On Sat, Jan 29, 2011 at 7:24 PM, Neal Hogan <nealho...@gmail.com> wrote:
> On Tue, Jan 25, 2011 at 10:11 PM, Neal Hogan <nealho...@gmail.com> wrote:
>> On Tue, Jan 25, 2011 at 9:51 PM, Ryan Flannery <ryan.flann...@gmail.com>
wrote:
>>> On Tue, Jan 25, 2011 at 9:01 PM, Neal Hogan <nealho...@gmail.com> wrote:
>>>> Hello misc@,
>>>>
>>>> I'm having an issue with my wifi AP after I reconnect to my ISP. That
>>>> is, when my internet connection is broken, for whatever reason, and
>>>> then reconnected, my wireless machines see that the AP is available,
>>>> but fail to connect to it. My hard connection works just fine.
>>>
<bump>
I've tried a suggestion:
# sudo pfclt -F all && sudo pfctl -f /etc/pf.conf
# sudo ifconfig ral0 down && sudo ifconfig ral0 up
No dice. Are there any suggestions that will allow me to regain my
wifi AP capabilities without having to reboot?
Thanks!
>>> Do you still have a dynamic IP? If so, is it set to something
>>> different when you reconnect?
>>>
>>> If so, the nat in your pf is probably causing the problem.
>>>
>>
>> I was thinking the same and when I finally got the internet connection
>> back the IP looked the same.
>>>>
>>>> I flush all the routes (ie., # route flush) and then sh /etc/netstart,
>>>> but that does not work.
>>>
>>> Have you also tried restarting pf at this point?
>>>
>>
>> I did not not do that this most recent time, but I seem to remember
>> doing it last time without it helping. When I get time, I will try to
>> recreate the situation by unplugging my modem and restarting pf.
>
> I tried restarting pf (i.e., pfctl -d && pfctl -ef /etc/pf.conf) and
> it didn't work. That is, I flushed the routes, 'sh /etc/netstart'd',
> and restarted pf and my wifi access point fails to give addresses.
>
> Below are my pf rules and, route table and ifconfig info before and
> after I reboot.
>
>>lambdaroot pfctl -s rules
> match in all scrub (no-df random-id reassemble tcp)
> match out on em1 from ! (em1) to any nat-to (em1) round-robin
> pass in on em1 inet proto tcp from <whitelist> to (em1) port = smtp
> flags S/SA keep state rdr-to 127.0.0.1 port 25
> pass in on em0 inet proto tcp from any to 192.168.2.1 port = smtp
> flags S/SA keep state rdr-to 127.0.0.1 port 25
> pass in on em1 inet proto tcp from <spamd> to 64.53.218.214 port =
> smtp flags S/SA keep state rdr-to 127.0.0.1 port 8025
> pass in on em1 inet proto tcp from <spamd-white> to any port = smtp
> flags S/SA keep state rdr-to 127.0.0.1 port 25
> pass in on em1 inet proto tcp from ! <spamd-white> to any port = smtp
> flags S/SA keep state rdr-to 127.0.0.1 port 8025
> block drop in all
> block drop out all
> block drop in log quick on ! lo inet6 from ::1 to any
> block drop in log quick on ! lo inet from 127.0.0.0/8 to any
> block drop in log quick inet from 127.0.0.1 to any
> block drop in log quick on ! em1 inet from 64.53.216.0/21 to any
> block drop in log quick inet from 64.53.218.214 to any
> block drop in log quick on ! em0 inet from 192.168.2.0/24 to any
> block drop in log quick inet from 192.168.2.1 to any
> block drop in log quick on ! ral0 inet from 192.168.3.0/24 to any
> block drop in log quick inet from 192.168.3.1 to any
> block drop in log quick inet6 from ::1 to any
> block drop in log quick on lo0 inet6 from fe80::1 to any
> block drop in log quick on em1 inet6 from fe80::2e0:81ff:febc:f36a to any
> block drop in log quick on em0 inet6 from fe80::2e0:81ff:febc:f36b to any
> block drop in log quick on ral0 inet6 from fe80::20e:2eff:fe96:4ee0 to any
