Re: Dlink DSL router doesn't like FreeBSD

2004-06-17 Thread bob

I forgot to add to this ... that if you monitor tcp/ip traffic with
tcpdump you can compare a sucessful connection on the internal lan with
a failure on when trying to connect to something on the internet.

Doing this you can see the syn-ack-syn process of a successful
pop/smtp/www connection on the lan, but when attempting to connect to on
the wan the reason it fails is because there is no reply to the inital
syn request, or subsequent syn requests sent out when the first one
fails to get a reply. I have cannot connect using ssh on the lan to test
that.

If ANYONE has a solution to this .. please post to me as well as this
list. I only made these posts to show that this is not an isolated
incident and defies sense trying to diagnose. I will post again when I
take the router out of the equation and replace with a windows box doing
connection sharing. That should be enough to start blaming the dlink if
it works with the windows box.

On Thu, 2004-06-17 at 23:49, bob wrote:
 I have had exactly the same experience with linux, using mandrake 10.
 Everything works from my linux box on the lan to other hosts on the lan.
 When I try to telnet on ports 22(ssh),25(smtp),80(http) and 110(pop3)
 NOTHING WORKS. I can browse the web and send/recieve email with
 Evolution/Thunderbird/Firefox without any problems BUT I cannot use
 telnet for anything outside of the LAN when I am on my Linux box. My
 windows laptop can do everything (I didn't try ssh because the windows
 box doesn't have a client).
 
 The only constant factor in this is the D-Link 504t. This has other
 faults in it anyway, such as not restricting remote access to the
 web-login screen once the latest firmware is installed. They missed out
 essential features such as being able to configure the time when it
 shipped, along with the option to connect on demand which was documented
 in the mannual but not present in the config dispite being shown in
 mannual's photographs. Not only this but the mannual was wrong on some
 points too, showing a feature in one part of the web-config when it had
 been moved to another section after the mannual was written.
 
 Is anyone getting suspicious of the quality of this router ? I use it,
 and it works, expect for this problem. I don't trust it very much though
 and I will be glad to see the back of it when I upgrade, unless dlink
 fix the problems listed above and restore my faith in this product.
 


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Dlink DSL router doesn't like FreeBSD

2004-06-01 Thread Walter C. Pelissero
Just to update you on the D-Link 504T problem.  After some weeks and a
relocation I've been able to dig further in it and come to the
conclusion that the 504T (mind the 'T') is buggy.

Both the D-Link European help desk and the following page confirmed
what I suspected:

  http://www.broadbandreports.com/forum/remark,10278563~mode=flat

So, unless D-Link comes out with a new firmware you'd better steer
clear from this DSL router.  I'll return mine as soon as possible.

Cheers,

-- 
walter pelissero
http://www.pelissero.de
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Dlink DSL router doesn't like FreeBSD

2004-05-15 Thread Walter C. Pelissero
John Mills writes:
  First, are you coming into your LAN from outside, or going outwards?

Either ways.

  If it's an outgoing-connection problem, I would look into the
  firewall setting of the FBSD box. Maybe you set didn't set it up to
  pass the ports for outgoing telnet and ssh, or maybe you shut off
  the replies on those same ports.

Not as far as I know.  I personally took care of the installation.
*Intra*net traffic works seamlessly, between the two FreeBSD boxes,
though.

  Try plugging the WindowBox into another of the router's ports, then
  use PuTTY to telnet and ssh into your FBSD box (using it's LAN
  address, naturally). If that works, the problem is definitely the
  router, but possibly a setup issue.  Especially since telnet is
  also involved. (Many people disable incoming telnet, for security
  reasons.)

I haven't tried PuTTY internally (from Windoze to FreeBSD).  I won't
be able to do that test during the weekend as I'm currently about 500
miles away from that LAN.  I'll keep you posted, though.

  When you have intra-LAN access working, look into port forwarding in the 
  router's setup: you want incoming traffic from the ports used by ssh and 
  (if you enable it) telnet to be sent to the LAN address of your FBSD box. 

