from website owners and into the bank accounts of the CAs and browser makers. Security may be one of their goals, but it's certainly not the motivating one. Well, at least CAcert doesn't exist for money. You sort of make my point for me: If you want to access a website that uses a SSL certificate signed by CAcert, you might get an SSL warning. We are sorry, but currently that's still 'normal' as mainstream browsers don't automatically include the CAcert Root Certificate yet. [1] So, CACert certificates don't eliminate the browser warning, which is the only reason you would ever pay for a certificate in the first place. But why don't browsers include CACert? Traditionally vendors seeking to have their root certificates included in browsers (directly or via the underlying OS infrastructure like Safari via OS X's Keychain) would have to seek an expensive Webtrust audit (~$75,000 up-front plus ~$10,000 per year). [2] They don't pay up! So I wouldn't include CACert in my blanket statement, but they're not really part of the CA infrastructure and you might as well use a self-signed cert instead if you're gonna get a warning anyway. I've got a question about Gentoo in this case. If we assume that stage3 is trusted, does portage check that mirrors are trusted? No. There's a GLEP for some of these issues: https://www.gentoo.org/proj/en/glep/glep-0057.html The relevant part is, ...any non-Gentoo controlled rsync mirror can modify executable code; as much of this code is per default run as root a malicious mirror could compromise hundreds of systems per day - if cloaked well enough, such an attack could run for weeks before being noticed. [1] http://wiki.cacert.org/FAQ/BrowserClients [2] http://wiki.cacert.org/InclusionStatus
Re: [gentoo-user] Internet security.
On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: There's a lot FUD out there and equally there is some truth. the NSA we can decrypt everything statement was really very vague, and can easily be done if you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the level of security to something that is crackable. for 'compatibility' very many low powered encryption schemes are supported and it is these that are the issue. I think you're right because it'll be much easier to read the data at one endpoint than to decrypt everything. If big corporations like Google or Cisco can be forced to cooperate (and they can - that much is fact), it'd be the likelier way to get your data. On the other hand e.g. Bruce Schneier warns of ECC because the NSA promoted it intensively. So there may be some secret that helps to decrypt it in the hands of the NSA (possible something about the NIST curve definitions that reduce the effective keylength). if you are using ipsec tunnels with aes encryption you can happily ignore these. This would be true if you have an secure endpoint. And I think that nowadays nothing is secure... if you are using mpls networks you can almost guarantee your isp and therefore your network is compromised. the question really is what do you define as security ? if someone was to hit you on the head with a hammer, how long til you willingly gave out your passwords ? [1] I agree with the lack of faith in certificate CA's and i feel that the reason that warnings over ssl are so severe is to spoon feed folks into the owned networks. I far more trust the way mozilla do their web of trust [2] but equally am aware that trolls live in the crowds. while ssh authorized_keys are more secure than passwords, i can't (and am hoping someone can point me to) find how to track failed logins as folks bruteforce their way in. yes it's orders of magnitude more difficult but then internet speed is now orders of magnitude faster, and OTP are looking more sensible every day [3] to me. i used to use windows live messenger and right near the end found that if you send someone a web link to a file filled with /dev/random called passwords.zip you would have some unknown ip connect and download it too. who then is doing that and i trust skype and it's peer2peer nonsense even less. who even knows you can TLS encrypt SIP ? there are many ways of encrypting email but this is not supported from one site to another, even TLS support is often lacking, and GPG the contents means that some folks you send email to cannot read it -- there is always a trade off between usability and security. i read in slashdot that there is a question mark over SELinux because it came from the NSA [4] but this is nonsense, as it is a means of securing processes not network connections. i find it difficult to believe that a backdoor in a locked cupboard in your house can somehow give access through the front door. This point you get wrong. SELinux implement the LSM API (in fact the LSM API was tailored to SELinux needs). It has hooks in nearly everything (file/directory access, process access and also sockets). One of the biggest concerns at the time of creation of the LSM API was rootkits hooking that functions. It's definitively a thread. I'm not saying that SELinux contains a backdoor (I for myself would have hidden it in the LSM part, not in SELinux because that would enable me to use it even if other LSMs are used). If you google for underhanded C contest you'll see that it's possible to hide malicious behaviour in plain sight. And if the kernel is compromised all other defenses mean nothing. (As I said, I don't want to spread fearbut that is something to consider imho). how far does trust need to be lost [5] before you start fabricating your own chips ? the complexity involved in chip fabs is immense and if bugs can slip through, what else can [6] ultimately a multi layer security approach is required, and security itself needs to be defined. You need an anchor from which you can establish trust. If there is a hardware backdoor you'll not be able to fix that problem with software. There is an excellent paper from Ken Thompson called Reflections on trusting trust that theorizes about the possibility of a trojanized compiler that injects malicous code and therefore makes code audits pointless. Security sadly is hard.. i like privacy so i have net curtains, i don't have a 3 foot thick titanium door with strengthened hinges. if someone looks in my windows, i can see them. either through the window or on cctv. security itself has to be defined so that risk can be managed. so many people buy the biggest lock they can find and forget the hinges. or leave the windows open. even then it doesn't help in terms of power failure or leaking water or gas mains exploding next door (i.e. the definition of security in the sense of safety) to some security means RAID, to
Re: [gentoo-user] Internet security.
On Mon, Sep 09, 2013 at 04:30:31PM +0100, thegeezer wrote: i read in slashdot that there is a question mark over SELinux because it came from the NSA [4] but this is nonsense, as it is a means of securing processes not network connections. i find it difficult to believe that a backdoor in a locked cupboard in your house can somehow give access through the front door. This point you get wrong. SELinux implement the LSM API (in fact the LSM API was tailored to SELinux needs). It has hooks in nearly everything (file/directory access, process access and also sockets). One of the biggest concerns at the time of creation of the LSM API was rootkits hooking that functions. It's definitively a thread. I'm not saying that SELinux contains a backdoor (I for myself would have hidden it in the LSM part, not in SELinux because that would enable me to use it even if other LSMs are used). If you google for underhanded C contest you'll see that it's possible to hide malicious behaviour in plain sight. And if the kernel is compromised all other defenses mean nothing. (As I said, I don't want to spread fearbut that is something to consider imho). Interesting, I didn't realise LSM provisioned hooks for SELinux - thought it it was more modular (and less 'shoehorned') than that. I need to go read about that some more now You can start here: http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_The_Foundations_3rd_Edition.pdf for a general overview (page 64ff has a list of the hooks). Other than that http://www.kroah.com/linux/talks/ols_2002_lsm_paper/lsm.pdf and http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf may be of interest (though both are quite old). WKR Hinnerk signature.asc Description: Digital signature
Re: [gentoo-user] Internet security.
i read in slashdot that there is a question mark over SELinux because it came from the NSA [4] but this is nonsense, as it is a means of securing processes not network connections. i find it difficult to believe that a backdoor in a locked cupboard in your house can somehow give access through the front door. This point you get wrong. SELinux implement the LSM API (in fact the LSM API was tailored to SELinux needs). It has hooks in nearly everything (file/directory access, process access and also sockets). One of the biggest concerns at the time of creation of the LSM API was rootkits hooking that functions. It's definitively a thread. I'm not saying that SELinux contains a backdoor (I for myself would have hidden it in the LSM part, not in SELinux because that would enable me to use it even if other LSMs are used). If you google for underhanded C contest you'll see that it's possible to hide malicious behaviour in plain sight. And if the kernel is compromised all other defenses mean nothing. (As I said, I don't want to spread fearbut that is something to consider imho). Interesting, I didn't realise LSM provisioned hooks for SELinux - thought it it was more modular (and less 'shoehorned') than that. I need to go read about that some more now
Re: [gentoo-user] Internet security.
Dale wrote: Someone found this and sent it to me. http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html SNIP Am I right on this, wrong or somewhere in the middle? Dale :-) :-) I got this in my email today. https://www.eff.org/deeplinks/2013/08/one-key-rule-them-all-threats-against-service-provider-private-encryption-keys It seems, I may be wrong on this tho, that some changes are being made. While there is a lot of info there, it also seems that each site has one key and once you have that one key, you can then handle the whole sites encryption. Example: Google, Facebook, a bank, the EFF site or whatever. It seems we are back to face to face and even that isn't a sure thing. I'm still reading some of the other posts. It seems this is a mess with no real sure answer since it all depends on a lot of other things. Mostly we don't know for sure what information the spy folks have and what is compromised and what is not. sighs Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
Re: [gentoo-user] Internet security.