> block drop in log quick from <bad_ssh> to any
> block drop in log quick from <bad_www> to any
> block drop in log quick from <bad_wifi> to any
> pass out quick on em1 inet proto tcp from any to 24.172.134.210 port =
> finger user = 67 flags S/SA modulate state
> pass out quick on ral0 inet proto tcp from any to
> <__automatic_80b2c777_0> port = finger user = 67 flags S/SA modulate
> state
> pass out quick on em0 inet proto tcp from any to
> <__automatic_80b2c777_2> port = finger user = 67 flags S/SA modulate
> state
> pass out quick on ral0 inet proto tcp from any to
> <__automatic_80b2c777_1> port = ssh user = 67 flags S/SA modulate
> state
> pass out quick on em0 inet proto tcp from any to
> <__automatic_80b2c777_3> port = ssh user = 67 flags S/SA modulate
> state
> pass in log on em1 inet proto tcp from any to (em1) port = ssh flags
> S/SA synproxy state (source-track rule, max-src-conn-rate 10/20,
> overload <bad_ssh> flush global, src.track 20)
> pass in log on em1 inet proto tcp from any to (em1) port = smtp flags
> S/SA synproxy state
> pass in log on em1 inet proto tcp from any to (em1) port = www flags
> S/SA synproxy state (source-track rule, max-src-conn 100,
> max-src-conn-rate 15/5, overload <bad_www> flush global, src.track 5)
> pass in log on em1 inet proto tcp from any to (em1) port = https flags
> S/SA synproxy state (source-track rule, max-src-conn 100,
> max-src-conn-rate 15/5, overload <bad_www> flush global, src.track 5)
> pass in log on em1 inet proto icmp from any to (em1) icmp-type echoreq
> keep state
> pass in log on em1 inet proto icmp from any to (em1) icmp-type unreach
> keep state
> pass in on em1 inet proto tcp from any to (em1) port = ftp flags S/SA
> keep state (source-track rule, max-src-conn 3, max-src-conn-rate 15/5,
> src.track 5)
> pass in on em1 proto tcp from any to any port > 49151 flags S/SA keep state
> pass in on em1 proto tcp from any to any port = rsync flags S/SA keep state
> pass in log on em1 inet proto tcp from 24.172.134.210 to 64.53.218.214
> port = finger flags S/SA synproxy state
> pass out log on em1 all flags S/SA keep state
> pass in quick on em0 inet from 192.168.2.0/24 to any flags S/SA keep state
> pass in on ral0 inet from 192.168.3.0/24 to any flags S/SA keep state
> pass in on ral0 inet proto udp from 192.168.3.0/24 port = bootpc to
> any port = bootps keep state
> pass out on ral0 all flags S/SA keep state
> pass out on em0 all flags S/SA keep state
> pass in log on ral0 inet proto icmp from 192.168.3.0/24 to (ral0) keep
state
> pass in log on ral0 inet proto tcp from 192.168.3.0/24 to (ral0) port
> = ssh flags S/SA synproxy state (source-track rule, max-src-conn-rate
> 3/20, overload <bad_ssh> flush global, src.track 20)
> pass in log on ral0 inet proto tcp from 192.168.3.0/24 to (ral0) port
> = www flags S/SA synproxy state (source-track rule, max-src-conn 100,
> max-src-conn-rate 15/5, overload <bad_www> flush global, src.track 5)
> pass in log on ral0 inet proto tcp from 192.168.3.0/24 to (ral0) port
> = https flags S/SA synproxy state (source-track rule, max-src-conn
> 100, max-src-conn-rate 15/5, overload <bad_www> flush global,
> src.track 5)
> pass in log on ral0 inet from 192.168.3.0/24 to ! (ral0) flags S/SA
> modulate state
>
> lambdaroot route show
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Mtu Prio
Iface
> default d53-1-216.nap.wide UGS 11 108289 - 8 em1
> 64.53.216/21 link#2 UC 1 0 - 4 em1
> d53-1-216.nap.wide 00:01:5c:32:fa:c1 UHLc 1 0 - 4 em1