Did it.  If I didn't, I suppose ssh wouldn't go that far in the login
process.

As suggested by Konrad Heuer I gathered further data with -v options
of ssh and tcpdump.  As suggested by Vladimir Terziev i ran ssh using
protocol 1 only and disabling X11 forwarding.

Here is the command line:

   ssh -vvv -x -1 -4 that.bloody.address

from my machine at home to the dynamic IP address of that router which
is configured to forward port 22 to the FreeBSD box.

Here is the log:

  OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: Rhosts Authentication disabled, originating port will not be trusted.
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to that.bloody.address [xxx.xxx.xxx.xxx] port 22.
  debug1: Connection established.
  debug1: identity file /usr/home/wcp/.ssh/identity type 0
  debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p1 
FreeBSD-20030924
  debug1: match: OpenSSH_3.6.1p1 FreeBSD-20030924 pat OpenSSH*
  debug1: Local version string SSH-1.5-OpenSSH_3.6.1p1 FreeBSD-20030924
  debug1: Waiting for server public key.
  debug1: Received server public key (768 bits) and host key (1024 bits).
  debug3: check_host_in_hostfile: filename /usr/home/wcp/.ssh/known_hosts2
  debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
  debug3: check_host_in_hostfile: filename /usr/home/wcp/.ssh/known_hosts
  debug3: check_host_in_hostfile: match line 31
  debug1: Host 'that.bloody.address' is known and matches the RSA1 host key.
  debug1: Found key in /usr/home/wcp/.ssh/known_hosts:31
  debug1: Encryption type: 3des
  debug1: Sent encrypted session key.
  debug2: cipher_init: set keylen (16 - 32)
  debug2: cipher_init: set keylen (16 - 32)
  debug1: Installing crc compensation attack detector.
  debug1: Received encrypted confirmation.
  debug1: Trying RSA authentication with key '/usr/home/wcp/.ssh/identity'
  debug1: Server refused our key.
  debug1: Doing challenge response authentication.
  Password:
  Response: 
[I just type return]
  debug1: Doing password authentication.
  [EMAIL PROTECTED]'s password: 
[I type the password]
  debug1: Requesting pty.
  debug3: tty_make_modes: ospeed 38400
  debug3: tty_make_modes: ispeed 38400
  debug3: tty_make_modes: 1 3
  debug3: tty_make_modes: 2 28
  debug3: tty_make_modes: 3 127
  debug3: tty_make_modes: 4 21
  debug3: tty_make_modes: 5 4
  debug3: tty_make_modes: 6 255
  debug3: tty_make_modes: 7 255
  debug3: tty_make_modes: 8 17
  debug3: tty_make_modes: 9 19
  debug3: tty_make_modes: 10 26
  debug3: tty_make_modes: 11 25
  debug3: tty_make_modes: 12 18
  debug3: tty_make_modes: 13 23
  debug3: tty_make_modes: 14 22
  debug3: tty_make_modes: 17 8
  debug3: tty_make_modes: 18 15
  debug3: tty_make_modes: 30 1
  debug3: tty_make_modes: 31 0
  debug3: tty_make_modes: 32 0
  debug3: tty_make_modes: 33 0
  debug3: tty_make_modes: 34 0
  debug3: tty_make_modes: 35 0
  debug3: tty_make_modes: 36 1
  debug3: tty_make_modes: 38 1
  debug3: tty_make_modes: 39 0
  debug3: tty_make_modes: 40 0
  debug3: tty_make_modes: 41 1
  debug3: tty_make_modes: 50 1
  debug3: tty_make_modes: 51 1
  debug3: tty_make_modes: 53 1
  debug3: tty_make_modes: 54 1
  debug3: tty_make_modes: 55 1
  debug3: tty_make_modes: 56 0
  debug3: tty_make_modes: 57 0
  debug3: tty_make_modes: 58 0
  debug3: tty_make_modes: 59 1
  debug3: tty_make_modes: 60 1
  debug3: tty_make_modes: 61 1
  debug3: tty_make_modes: 62 1
  debug3: tty_make_modes: 70 1
  debug3: tty_make_modes: 72 1
  debug3: tty_make_modes: 73 0
  debug3: tty_make_modes: 74 0
  debug3: tty_make_modes: 75 0
  debug3: tty_make_modes: 90 1
  debug3: tty_make_modes: 91 1
 