On 09/09/2013 05:04 PM, Hinnerk van Bruinehsen wrote: On Mon, Sep 09, 2013 at 04:30:31PM +0100, thegeezer wrote: Interesting, I didn't realise LSM provisioned hooks for SELinux - thought it it was more modular (and less 'shoehorned') than that. I need to go read about that some more now You can start here: http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_The_Foundations_3rd_Edition.pdf for a general overview (page 64ff has a list of the hooks). Other than that http://www.kroah.com/linux/talks/ols_2002_lsm_paper/lsm.pdf and http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf may be of interest (though both are quite old). WKR Hinnerk thanks muchly :)
Re: [gentoo-user] Internet security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 01:36 PM, Pavel Volkov wrote: I noticed there's another GLEP which eliminates the mirror problem: http://www.gentoo.org/proj/en/glep/glep-0058.html It's marked as accepted. I hope they'll implement it in reasonable time. This is the latest news; not much there unfortunately: http://thread.gmane.org/gmane.linux.gentoo.devel/87099 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) iQIcBAEBAgAGBQJSLgqfAAoJEBxJck0inpOiNCgP/jkRSRr1P1HZbsqNicwyTusQ CZek3G1Lii31hOZbcauhvdrTL0exmVw9Z2/Mc1c2CxeEa3DhX4WXSxuA2bHo29Ba v2AFeFDFtS8PYEolb+MvN/AEk/urAxEz4kSVGFBOpin2y4FvjuKoQsFfho4VSaQ5 YxrCBkUKz2wMwQFtC80Kof8hbDpKJjVIJ1BsDbDplaUQl5hV9u4SmCQKBzl7JPzO v45bdwNjDJcPneVS0N/BByY6zaP+9FcpA27wgkbmwbvGYn3/KWSEKCsaaoifV/kv xq8BD9ZgRn9uWnoeov3fy8D/CBdZKsIdckD61lgeChmWqJmzPrXQd1hzu5j6uBdx y+UXE1Jp2b0Eg97ybVhne3kHsSyODJUo+bSTdjr85SNX3dVACQTrGC4WDFWyF6iW xG8joyT7Ufg6KBYpdM9MRxhYEU3CJg8KPVu4PN+No+q/Y2/e4cmDLBQqroDIDqA0 eQq/alQYXFxuuiq6geWDUCviCjfVauj+yWHKdGThX13rfyD6eyjlzgNSG1dUy5pS 0xmxhoCkpT3hK+o05+Fy66+Ex98n+KL4ImSztcnzT3DbAHbHoxRFL6P/vu2PdvmL Ys+DGqxJe/lRIzLnMeLf4Lk1ablunD7VJK4c6StvzdEhpzlRal7pPSv9wDNWSQZW jIUMsw6UJ5wD4dyqmEO4 =SbM7 -END PGP SIGNATURE-
Re: [gentoo-user] Internet security.
On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: On 09/09/2013 01:28 AM, Mick wrote: Are you saying that 2048 RSA keys are no good anymore? They're probably fine, but when you're making them yourself, the extra bits are free. I would assume that the NSA can crack 1024-bit RSA[1], so why not jump to 4096 so you don't have to do this again in a few years? Right, but my router won't work with keys larger than 2048 and its admin GUI is controlled with 1024-bit public certificate. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 02:07 PM, Mick wrote: On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: On 09/09/2013 01:28 AM, Mick wrote: Are you saying that 2048 RSA keys are no good anymore? They're probably fine, but when you're making them yourself, the extra bits are free. I would assume that the NSA can crack 1024-bit RSA[1], so why not jump to 4096 so you don't have to do this again in a few years? Right, but my router won't work with keys larger than 2048 and its admin GUI is controlled with 1024-bit public certificate. How often do you need to admin the router? Just do it from home (i.e. on the LAN side). -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) iQIcBAEBAgAGBQJSLiCIAAoJEBxJck0inpOiOxUQAKLD/ZpyhmdbyKYhw8git9A9 omPhNJPrIiRFNiw2uS9RrdRTqNaoAQyzRy8QkyfQK5MxYqSR7Xf3YUFv/fNXiahS pT3wSi9OVmaJQ7p5yHkmEdPTp30nhg53kFFeZ6h2Qd1BQ9GmzCoq5ajPavLoIreF DMjpLAsE3fY+1JcMe1qbyqfrAGrfpVrh2h5VdMneIFe2t8/yRQKX5F/z6JWnb8/V pdHQfFkybnJOiul1aLy/C/wKKyHVcrFvpM8QwhfGuDVY/q9h9gg99QN/5KqtahfJ jAuzaygTcSHsYfxNzf83ik0O25RR7UJ/dW4YGbK+PCb11RQZ3i/scxkuW3y11DGS iFMT9bQAP8InqUi8lWawu5fNwJBGlMgbHIYbkzpd/9U2YSQBbjJJgyOczsLcL8cC S8F9i8LqhRW3w6IczSGq6rt51gFgSVpBNaysJprq95Ei3/ZoAZY/jcpKAZhlV0wS 3xRCkiNBjPcyTHuSV5Z4QzgLB77EtO8fdV6vIBshY5zdX1jXFA8n5jKgb9tmTCKQ Eu6c1VvmJ4sIS437UgVcMVs7c08rp5qI3BhM1uKVuD/PIuQkaTnT6MZ57+AsvCjc hQ+tKaDhrnxY1aHkSwimtKKZKTZxmpi6TuMC+kxE9Ytl6/Br5IJhg0QcqZAUY06W A6X/s6n7XYboLXBiBg4c =N9w5 -END PGP SIGNATURE-
Re: [gentoo-user] Internet security.
On Monday 09 September 2013 10:00:25 Michael Orlitzky wrote: No. There's a GLEP for some of these issues: https://www.gentoo.org/proj/en/glep/glep-0057.html The relevant part is, ...any non-Gentoo controlled rsync mirror can modify executable code; as much of this code is per default run as root a malicious mirror could compromise hundreds of systems per day - if cloaked well enough, such an attack could run for weeks before being noticed. I noticed there's another GLEP which eliminates the mirror problem: http://www.gentoo.org/proj/en/glep/glep-0058.html It's marked as accepted. I hope they'll implement it in reasonable time. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet security.
On Monday 09 Sep 2013 20:24:56 Michael Orlitzky wrote: On 09/09/2013 02:07 PM, Mick wrote: On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: On 09/09/2013 01:28 AM, Mick wrote: Are you saying that 2048 RSA keys are no good anymore? They're probably fine, but when you're making them yourself, the extra bits are free. I would assume that the NSA can crack 1024-bit RSA[1], so why not jump to 4096 so you don't have to do this again in a few years? Right, but my router won't work with keys larger than 2048 and its admin GUI is controlled with 1024-bit public certificate. How often do you need to admin the router? Just do it from home (i.e. on the LAN side). Yes, that's how I do it, or I VPN into the LAN from the outside if there is some emergency. However, the VPN SSL keys can't be any larger that 2048-bit. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet security.
On 09/08/2013 09:33 PM, Dale wrote: Someone found this and sent it to me. http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html I'm not to concerned about the political aspect of this but do have to wonder what this means when we use sites that are supposed to be secure and use HTTPS. From reading that, it seems that even URLs with HTTPS are not secure. Is it reasonable to expect that even connections between say me and my bank are not really secure? The CA infrastructure was never secure. It exists to transfer money away from website owners and into the bank accounts of the CAs and browser makers. Security may be one of their goals, but it's certainly not the motivating one. To avoid a tirade here, I've already written about this: [1] http://michael.orlitzky.com/articles/in_defense_of_self-signed_certificates.php [2] http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php Warning: they're highly ranty, and mostly preach to the choir in that I don't give a ton of background. The tl;dr is, use a 4096-bit self signed certificate combined with pinning. It's not perfect, but it's as good as it gets unless you plan to make a trip to each website's datacenter in person.
Re: [gentoo-user] Internet security.