> d53-214-218.nap.wi www.lambdaserver.c UGHS 0 118 33160 8 lo0
> loopback www.lambdaserver.c UGRS 0 0 33160 8 lo0
> www.lambdaserver.c www.lambdaserver.c UH 2 0 33160 4 lo0
> 192.168.2/24 link#1 UC 2 0 - 4 em0
> 192.168.2.39 00:0d:9d:43:2b:a7 UHLc 0 236 - 4 em0
> 192.168.2.43 00:1e:37:d9:cc:ed UHLc 8 1062 - 4 em0
> 192.168.3/24 link#5 UC 0 0 - 4
ral0
> BASE-ADDRESS.MCAST www.lambdaserver.c URS 0 0 33160 8 lo0
>
> Internet6:
> Destination Gateway Flags Refs Use Mtu Prio
Iface
> ::/104 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::/96 www.lambdaserver.c UGRS 0 0 - 8 lo0
> www.lambdaserver.c www.lambdaserver.c UH 14 0 33160 4 lo0
> ::127.0.0.0/104 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::224.0.0.0/100 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::255.0.0.0/104 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::ffff:0.0.0.0/96 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002::/24 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002:7f00::/24 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002:e000::/20 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002:ff00::/24 www.lambdaserver.c UGRS 0 0 - 8 lo0
> fe80::/10 www.lambdaserver.c UGRS 0 0 - 8 lo0
> fe80::%em0/64 link#1 UC 0 0 - 4 em0
> fe80::%em1/64 link#2 UC 0 0 - 4 em1
> fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0
> fe80::%ral0/64 link#5 UC 0 0 - 4
ral0
> fec0::/10 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ff01::/16 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ff01::%em0/32 link#1 UC 0 0 - 4 em0
> ff01::%em1/32 link#2 UC 0 0 - 4 em1
> ff01::%lo0/32 www.lambdaserver.c UC 0 0 - 4 lo0
> ff01::%ral0/32 link#5 UC 0 0 - 4
ral0
> ff02::/16 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ff02::%em0/32 link#1 UC 0 0 - 4 em0
> ff02::%em1/32 link#2 UC 0 0 - 4 em1
> ff02::%lo0/32 www.lambdaserver.c UC 0 0 - 4 lo0
> ff02::%ral0/32 link#5 UC 0 0 - 4
ral0
>
> lambdaroot ifconfig -a
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33160
> priority: 0
> groups: lo
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> inet 127.0.0.1 netmask 0xff000000
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:e0:81:bc:f3:6b
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> status: active
> inet6 fe80::2e0:81ff:febc:f36b%em0 prefixlen 64 scopeid 0x1
> inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:e0:81:bc:f3:6a
> priority: 0
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
> status: active
> inet6 fe80::2e0:81ff:febc:f36a%em1 prefixlen 64 scopeid 0x2
> inet 64.53.218.214 netmask 0xfffff800 broadcast 64.53.223.255
> enc0: flags=0<>
> priority: 0
> groups: enc
> status: active
> ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0e:2e:96:4e:e0
> priority: 4
> groups: wlan
> media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap)
> status: active
> ieee80211: nwid lambdaserver chan 1 bssid 00:0e:2e:96:4e:e0
> nwkey kashossc63250 100dBm
> inet6 fe80::20e:2eff:fe96:4ee0%ral0 prefixlen 64 scopeid 0x5
> inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33160
> priority: 0
> groups: pflog
>
> AFTER REBOOT
>
> lambdaroot route show
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Mtu Prio
Iface
> default d53-1-216.nap.wide UGS 9 179389 - 8 em1
> 64.53.216/21 link#2 UC 1 0 - 4 em1
> d53-1-216.nap.wide 00:01:5c:32:fa:c1 UHLc 1 0 - 4 em1
> d53-214-218.nap.wi www.lambdaserver.c UGHS 0 814 33160 8 lo0
> loopback www.lambdaserver.c UGRS 0 0 33160 8 lo0
