RE: [leaf-user] DHCP & NTL cable problem.

Wed, 01 Sep 2004 01:57:12 -0700 

Hi All,

OK, I'll explain registration.

If an unidentified MAC asks the cable box (STB) for an IP through DHCP,
it is assigned a 10.0.0.0/8 address and every DNS request is redirected
to the address of start.ntl. So all you need is a java capable browser
to register a MAC address. Currently you can't register Bering boxes by
NAT'ing though them because they use their root DNS servers, not the
ones passed through DHCP.

> "Is it possible that you have your firewalling set to block access to 
> private-address network ranges (including 10.0.0.0/8)?"

Is the firewall blocking rfc1918? Wait a minute, isn't there something
somewhere that blocks ALL rfc1918 addresses in shorewall? That norfc
switch in shorewalls, erm, one of the shorewall files? I know that NTL
uses many rfc1918 networks, so would shorewall block packets from a DHCP
server with that address? 

> "Do you "clear" shorewall, *then* run ifup (or pump directly) from the

> command line?" 

Yes, I run shorewall clear then pump.

> "At this point, what ruleset information does Shorewall report?"

I don't know, how would I find that out/dump it to a file?

> "And what does "ip" tell you about your interfaces?"

"ip addr show" shows me lo, eho0 and eth1.

Both adaptors have the usual info.
eth0 has no IP address.
eth1 is fine.

Now, uClibc.

After all that, last night I have re-established connectivity. I spoofed
my external MAC on a Win98 box and I know that the clean uClibc disk
that I was testing with works (except DNS, does this need configuration
with 2.2?).
Now, until I get back tonight, I won't be able to test my Bering 1.2
disks with this registered setup. If it works, then I guess I was
blocking rfc1918 addresses somewhere and the net DHCP server was
10.0.0.0/8.

Regardless, no, my Bering 1.2 disks are stock and have had no security
updates applied. Currently, how bad is this?

I would have some things to move over to a new system, vtun tunnels,
wondershaper. I don't know if B-uC 2.2 supports those yet. But I *would*
get it back on one disk again. Two is a hassle and so slow to load.

And what's up with all these changes to shorewall? Is that a new version
or just a custom config that comes with B-uC 2.2?

Right, I think that's everything.
Thanks Ray.

James.

-----Original Message-----
From: Ray Olszewski [mailto:[EMAIL PROTECTED] 
Sent: 01 September 2004 04:58
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] DHCP & NTL cable problem.

Unless I missed something, you haven't yet resolved this. So here are a
few 
thoughts.

At 09:25 AM 8/26/2004 +0100, James Neave wrote:
>Hi all,
>
>NTL has recently upgraded my cable box, taking my line from 1Mb/s to
>1.5Mb/s. Very nice of them.
>But my fairly long serving Bering 1.2 box has thrown a hissy fit,
>because NTL reset the MAC registration which only lets you connect
>registered NICs to their network. Now, pump won't get an IP address.
>It's MEANT to get a 10.a.b.c address and all HTML requests are
>redirected to the registration server. All I get is "Operation Failed"
>when you try to restart the networking.

Is it possible that you have your firewalling set to block access to 
private-address network ranges (including 10.0.0.0/8)? The registration 
server itself if probably some 10.b.c.d address.

>Can anybody tell he how I can diagnose what's going wrong?
>
>We've successfully registered a Win98 box on the thing, which works
>fine.

  I think the next step is to tell us what procedure is involved in 
"registering" a MAC address. Do you have to run some piece of software
that 
is available ONLY for Windows PCs? Or are you talking here merely about 
connecting the Windows PC directly to your cable modem? Or something
else? 
(Your earlier comment about "the registration server" seem to say 
"something else", but I may be misunderstanding you.)

>It's not cables, all connectivity has been checked.
>I've cleared shorewall and prevented my vtun tunnels from trying to
>build themselves.

Please clarify the sequence here. Do you "clear" shorewall, *then* run
ifup 
(or pump directly) from the command line? At this point, what ruleset 
information does Shorewall report? And what does "ip" tell you about
your 
interfaces?

>I also read the ifupdown man page on how to spoof a MAC address, but
>that implies that you can only use he hwaddress switch with static ip
>interfaces, not dynamic.

I'm not sure what the man page for ifupdown says that "implies" this,
but 
older systems, ones that use ifconfig, can set the hardware address 
independently of the method used to get an IP address. I don't have a 
system handy with the man page for "ip", but my memory says that it too
can 
set MAC address independently of IP address. (Subject to the customary 
qualification, for both commands, that the NIC driver needs to suppor
this 
feature.)

>Finally, should I just take this as a good opportunity to upgrade to
>-uClibc?

If you think of uClibc as a hammer, not all problems are nails. You'd do

better to figure out the cause of your problem than to try solutions at 
random. While moving to uClibc is probably a good idea (is your Bering
1.2 
setup current on all security issues?), it may not fix your immediate
problem.





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to