On Monday 09 Sep 2013 03:05:57 Michael Orlitzky wrote: On 09/08/2013 09:33 PM, Dale wrote: Someone found this and sent it to me. http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelatio ns-020838711--sector.html I'm not to concerned about the political aspect of this but do have to wonder what this means when we use sites that are supposed to be secure and use HTTPS. From reading that, it seems that even URLs with HTTPS are not secure. Is it reasonable to expect that even connections between say me and my bank are not really secure? The CA infrastructure was never secure. It exists to transfer money away from website owners and into the bank accounts of the CAs and browser makers. Security may be one of their goals, but it's certainly not the motivating one. To avoid a tirade here, I've already written about this: [1] http://michael.orlitzky.com/articles/in_defense_of_self-signed_certificates .php [2] http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates. php Warning: they're highly ranty, and mostly preach to the choir in that I don't give a ton of background. The tl;dr is, use a 4096-bit self signed certificate combined with pinning. It's not perfect, but it's as good as it gets unless you plan to make a trip to each website's datacenter in person. Are you saying that 2048 RSA keys are no good anymore? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet security.
On Monday 09 Sep 2013 02:33:48 Dale wrote: Someone found this and sent it to me. http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations -020838711--sector.html I'm not to concerned about the political aspect of this but do have to wonder what this means when we use sites that are supposed to be secure and use HTTPS. From reading that, it seems that even URLs with HTTPS are not secure. Is it reasonable to expect that even connections between say me and my bank are not really secure? Also, it seems there are people that want to work on fixing this and leave out any Government workers. Given my understanding of this, that could be a very wise move. From that article, I gather that the tools used were compromised before it was even finished. Is there enough support, enough geeks and nerds basically, to do this sort of work independently? I suspect there are enough Linux geeks out there to handle this and then figure out how to make it work on other OSs. I use the words geek and nerd in a complimentary way. I consider myself a bit of a geek as well. :-D One of many reasons I use Linux is security. I always felt pretty secure but if that article is accurate, then the OS really doesn't matter much when just reaching out and grabbing data between two puters over the internet. I may be secure at my keyboard but once it hits the modem and leaves, it can be grabbed and read if they want to even when using HTTPS. Right? This is not Gentoo specific but as most know, Gentoo is all I use anyway. I don't know of any other place to ask that I subscribe too. I figure I would get a no comment out of the Government types. ROFL Plus, there are some folks on here that know a LOT about this sort of stuff too. Again, I don't want a lot of political stuff on this but more of the technical side of, is that article accurate, can it be fixed and can we be secure regardless of OS. It seems to me that when you break HTTPS, you got it beat already. Am I right on this, wrong or somewhere in the middle? Dale :-) :-) As far as I know the NSA has cracked elliptic curve algorithms and earlier SSL versions. Not that you would suspect this from their peddling of it here :-p http://www.nsa.gov/business/programs/elliptic_curve.shtml Latest TLS v1.2 *should* be OK, but with the advent of quantum computing who can tell if science fiction decryption capabilities have become reality for state actors. Looking at this, you can see that loads of websites out there are not using strong enough encryption, so even if it worked quantum computing may be an overkill for many https implementations today: https://www.trustworthyinternet.org/ssl-pulse/ -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
1. are the lights on or flashing with a cable plugged in and pinging something valid? No. They are stable That indicates a problem - if a packet is going out/in, the lights shouls flash Excuse me; I looked only half a second!!! Yes they are flashing. Since this night I found something important: the little box put in the socket wall from where the cable goes out, doesn't no more work!!! When I put it on my two other PCs they can't connect to internet. For this reason I use one of the boxes, which works, on my desktop. Between this one and my laptop pings are ok. The two PCs can recognize each other. But, on my desktop I don't have yet internet connection. Is the network card even so out???
Re: [gentoo-user] Internet
If the PC has wireless it would be a quick test to run to prove if the eth0 NIC on the mobo is borked. Yesterday night, under Win XP (!), I could connect to internet with wifi.
Re: [gentoo-user] Internet
But, on my desktop I don't have yet internet connection. Is the network card even so out??? I don't know why, but my desktop is now connected to internet! The only thing I did was a reboot! Thanks a lot to you all who tried to help me. It was a hard way to obtain the solution. The problem was really a hardware one, not the cable, but just the little box connected to the wall socket for my connection to the router through the house electric circuit. But the most important thing is to succeed :-) Once more a great thank you. Roger
Re: [gentoo-user] Internet
On Fri, 17 Jun 2011 11:29:48 +0200, Cahn Roger wrote: Thanks a lot to you all who tried to help me. It was a hard way to obtain the solution. The problem was really a hardware one, not the cable, but just the little box connected to the wall socket for my connection to the router through the house electric circuit. You've been using powerline networking and never thought to mention it throughout this entire thread, even when people were saying it had to be a hardware problem? -- Neil Bothwick Anything worth fighting for is worth fighting dirty for. signature.asc Description: PGP signature
Re: [gentoo-user] Internet
You've been using powerline networking and never thought to mention it throughout this entire thread, even when people were saying it had to be a hardware problem? Excuse me Neil, and the others, but you're right, I should have mentionned it.
Re: [gentoo-user] Internet
On Friday 17 Jun 2011 10:56:30 Roger Cahn wrote: You've been using powerline networking and never thought to mention it throughout this entire thread, even when people were saying it had to be a hardware problem? Excuse me Neil, and the others, but you're right, I should have mentionned it. Well, as long as your connection problem is now solved you can carry on with using your Gentoo! :) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
Well, as long as your connection problem is now solved you can carry on with using your Gentoo! :) Yes, I'm very happy to be able to use it again on my desktop. Long life to Gentoo, indeed!!!
Re: [gentoo-user] Internet
All hail to that. Gentoo is the best. By far. --Original Message-- From: Roger Cahn To: Gentoo ReplyTo: Gentoo Subject: Re: [gentoo-user] Internet Sent: 17 Jun 2011 12:32 Well, as long as your connection problem is now solved you can carry on with using your Gentoo! :) Yes, I'm very happy to be able to use it again on my desktop. Long life to Gentoo, indeed!!! JDM
Re: [gentoo-user] Internet
On 2011-06-17 3:36 AM, Cahn Roger wrote: Since this night I found something important: the little box put in the socket wall from where the cable goes out, doesn't no more work!!! Wow... All of this wasted bandwidth and you are just *now* getting around to mentioning that you are using a powerline adapter? Remind me to never waste time reading one of your threads again.
Re: [gentoo-user] Internet
On Wednesday 15 June 2011 23:38:01 Neil Bothwick wrote: On Wed, 15 Jun 2011 23:14:28 +0100, Mick wrote: If not please change the ethernet cable. I did it, it was even a new one! This seems s much like a hardware failure I can't think of anything else. I would like this was the key, but... :-( OK, let's look at this from the router side ... what router make model do you have? I'd go even more basic, connect directly to another computer using a crossover cable, set addresses on both with ifconfig and see if they can ping one another. This really sounds like broken hardware and if the cable is fine, the NIC is suspect. Or swap the cable with a working PC and vice-versa. If then the issue stays with the currently broken one, then the issue is probably with the network card in the broken one. If the issue affects the other PC, then the problem is the cable. I've had issues before where I couldn't get a connection using CAT-6 cables. Didn't check properly and the network card wouldn't allow it. The card did, however, claim there was a link... -- Joost
Re: [gentoo-user] Internet
Or someone's standing on the cable :-) Yes, a bad spirit!!! I resume. 1-The problem occured after I tried to share my Epson printer between my three PCs: Gentoo+XP (twice) and W7 2-The NIC is included in the motherboard (Asus P5K-E) 3-The cable from the dektop, where the problem exists, works fine on the laptop which is without problem, and the cable from the laptop doesn't work on the desktop. Therefore, I think, that's not a cable problem.
Re: [gentoo-user] Internet
On Thu, 16 Jun 2011 09:50:00 +0200, Cahn Roger wrote: 2-The NIC is included in the motherboard (Asus P5K-E) Can you get hold of a PCI* NIC to try, it will appear as eth1. If it works the problem is with the motherboard NIC. I'd also check the BIOS to make sure the pixies haven't disabled the NIC in the BIOS settings, stranger things have happened, sometimes disabling and re-enabling a device can resurrect it. -- Neil Bothwick Hyperbole is absolutely the worst mistake you can possibly make signature.asc Description: PGP signature
Re: [gentoo-user] Internet
This really sounds like broken hardware and if the cable is fine, the NIC is suspect. I'm afraid you're right! But, as I just wrote, the NIC is included in the motherboard... PERHAPS a solution: try a restore from the external HD where I have saved a week ago with fsarchiver on SystemRescueCD.