> www.lambdaserver.c www.lambdaserver.c UH 2 492 33160 4 lo0
> 192.168.2/24 link#1 UC 2 0 - 4 em0
> 192.168.2.39 00:0d:9d:43:2b:a7 UHLc 0 8 - 4 em0
> 192.168.2.43 00:1e:37:d9:cc:ed UHLc 8 5185 - 4 em0
> 192.168.3/24 link#5 UC 2 0 - 4
ral0
> frege 00:02:6f:98:31:81 UHLc 0 139 - 4
ral0
> 192.168.3.35 00:02:6f:98:31:81 UHLc 1 1905 - 4
ral0
> BASE-ADDRESS.MCAST www.lambdaserver.c URS 0 0 33160 8 lo0
>
> Internet6:
> Destination Gateway Flags Refs Use Mtu Prio
Iface
> ::/104 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::/96 www.lambdaserver.c UGRS 0 0 - 8 lo0
> www.lambdaserver.c www.lambdaserver.c UH 14 0 33160 4 lo0
> ::127.0.0.0/104 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::224.0.0.0/100 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::255.0.0.0/104 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ::ffff:0.0.0.0/96 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002::/24 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002:7f00::/24 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002:e000::/20 www.lambdaserver.c UGRS 0 0 - 8 lo0
> 2002:ff00::/24 www.lambdaserver.c UGRS 0 0 - 8 lo0
> fe80::/10 www.lambdaserver.c UGRS 0 0 - 8 lo0
> fe80::%em0/64 link#1 UC 0 0 - 4 em0
> fe80::2e0:81ff:feb 00:e0:81:bc:f3:6b HL 0 0 - 4 lo0
> fe80::%em1/64 link#2 UC 0 0 - 4 em1
> fe80::2e0:81ff:feb 00:e0:81:bc:f3:6a UHL 0 0 - 4 lo0
> fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0
> fe80::1%lo0 link#4 UHL 0 0 - 4 lo0
> fe80::%ral0/64 link#5 UC 0 0 - 4
ral0
> fe80::20e:2eff:fe9 00:0e:2e:96:4e:e0 UHL 0 0 - 4 lo0
> fec0::/10 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ff01::/16 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ff01::%em0/32 link#1 UC 0 0 - 4 em0
> ff01::%em1/32 link#2 UC 0 0 - 4 em1
> ff01::%lo0/32 www.lambdaserver.c UC 0 0 - 4 lo0
> ff01::%ral0/32 link#5 UC 0 0 - 4
ral0
> ff02::/16 www.lambdaserver.c UGRS 0 0 - 8 lo0
> ff02::%em0/32 link#1 UC 0 0 - 4 em0
> ff02::%em1/32 link#2 UC 0 0 - 4 em1
> ff02::%lo0/32 www.lambdaserver.c UC 0 0 - 4 lo0
> ff02::%ral0/32 link#5 UC 0 0 - 4
ral0
>
> lambdaroot ifconfig -a
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33160
> priority: 0
> groups: lo
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:e0:81:bc:f3:6b
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> status: active
> inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
> inet6 fe80::2e0:81ff:febc:f36b%em0 prefixlen 64 scopeid 0x1
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:e0:81:bc:f3:6a
> priority: 0
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
> status: active
> inet6 fe80::2e0:81ff:febc:f36a%em1 prefixlen 64 scopeid 0x2
> inet 64.53.218.214 netmask 0xfffff800 broadcast 64.53.223.255
> enc0: flags=0<>
> priority: 0
> groups: enc
> status: active
> ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0e:2e:96:4e:e0
> priority: 4
> groups: wlan
> media: IEEE802.11 autoselect hostap
> status: active
> ieee80211: nwid lambdaserver chan 2 bssid 00:0e:2e:96:4e:e0
> nwkey kashossc63250 100dBm
> inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
> inet6 fe80::20e:2eff:fe96:4ee0%ral0 prefixlen 64 scopeid 0x5
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33160
> priority: 0
> groups: pflog
>
>>>> At this point, rebooting the AP machine is the
>>>> only thing that I've been able to do to rectify the situation. From
>>>> the research that I've done, it doesn't look as though I should have
>>>> to reboot. Any suggestions?
>>>>
>>>> Thanks!
>>>> -Neal