Re: [gentoo-user] Internet
On Thu, 16 Jun 2011 10:06:19 +0200, Cahn Roger wrote: This really sounds like broken hardware and if the cable is fine, the NIC is suspect. I'm afraid you're right! But, as I just wrote, the NIC is included in the motherboard... PERHAPS a solution: try a restore from the external HD where I have saved a week ago with fsarchiver on SystemRescueCD. No amount of farting around with software will bring dead hardware back to life. Just try another NIC, at least that way you'll know. -- Neil Bothwick (A)bort (R)etry (S)ell it signature.asc Description: PGP signature
Re: [gentoo-user] Internet
Can you get hold of a PCI* NIC to try, it will appear as eth1. Excuse me, I don't understand what you mean get hold of a PCI* NIC :-( A lspci gives: 02:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8056 PCI-E Gigabit Ethernet Controller (rev 12)
Re: [gentoo-user] Internet
On Thursday 16 June 2011 09:50:00 Cahn Roger wrote: Or someone's standing on the cable :-) Yes, a bad spirit!!! I resume. 1-The problem occured after I tried to share my Epson printer between my three PCs: Gentoo+XP (twice) and W7 Is the printer still connected and switched on? It's possible this is part of the problem 2-The NIC is included in the motherboard (Asus P5K-E) Those can, unfortunately, also break 3-The cable from the dektop, where the problem exists, works fine on the laptop which is without problem, and the cable from the laptop doesn't work on the desktop. Therefore, I think, that's not a cable problem. I agree, the cable has been proven to work.
Re: [gentoo-user] Internet
On Thursday 16 June 2011 10:28:47 Cahn Roger wrote: Can you get hold of a PCI* NIC to try, it will appear as eth1. Excuse me, I don't understand what you mean get hold of a PCI* NIC :-( A lspci gives: 02:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8056 PCI-E Gigabit Ethernet Controller (rev 12) What Cahn Roger means is, can you get hold of a network card that is not included on your mainboard? In other words, can you test using a new network card that you built into the computer? Can you try checking the BIOS settings to see if there is something there that might cause problems with the network device on the mainboard? Based on all the information provided already, there is a very good chance that the network card on your mainboard is no longer working correctly. I am, to be honest, hoping that it is caused by interference of the printer or by a BIOS setting. -- Joost
Re: [gentoo-user] Internet
Based on all the information provided already, there is a very good chance that the network card on your mainboard is no longer working correctly. I'm afraid you're right, because neither Gentoo nor XP work and they're on two different HD. I am, to be honest, hoping that it is caused by interference of the printer It was my first idea, because it arrived just afterwards. or by a BIOS setting. I verified, but didn't see any wrong setting I'll try with an other network card...when I get time! Thank's all for trying to bring me out of the trouble. I'll tell you what will happen. Roger
Re: [gentoo-user] Internet
Apologies if I missed someone already asking these: 1. are the lights on or flashing with a cable plugged in and pinging something valid? 2. can you ping yourself (both 127.0.0.1 and the nic IP) - cable plugged in 3. do you have IP tables installed - iptables -vnL and check you have not firewalled yourself off from the world somehow. 4. set up a ping and check dmesg and terminal 12 (ctrl-alt-F12) for anything meaningful. 5. as an outside chance, run modinfo [eth_module] - get the right module name from lsmod BillK On Thu, 2011-06-16 at 11:55 +0200, Cahn Roger wrote: Based on all the information provided already, there is a very good chance that the network card on your mainboard is no longer working correctly. I'm afraid you're right, because neither Gentoo nor XP work and they're on two different HD. I am, to be honest, hoping that it is caused by interference of the printer It was my first idea, because it arrived just afterwards. or by a BIOS setting. I verified, but didn't see any wrong setting I'll try with an other network card...when I get time! Thank's all for trying to bring me out of the trouble. I'll tell you what will happen. Roger -- William Kenworthy bi...@iinet.net.au Home in Perth!
Re: [gentoo-user] Internet
On Thursday 16 Jun 2011 09:02:01 Cahn Roger wrote: OK, let's look at this from the router side ... what router make model do you have? It's a box through which I get internet, telephone. The name is Neuf-Box and given by access supplier SFR. It continue to work well on my two other PCs and telephone connection is normal. OK, I don't know how much SFR have locked down their firmware. You should be able to access its control panel using a browser (using another PC of course) and pointing it to http://192.168.178.1 (the default address for this router seems to be http://192.168.1.1). Then work your way through the menu until you find a log. If there is one available then have a look at what it shows when you try to connect with your faulty PC. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
on 06/16/2011 10:50 AM Cahn Roger wrote the following: Or someone's standing on the cable :-) Yes, a bad spirit!!! I resume. 1-The problem occured after I tried to share my Epson printer between my three PCs: Gentoo+XP (twice) and W7 2-The NIC is included in the motherboard (Asus P5K-E) 3-The cable from the dektop, where the problem exists, works fine on the laptop which is without problem, and the cable from the laptop doesn't work on the desktop. Therefore, I think, that's not a cable problem. Reset the switch too?
Re: [gentoo-user] Internet
Apologies if I missed someone already asking these: No problem! Thanks to try to help me. 1. are the lights on or flashing with a cable plugged in and pinging something valid? No. They are stable 2. can you ping yourself (both 127.0.0.1 and the nic IP) - cable plugged in They work both (127.0.0.1 and 192.168.1.20 my desktop IP) 3. do you have IP tables installed - iptables -vnL and check you have not firewalled yourself off from the world somehow. Not iptables installed. 4. set up a ping and check dmesg and terminal 12 (ctrl-alt-F12) for anything meaningful. ping to my laptop which works (192.168.0.22) fails. In dmesg (very very long!) I didn't find anything I could understand but this: [ 11.002756] sky2 :02:00.0: eth0: enabling interface [ 11.003194] ADDRCONF(NETDEV_UP): eth0: link is not ready [ 11.113427] Adding 2048280k swap on /dev/sdb2. Priority:-1 extents:1 across:2048280k [ 14.025657] sky2 :02:00.0: eth0: Link is up at 100 Mbps, full duplex, flow control rx [ 14.026096] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 24.386040] eth0: no IPv6 routers present With ctrl+alt+F12 i canread this (interesting?) Bureau ntpd_intres[3301] host name not found: 0.gentoo.pool.ntp.org (3 other lines like this with number 2, 3, 4) 5. as an outside chance, run modinfo [eth_module] - get the right module name from lsmod in lsmod I don't have a module eth_module
Re: [gentoo-user] Internet
Reset the switch too? Excuse me Thanasis but I don't understand what you mean ;-(
Re: [gentoo-user] Internet
on 06/16/2011 05:11 PM Cahn Roger wrote the following: Reset the switch too? Excuse me Thanasis but I don't understand what you mean ;-( Reset, or power-off and power-on the switch/hub.
Re: [gentoo-user] Internet
On Thursday 16 June 2011 17:20:10 Thanasis wrote: on 06/16/2011 05:11 PM Cahn Roger wrote the following: Reset the switch too? Excuse me Thanasis but I don't understand what you mean ;-( Reset, or power-off and power-on the switch/hub. Or simply, shut down everything that's networked, eg. router(s), switch(es)/hub(s), computer(s), Wait 5 minutes and then restart the whole thing.
Re: [gentoo-user] Internet
Wait 5 minutes and then restart the whole thing. I did it, but without success :-(
Re: [gentoo-user] Internet
On Thu, 2011-06-16 at 16:10 +0200, Cahn Roger wrote: Apologies if I missed someone already asking these: No problem! Thanks to try to help me. 1. are the lights on or flashing with a cable plugged in and pinging something valid? No. They are stable That indicates a problem - if a packet is going out/in, the lights shouls flash 2. can you ping yourself (both 127.0.0.1 and the nic IP) - cable plugged in They work both (127.0.0.1 and 192.168.1.20 my desktop IP) that would indicate the software (protocol stack) is ok 3. do you have IP tables installed - iptables -vnL and check you have not firewalled yourself off from the world somehow. Not iptables installed. ok 4. set up a ping and check dmesg and terminal 12 (ctrl-alt-F12) for anything meaningful. ping to my laptop which works (192.168.0.22) fails. In dmesg (very very long!) I didn't find anything I could understand but this: [ 11.002756] sky2 :02:00.0: eth0: enabling interface [ 11.003194] ADDRCONF(NETDEV_UP): eth0: link is not ready [ 11.113427] Adding 2048280k swap on /dev/sdb2. Priority:-1 extents:1 across:2048280k [ 14.025657] sky2 :02:00.0: eth0: Link is up at 100 Mbps, full duplex, flow control rx [ 14.026096] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 24.386040] eth0: no IPv6 routers present normal, seeing the cable and a valid line discipline the other end With ctrl+alt+F12 i canread this (interesting?) Bureau ntpd_intres[3301] host name not found: 0.gentoo.pool.ntp.org (3 other lines like this with number 2, 3, 4) ntpd is the network time protocol daemon - its basicly complaining about no network. 5. as an outside chance, run modinfo [eth_module] - get the right module name from lsmod in lsmod I don't have a module eth_module in this comntext [ ] normally means optional or replace this so you need to do an lsmod, identify the module for your ethernet card (sky2?) and rum modinfo eth_module replacing eth_module with the real module name. Next I would remove the switch and use a crossover cable to another machine and use ethtool on each end to go deeper into what the hardware/cable is doing. You can still get problems with one end being say 10Mb/s and the other running a different speed/duplex etc. I am finding that 1Ghz chips seem less than reliable in this regard to older switches that way! I also have some 4 port sun 100mhz cards that need the other end always up before powering the machine they are in on as nothing I can do once up will get the ends in sync. also try cat /proc/net/dev and see if that shows anything useful BillK -- William Kenworthy bi...@iinet.net.au Home in Perth!
Re: [gentoo-user] Internet
If you have ethtool installed on the problematic pc, post the output of: ethtool eth0 No, I don't have it. f you don't have ethtool, post the output of: # dmesg | grep eth dmesg | grep eth [2.161822] sky2 :02:00.0: eth0: addr 00:1e:8c:4a:44:db [ 15.970632] sky2 :02:00.0: eth0: enabling interface [ 15.971076] ADDRCONF(NETDEV_UP): eth0: link is not ready [ 19.140340] sky2 :02:00.0: eth0: Link is up at 100 Mbps, full duplex, flow control rx [ 19.140340] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 29.418039] eth0: no IPv6 routers present Roger
Re: [gentoo-user] Internet
On Wednesday 15 Jun 2011 09:04:09 Cahn Roger wrote: If you have ethtool installed on the problematic pc, post the output of: ethtool eth0 No, I don't have it. f you don't have ethtool, post the output of: # dmesg | grep eth dmesg | grep eth [2.161822] sky2 :02:00.0: eth0: addr 00:1e:8c:4a:44:db [ 15.970632] sky2 :02:00.0: eth0: enabling interface [ 15.971076] ADDRCONF(NETDEV_UP): eth0: link is not ready [ 19.140340] sky2 :02:00.0: eth0: Link is up at 100 Mbps, full duplex, flow control rx [ 19.140340] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 29.418039] eth0: no IPv6 routers present OK, the link is coming up. I've forgotten where we left this ... Oh yes, your router was not responding. Once you boot up, have you tried: /etc/init.d/net.eth0 stop /etc/init.d/net.eth0 zap ifconfig eth0 192.168.1.20 up arping -c 3 -I eth0 192.168.1.1 If this does not return anything then try to arping other machines in your LAN. If you are getting reponses from other PCs but not your router, then the ethernet cable is good, but the router configuration is not. It is probable then that your static IP address/MAC number that you have set up at the router has some error with it. Look at that again and check for typos. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
open a root terminal and type ifconfig and route -n Here it is: ifconfig eth0 Lien encap:Ethernet HWaddr 00:1e:8c:4a:44:db inet adr:192.168.1.20 Bcast:192.168.1.255 Masque:255.255.255.0 adr inet6: fe80::21e:8cff:fe4a:44db/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:70 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:0 (0.0 B) TX bytes:8715 (8.5 KiB) Interruption:17 loLien encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 adr inet6: ::1/128 Scope:Hôte UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:3480 errors:0 dropped:0 overruns:0 frame:0 TX packets:3480 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:276568 (270.0 KiB) TX bytes:276568 (270.0 KiB) Bureau cahn # route -n Table de routage IP du noyau Destination Passerelle Genmask Indic Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 00 lo
Re: [gentoo-user] Internet
On Wednesday 15 Jun 2011 14:55:00 Cahn Roger wrote: open a root terminal and type ifconfig and route -n Here it is: ifconfig eth0 Lien encap:Ethernet HWaddr 00:1e:8c:4a:44:db inet adr:192.168.1.20 Bcast:192.168.1.255 Masque:255.255.255.0 adr inet6: fe80::21e:8cff:fe4a:44db/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:70 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:0 (0.0 B) TX bytes:8715 (8.5 KiB) Interruption:17 loLien encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 adr inet6: ::1/128 Scope:Hôte UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:3480 errors:0 dropped:0 overruns:0 frame:0 TX packets:3480 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:276568 (270.0 KiB) TX bytes:276568 (270.0 KiB) Bureau cahn # route -n Table de routage IP du noyau Destination Passerelle Genmask Indic Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 0 0 lo No gateway defined. :( When you then run: route add default gw 192.168.1.1 to define a route manually what do you get in response and then what does it show: route -n and what does ip show: ip link show dev eth0 -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
on 06/15/2011 04:55 PM Cahn Roger wrote the following: open a root terminal and type ifconfig and route -n I wanted to see those when you have booted from a rescue CD.
Re: [gentoo-user] Internet
on 06/15/2011 04:55 PM Cahn Roger wrote the following: open a root terminal and type ifconfig and route -n Try to boot from a rescue or live CD (like ubuntu maybe) and see what you get.
Re: [gentoo-user] Internet
When you then run: route add default gw 192.168.1.1 to define a route manually what do you get in response and then what does it show: route -n and what does ip show: ip link show dev eth0 Here it is. But the last command not found! route add default gw 192.168.1.1 Bureau cahn # route -n Table de routage IP du noyau Destination Passerelle Genmask Indic Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 00 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 Bureau cahn # ip link show dev eth0 bash: ip : commande introuvable
Re: [gentoo-user] Internet
On Wed, Jun 15, 2011 at 9:43 AM, Cahn Roger rc...@club-internet.fr wrote: Bureau cahn # ip link show dev eth0 bash: ip : commande introuvable It is in package sys-apps/iproute2
Re: [gentoo-user] Internet
open a root terminal and type ifconfig and route -n Try to boot from a rescue or live CD (like ubuntu maybe) and see what you get. After the SystemRescueCD was launched, ifconfig gave for etho a bad adress: fe00:: and route -n gave kernel IP routing table but without answers
Re: [gentoo-user] Internet
Le 15/06/2011 16:52, Paul Hartman a écrit : It is in package sys-apps/iproute2 Yes and I haven't it emerged. But I can't do it because...I have no connection to internet! Thanks Paul for helping me Roger
Re: [gentoo-user] Internet
On Wed, Jun 15, 2011 at 10:03 AM, Cahn Roger rc...@club-internet.fr wrote: Yes and I haven't it emerged. But I can't do it because...I have no connection to internet! I'm sorry. :) I didn't read the entire thread. If you have another device with Internet connection you can download the missing files and place it into your /usr/portage/distfiles For example you can download from http://mirrors.kernel.org/gentoo/distfiles/ After the required distfiles exist, emerge should work.
Re: [gentoo-user] Internet
on 06/15/2011 05:55 PM Cahn Roger wrote the following: open a root terminal and type ifconfig and route -n Try to boot from a rescue or live CD (like ubuntu maybe) and see what you get. After the SystemRescueCD was launched, ifconfig gave for etho a bad adress: fe00:: What do you mean bad address? Did you start the network? It should get an IP address from the router's dhcp server.
Re: [gentoo-user] Internet
If you have another device with Internet connection you can download the missing files and place it into your /usr/portage/distfiles Thank you Paul for the tip :-) Roger
Re: [gentoo-user] Internet
Now I have emerged iproute2 and I can give also the last answer route -n and what does ip show: ip link show dev eth0 route add default gw 192.168.1.1 Bureau cahn # route -n Table de routage IP du noyau Destination Passerelle Genmask Indic Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 00 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 Bureau cahn # ip link show dev eth0 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:1e:8c:4a:44:db brd ff:ff:ff:ff:ff:ff
Re: [gentoo-user] Internet
on 06/15/2011 06:47 PM Thanasis wrote the following: on 06/15/2011 05:55 PM Cahn Roger wrote the following: open a root terminal and type ifconfig and route -n Try to boot from a rescue or live CD (like ubuntu maybe) and see what you get. After the SystemRescueCD was launched, ifconfig gave for etho a bad adress: fe00:: What do you mean bad address? Did you start the network? It should get an IP address from the router's dhcp server. Once you are inside the SystemRescueCD (has finished booting) try to start the network. It should get an IP from the router's dhcp server. If it doesn't, then try to assign manually one to eth0, and test.
Re: [gentoo-user] Internet
On Wednesday 15 Jun 2011 16:53:58 Cahn Roger wrote: Now I have emerged iproute2 and I can give also the last answer route -n and what does ip show: ip link show dev eth0 route add default gw 192.168.1.1 Bureau cahn # route -n Table de routage IP du noyau Destination Passerelle Genmask Indic Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 0 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 0 eth0 Bureau cahn # ip link show dev eth0 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:1e:8c:4a:44:db brd ff:ff:ff:ff:ff:ff OK, this looks good! Can you please try to ping your router: ping -c 3 192.168.1.1 if this fails try to ping other PCs in your LAN. If that fails too can you use arping instead: arping -c 3 -I eth0 192.168.1.1 or the same with the IP addresses of other machines in your LAN. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
Once you are inside the SystemRescueCD (has finished booting) try to start the network. It should get an IP from the router's dhcp server. If it doesn't, then try to assign manually one to eth0, and test. OK. I make an ifconfig and the adress is: 169.264.240.204 and of course Firefox has no connection Was it that what you meant?
Re: [gentoo-user] Internet
Can you please try to ping your router: ping -c 3 192.168.1.1 It fails: Destination Host Unreachable if this fails try to ping other PCs in your LAN. I can't get other PCs If that fails too can you use arping instead: arping -c 3 -I eth0 192.168.1.1 or the same with the IP addresses of other machines in your LAN. All what I try fails!
Re: [gentoo-user] Internet
on 06/15/2011 07:26 PM Cahn Roger wrote the following: Once you are inside the SystemRescueCD (has finished booting) try to start the network. It should get an IP from the router's dhcp server. If it doesn't, then try to assign manually one to eth0, and test. OK. I make an ifconfig and the adress is: 169.264.240.204 and of course Firefox has no connection Was it that what you meant? Assign one manually. ifconfig eth0 down 0 ifconfig eth0 192.168.1.111 up ifconfig route -n ping 192.168.1.1 arp -a
Re: [gentoo-user] Internet
Assign one manually. ifconfig eth0 down 0 ifconfig eth0 192.168.1.111 up ifconfig route -n ping 192.168.1.1 arp -a It works as well with SystemRescueCD as on a terminal But ping to another PC gives Destination Host Unreachable
Re: [gentoo-user] Internet
on 06/15/2011 08:31 PM Cahn Roger wrote the following: Assign one manually. ifconfig eth0 down 0 ifconfig eth0 192.168.1.111 up ifconfig route -n ping 192.168.1.1 arp -a It works as well with SystemRescueCD as on a terminal But ping to another PC gives Destination Host Unreachable Does arp -a show the mac address of the other pc or router just after trying to ping them? ping 192.168.1.1 arp -a
Re: [gentoo-user] Internet
So try the following and post output: # ping -c 3 192.168.1.1 ; arp -a ping -c 3 192.168.1.1 ; arp -a PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. From 192.168.1.20 icmp_seq=1 Destination Host Unreachable From 192.168.1.20 icmp_seq=2 Destination Host Unreachable From 192.168.1.20 icmp_seq=3 Destination Host Unreachable --- 192.168.1.1 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1999ms pipe 3 ? (192.168.1.1) at incomplete on eth0 Well, I stop beczusse I'm occupied now! To morrow is another day ;-) Roger
Re: [gentoo-user] Internet
On Wednesday 15 Jun 2011 17:44:40 Cahn Roger wrote: Can you please try to ping your router: ping -c 3 192.168.1.1 It fails: Destination Host Unreachable if this fails try to ping other PCs in your LAN. I can't get other PCs If that fails too can you use arping instead: arping -c 3 -I eth0 192.168.1.1 or the same with the IP addresses of other machines in your LAN. All what I try fails! Can you ping your machine from any other PC on your LAN? If not please change the ethernet cable. This seems s much like a hardware failure I can't think of anything else. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
Can you ping your machine from any other PC on your LAN? No: Destination Host Unreachable (from 192.168.1.22 to 192.168.1.20) If not please change the ethernet cable. I did it, it was even a new one! This seems s much like a hardware failure I can't think of anything else. I would like this was the key, but... :-( Roger
Re: [gentoo-user] Internet
On Wednesday 15 Jun 2011 22:49:46 Cahn Roger wrote: Can you ping your machine from any other PC on your LAN? No: Destination Host Unreachable (from 192.168.1.22 to 192.168.1.20) If not please change the ethernet cable. I did it, it was even a new one! This seems s much like a hardware failure I can't think of anything else. I would like this was the key, but... :-( OK, let's look at this from the router side ... what router make model do you have? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
On Wed, 15 Jun 2011 23:14:28 +0100, Mick wrote: If not please change the ethernet cable. I did it, it was even a new one! This seems s much like a hardware failure I can't think of anything else. I would like this was the key, but... :-( OK, let's look at this from the router side ... what router make model do you have? I'd go even more basic, connect directly to another computer using a crossover cable, set addresses on both with ifconfig and see if they can ping one another. This really sounds like broken hardware and if the cable is fine, the NIC is suspect. -- Neil Bothwick Pound for pound, the amoeba is the most vicious animal on the earth. signature.asc Description: PGP signature
Re: [gentoo-user] Internet
On Tuesday 14 June 2011 16:30:54 Thanasis wrote: on 06/14/2011 05:45 PM Cahn Roger wrote the following: Can you check the network cable and connections to ensure that is actually correct? The cable and connections are well. NIC became faulty? After reading this thread, I'd say that either the NIC is faulty or he's using a cross-over cable instead of straight-through. Or someone's standing on the cable :-) -- Rgds Peter
Re: [gentoo-user] Internet
* Cahn Roger rc...@club-internet.fr [110614 09:05]: Hi, [..] * Bringing up interface eth0 * dhcp ... * Running dhcpcd ... dhcpcd[3076]: version 5.2.12 starting dhcpcd[3076]: eth0: waiting for carrier dhcpcd[3076]: eth0: carrier acquired dhcpcd[3076]: eth0: rebinding lease of 192.168.1.20 dhcpcd[3076]: eth0: broadcasting for a lease dhcpcd[3076]: timed out dhcpcd[3076]: allowing 8 seconds for IPv4LL timeout dhcpcd[3076]: timed out [..] Hi Roger, It looks like your DHCP server isn't serving addresses. If it's your Internet router you might try resetting it (power cycling it.) I've seen them get wedged specifically relating to DHCP with many different consumer brands. Regards, Todd
Re: [gentoo-user] Internet
On Tuesday 14 June 2011 15:32:22 Cahn Roger wrote: Hi, snipped But the problem is on my desktop with two HD, one with XP and the other with Gentoo amd64. None of them can connect to internet neither gentoo nor XP. I tryed many things (revdep-rebuild, verification in the box, etc.) but I was unsuccessful. Here is what I become at boot: snipped logs And another try: /etc/init.d/net.eth0 start * Caching service dependencies ... [ ok ] * Bringing up interface eth0 * dhcp ... * Running dhcpcd ... dhcpcd[6723]: version 5.2.12 starting dhcpcd[6723]: eth0: broadcasting for a lease dhcpcd[6723]: timed out dhcpcd[6723]: allowing 8 seconds for IPv4LL timeout dhcpcd[6723]: eth0: probing for an IPv4LL address dhcpcd[6723]: eth0: checking for 169.254.79.43 dhcpcd[6723]: eth0: using IPv4LL address 169.254.79.43 dhcpcd[6723]: forked to background, child pid 6744 [ ok ] * received address 169.254.79.43/16 Could please anybody tell me how to solve this awkward problem? Thank you very much Roger Hi Roger, The log you showed indicates that the PC is unable to reach the DHCP server. As the issue occurs with both Operating Systems on the same machine makes me think there is an issue with the network-connection. Can you check the network cable and connections to ensure that is actually correct? -- Joost
Re: [gentoo-user] Internet
On Tuesday 14 Jun 2011 14:32:22 Cahn Roger wrote: Hi, Yesterday I tried to make a connection between my three PC to manage my Epson printer: two with Win XP and Gentoo and one with Win7. I didn't succeed, but that's not important! After reboot of the three machines I went back to Win7: no problem and to my laptop with Xp and Gentoo: OK. But the problem is on my desktop with two HD, one with XP and the other with Gentoo amd64. None of them can connect to internet neither gentoo nor XP. I tryed many things (revdep-rebuild, verification in the box, etc.) but I was unsuccessful. Here is what I become at boot: * Bringing up interface lo * 127.0.0.1/8 ... [ ok ] * Adding routes * 127.0.0.0/8 via 127.0.0.1 ... [ ok ] * Bringing up interface eth0 * dhcp ... * Running dhcpcd ... dhcpcd[3076]: version 5.2.12 starting dhcpcd[3076]: eth0: waiting for carrier dhcpcd[3076]: eth0: carrier acquired dhcpcd[3076]: eth0: rebinding lease of 192.168.1.20 dhcpcd[3076]: eth0: broadcasting for a lease dhcpcd[3076]: timed out dhcpcd[3076]: allowing 8 seconds for IPv4LL timeout dhcpcd[3076]: timed out [ !! ] [ !! ] * ERROR: net.eth0 failed to start * Mounting USB device filesystem [usbfs] ... [ ok ] * Mounting misc binary format filesystem ... [ ok ] * Activating swap devices ... [ ok ] * Initializing random number generator ... [ ok ] rc boot logging stopped at Tue Jun 14 08:29:53 2011 rc default logging started at Tue Jun 14 08:29:53 2011 * Bringing up interface eth0 * dhcp ... * Running dhcpcd ... dhcpcd[3223]: version 5.2.12 starting dhcpcd[3223]: eth0: rebinding lease of 192.168.1.20 dhcpcd[3223]: eth0: broadcasting for a lease dhcpcd[3223]: timed out dhcpcd[3223]: allowing 8 seconds for IPv4LL timeout dhcpcd[3223]: timed out [ !! ] [ !! ] * ERROR: net.eth0 failed to start * ERROR: cannot start netmount as net.eth0 would not start And another try: /etc/init.d/net.eth0 start * Caching service dependencies ... [ ok ] * Bringing up interface eth0 * dhcp ... * Running dhcpcd ... dhcpcd[6723]: version 5.2.12 starting dhcpcd[6723]: eth0: broadcasting for a lease dhcpcd[6723]: timed out dhcpcd[6723]: allowing 8 seconds for IPv4LL timeout dhcpcd[6723]: eth0: probing for an IPv4LL address dhcpcd[6723]: eth0: checking for 169.254.79.43 dhcpcd[6723]: eth0: using IPv4LL address 169.254.79.43 dhcpcd[6723]: forked to background, child pid 6744 [ ok ] * received address 169.254.79.43/16 Could please anybody tell me how to solve this awkward problem? Thank you very much Roger What does the router log show? Can you please share: ifconfig eth0 /etc/conf.d/net -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
Le 14/06/2011 15:15, Todd Goodman a écrit : Hi Todd, Thank you for your quick answer. It looks like your DHCP server isn't serving addresses. Well, it serves adresses for W7, and on the laptop for XP and Gentoo. The box is configured with fixed adresses. If it's your Internet router you might try resetting it I'll try it! Thank you again Todd Roger
Re: [gentoo-user] Internet
Hi Mick, What does the router log show? Euh, how can I get it??? Can you please share: ifconfig eth0 ifconfig eth0 eth0Lien encap:Ethernet HWaddr 00:1e:8c:4a:44:db inet adr:169.254.79.43 Bcast:169.254.255.255 Masque:255.255.0.0 adr inet6: fe80::21e:8cff:fe4a:44db/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:110 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:0 (0.0 B) TX bytes:20708 (20.2 KiB) Interruption:17 /etc/conf.d/net # This blank configuration will automatically use DHCP for any net.* # scripts in /etc/init.d. To create a more complete configuration, # please review /etc/conf.d/net.example and save your configuration # in /etc/conf.d/net (this file :]!). config_eth0=dhcp In the box I stopped the option fixed adresses, but the problem remains the same :-( Thanks for your answers Roger
Re: [gentoo-user] Internet
Can you check the network cable and connections to ensure that is actually correct? The cable and connections are well. Thank you Joost Roger
Re: [gentoo-user] Internet
on 06/14/2011 05:45 PM Cahn Roger wrote the following: Can you check the network cable and connections to ensure that is actually correct? The cable and connections are well. NIC became faulty?
Re: [gentoo-user] Internet
* Cahn Roger rc...@club-internet.fr [110614 09:31]: Le 14/06/2011 15:15, Todd Goodman a écrit : Hi Todd, Hi Roger, Thank you for your quick answer. You're welcome (for what it's worth.) It looks like your DHCP server isn't serving addresses. Well, it serves adresses for W7, and on the laptop for XP and Gentoo. The box is configured with fixed adresses. Your DHCP server serves addresses for other hardware OK? Just not on this box running either Gentoo or W7? When you say fixed addresses you mean the DHCP server gives out a fixed IP address based on the MAC address of the requestor? Can you check the DHCP logs on the DHCP server? If it's your Internet router you might try resetting it I'll try it! If that doesn't work, maybe a wireshark or tcpdump on your Gentoo box and force it to send another DHCP request. If you're using fixed IP addresses you might try manually configuring the Gentoo box with it's IP address and see if networking all works fine then? Regards, Todd Thank you again Todd Roger
Re: [gentoo-user] Internet
On Tuesday 14 Jun 2011 15:42:52 Cahn Roger wrote: Hi Mick, What does the router log show? Euh, how can I get it??? It depends on your router. Usually routers have at least a GUI control panel access and one of the pages shows recent attempts to connect and authenticate. Are your running some sort of an access control list on the router and have not included your MAC address? Can you please share: ifconfig eth0 ifconfig eth0 eth0Lien encap:Ethernet HWaddr 00:1e:8c:4a:44:db inet adr:169.254.79.43 Bcast:169.254.255.255 Masque:255.255.0.0 adr inet6: fe80::21e:8cff:fe4a:44db/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:110 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:0 (0.0 B) TX bytes:20708 (20.2 KiB) Interruption:17 The Rx bytes is zero - your router does not seem to respond. Does this also stay zero if you set up a static address and route on the PC and try to ping the router? /etc/conf.d/net # This blank configuration will automatically use DHCP for any net.* # scripts in /etc/init.d. To create a more complete configuration, # please review /etc/conf.d/net.example and save your configuration # in /etc/conf.d/net (this file :]!). config_eth0=dhcp In the box I stopped the option fixed adresses, but the problem remains the same :-( Try setting an address manually: ifconfig eth0 192.168.1.20 broadcast 192.168.1.255 netmask 255.255.255.0 route add default gw 192.168.1.1 (assuming that this is your router) and then try to ping it: ping -c 3 192.168.1.1 If you can ping it and get a response then the problem is probably with the router. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
It depends on your router. Usually routers have at least a GUI control panel access and one of the pages shows recent attempts to connect and authenticate. My router hasn't this! Are your running some sort of an access control list on the router and have not included your MAC address? The MAC adresses are included in the box. Try setting an address manually: ifconfig eth0 192.168.1.20 broadcast 192.168.1.255 netmask 255.255.255.0 route add default gw 192.168.1.1 (assuming that this is your router) I put this in /etc/conf.d/net; is it right? and then try to ping it: ping -c 3 192.168.1.1 The answer: ping -c 3 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. From 192.168.1.20 icmp_seq=1 Destination Host Unreachable From 192.168.1.20 icmp_seq=2 Destination Host Unreachable From 192.168.1.20 icmp_seq=3 Destination Host Unreachable --- 192.168.1.1 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1999ms pipe 3 Regards Roger
Re: [gentoo-user] Internet
Your DHCP server serves addresses for other hardware OK? Yes. A PC with W7, my laptop with XP and Gentoo Both work fine. The problem is on my desktop with two HD: XP and Gentoo Both OS can't connect to Internet. When you say fixed addresses you mean the DHCP server gives out a fixed IP address based on the MAC address of the requestor? Yes. I put manually in the box (router) ip and mac adresses. Can you check the DHCP logs on the DHCP server? No! Regards Roger
Re: [gentoo-user] Internet
Try setting an address manually: ifconfig eth0 192.168.1.20 broadcast 192.168.1.255 netmask 255.255.255.0 route add default gw 192.168.1.1 (assuming that this is your router) I put this in /etc/conf.d/net; is it right? No. Run them from terminal as root. Then check.
Re: [gentoo-user] Internet
Try setting an address manually: ifconfig eth0 192.168.1.20 broadcast 192.168.1.255 netmask 255.255.255.0 route add default gw 192.168.1.1 (assuming that this is your router) It doesn't work: error locating host target (for route) Regards Roger
Re: [gentoo-user] Internet
# /etc/init.d/net.eth0 stop # ifconfig eth0 192.168.1.20 up and post output of /etc/init.d/net.eth0 stop * Caching service dependencies ... /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe [ ok ] * samba - stop: smbd ... [ ok ] * samba - stop: nmbd ... [ ok ] * Unmounting network filesystems ... [ ok ] /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe * net.eth0: error loading /etc/init.d/../conf.d/net * ERROR: net.eth0 failed to stop (command unobtenaible) Of course, ifconfig eth0 192.168.1.20 up didn't give an answer! What's the IP of your router? 192.168.1.1 Thank's a lot for your help Thanasis Roger
Re: [gentoo-user] Internet
on 06/14/2011 10:45 PM Cahn Roger wrote the following: # /etc/init.d/net.eth0 stop # ifconfig eth0 192.168.1.20 up and post output of /etc/init.d/net.eth0 stop * Caching service dependencies ... /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe [ ok ] * samba - stop: smbd ... [ ok ] * samba - stop: nmbd ... [ ok ] * Unmounting network filesystems ... [ ok ] /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe * net.eth0: error loading /etc/init.d/../conf.d/net * ERROR: net.eth0 failed to stop (command unobtenaible) Run these (in sequence) as root (and post output): # echo /etc/conf.d/net # /etc/init.d/net.eth0 stop # /etc/init.d/net.eth0 zap # ifconfig eth0 192.168.1.20 up # ifconfig # ping 192.168.1.1
Re: [gentoo-user] Internet
Run these (in sequence) as root (and post output): # echo /etc/conf.d/net # /etc/init.d/net.eth0 stop # /etc/init.d/net.eth0 zap # ifconfig eth0 192.168.1.20 up # ifconfig # ping 192.168.1.1 Bad luck: it fails. Bureau cahn # echo /etc/conf.d/net Bureau cahn # /etc/init.d/net.eth0 stop * Caching service dependencies ... [ ok ] * Bringing down interface eth0 * Stopping dhcpcd on eth0 ... [ ok ] * Removing addresses * 192.168.1.20/24 Bureau cahn # /etc/init.d/net.eth0 zap * Manually resetting net.eth0 to stopped state Bureau cahn # ifconfig eth0 192.168.1.20 up Bureau cahn # ifconfig eth0 Lien encap:Ethernet HWaddr 00:1e:8c:4a:44:db inet adr:192.168.1.20 Bcast:192.168.1.255 Masque:255.255.255.0 adr inet6: fe80::21e:8cff:fe4a:44db/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:662 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:0 (0.0 B) TX bytes:147085 (143.6 KiB) Interruption:17 loLien encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 adr inet6: ::1/128 Scope:Hôte UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:39878 errors:0 dropped:0 overruns:0 frame:0 TX packets:39878 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:3166048 (3.0 MiB) TX bytes:3166048 (3.0 MiB) Bureau cahn # ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. From 192.168.1.20 icmp_seq=2 Destination Host Unreachable From 192.168.1.20 icmp_seq=3 Destination Host Unreachable From 192.168.1.20 icmp_seq=4 Destination Host Unreachable From 192.168.1.20 icmp_seq=6 Destination Host Unreachable Thanks for help Roger
Re: [gentoo-user] Internet
on 06/14/2011 11:36 PM Cahn Roger wrote the following: snip Bureau cahn # ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. From 192.168.1.20 icmp_seq=2 Destination Host Unreachable From 192.168.1.20 icmp_seq=3 Destination Host Unreachable From 192.168.1.20 icmp_seq=4 Destination Host Unreachable From 192.168.1.20 icmp_seq=6 Destination Host Unreachable Can you ping 192.168.1.1 from another machine?
Re: [gentoo-user] Internet
Can you ping 192.168.1.1 from another machine? Yes, from my laptop with which I'm writing Portable cahn # ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=3.86 ms 64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=3.86 ms 64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=3.96 ms 64 bytes from 192.168.1.1: icmp_req=4 ttl=64 time=3.94 ms 64 bytes from 192.168.1.1: icmp_req=5 ttl=64 time=7.46 ms 64 bytes from 192.168.1.1: icmp_req=6 ttl=64 time=4.65 ms c64 bytes from 192.168.1.1: icmp_req=7 ttl=64 time=3.85 ms 64 bytes from 192.168.1.1: icmp_req=8 ttl=64 time=7.10 ms 64 bytes from 192.168.1.1: icmp_req=9 ttl=64 time=4.38 ms 64 bytes from 192.168.1.1: icmp_req=10 ttl=64 time=3.99 ms ^C --- 192.168.1.1 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9024ms rtt min/avg/max/mdev = 3.851/4.708/7.465/1.316 ms
Re: [gentoo-user] Internet
On Tuesday 14 Jun 2011 18:44:43 Cahn Roger wrote: Try setting an address manually: ifconfig eth0 192.168.1.20 broadcast 192.168.1.255 netmask 255.255.255.0 route add default gw 192.168.1.1 (assuming that this is your router) It doesn't work: error locating host target (for route) Hmm ... something is not right at the router, or your ethernet cable is faulty/unplugged. Are you sure that 192.168.1.1 is the correct address for it? After you set on the command line your ip address using ifconfig run this: arping -c 3 -I eth0 192.168.1.1 If your router is not responding, please check its firewall list and any access control lists you may have set up for it - you may have typed incorrectly the MAC address for your eth0 NIC. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
On Tuesday 14 Jun 2011 20:45:30 Cahn Roger wrote: # /etc/init.d/net.eth0 stop # ifconfig eth0 192.168.1.20 up and post output of /etc/init.d/net.eth0 stop * Caching service dependencies ... /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable SIOCADDRT: Le fichier existe /etc/init.d/../conf.d/net: line 9: broadcast : commande introuvable /etc/init.d/../conf.d/net: line 10: netmask : commande introuvable You need to remove those lines that I asked you to type on the command line from the /etc/conf.d/net file - or look at the example file provided and use that to define static address/broadcast/netmask correctly. Typically something like: config_eth0=192.168.1.20/24 should do it. If you want to define a static route and dns server add: routes_eth0=default via 192.168.1.1 dns_servers_eth0=192.168.1.1 HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Internet
on 06/15/2011 12:33 AM Cahn Roger wrote the following: Can you ping 192.168.1.1 from another machine? Yes, from my laptop with which I'm writing Portable cahn # ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=3.86 ms 64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=3.86 ms Try changing ethernet cable and switch port for the pc that has the problem, and ping the router again. Then if the problem persists, delete /etc/udev/rules.d/70-persistent-net.rules and swap the network card (if it's not onboard) with another (PCI) that you know is good. If the card is onboard, do not delete /etc/udev/rules.d/70-persistent-net.rules, just add a PCI NIC, connect the ethernet cable to this new PCI NIC and try to ping the router.
Re: [gentoo-user] Internet
on 06/15/2011 12:33 AM Cahn Roger wrote the following: Can you ping 192.168.1.1 from another machine? Yes, from my laptop with which I'm writing Portable cahn # ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=3.86 ms If you have ethtool installed on the problematic pc, post the output of: ethtool eth0
Re: [gentoo-user] Internet
on 06/15/2011 12:47 AM Mick wrote the following: snip You need to remove those lines that I asked you to type on the command line from the /etc/conf.d/net He should have already removed them (see the messages in the thread). /etc/conf.d/net should be empty by now, which means it defaults to dhcp.