Re: Dlink DSL router doesn't like FreeBSD

2004-05-14 Thread Konrad Heuer

On Fri, 14 May 2004, Walter C. Pelissero wrote:

 I'm trying to make work a D-Link 504T DSL router/switch with FreeBSD
 5.2.1-RELEASE-p6.

 I've already realised that IPv6 is not supported by the router so I
 compiled an IPv4-only kernel and got to work DNS, HTTP, and FTP.

 My problem is that ssh and telnet don't work.  I get as far as the
 Password prompt, I type it in, and then ssh freezes for a couple of
 minutes until it probably goes in timeout and gives up.

 The D-Link help desk is useless; the only thing they suggested was to
 return the router to where I bought it.  I've anyhow the impression
 that the problem might not completely be the router's fault.  In fact
 I plugged a Windoze machine, installed PuTTY, and ssh seems to work
 flawlessly.

 What am I missing here?

I'd try two things:

1) ssh -vvv [EMAIL PROTECTED]
2) tcpdump -vv  (while trying to connect by telnet or ssh)

You might have a chance to see where problems occur. Or to repost your
question with relevant sections of the output included.

Best regards

Konrad Heuer ([EMAIL PROTECTED])  ___  ___
GWDG   / __/__ ___ / _ )/ __/ _ \
Am Fassberg   / _// __/ -_) -_) _  |\ \/ // /
37077 Goettingen /_/ /_/  \__/\__//___//
Germany

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Dlink DSL router doesn't like FreeBSD

2004-05-14 Thread Vladimir Terziev

   Try connection to the router via SSHv1 protocol and without X11 forwarding. I had 
similar problems with Cisco routers with old Cisco IOS. They liked only SSH 
connections via SSHv1 and without X11 forwarding.

   Best regards,

Vladimir



On Fri, 14 May 2004 13:12:33 +0200 (CEST)
Konrad Heuer [EMAIL PROTECTED] wrote:

 
 On Fri, 14 May 2004, Walter C. Pelissero wrote:
 
  I'm trying to make work a D-Link 504T DSL router/switch with FreeBSD
  5.2.1-RELEASE-p6.
 
  I've already realised that IPv6 is not supported by the router so I
  compiled an IPv4-only kernel and got to work DNS, HTTP, and FTP.
 
  My problem is that ssh and telnet don't work.  I get as far as the
  Password prompt, I type it in, and then ssh freezes for a couple of
  minutes until it probably goes in timeout and gives up.
 
  The D-Link help desk is useless; the only thing they suggested was to
  return the router to where I bought it.  I've anyhow the impression
  that the problem might not completely be the router's fault.  In fact
  I plugged a Windoze machine, installed PuTTY, and ssh seems to work
  flawlessly.
 
  What am I missing here?
 
 I'd try two things:
 
 1) ssh -vvv [EMAIL PROTECTED]
 2) tcpdump -vv(while trying to connect by telnet or ssh)
 
 You might have a chance to see where problems occur. Or to repost your
 question with relevant sections of the output included.
 
 Best regards
 
 Konrad Heuer ([EMAIL PROTECTED])  ___  ___
 GWDG   / __/__ ___ / _ )/ __/ _ \
 Am Fassberg   / _// __/ -_) -_) _  |\ \/ // /
 37077 Goettingen /_/ /_/  \__/\__//___//
 Germany
 
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-net
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Dlink DSL router doesn't like FreeBSD

2004-05-14 Thread John Mills
Walter -

On Fri, 14 May 2004, Walter C. Pelissero wrote:

 My problem is that ssh and telnet don't work.  I get as far as the
 Password prompt, I type it in, and then ssh freezes for a couple of
 minutes until it probably goes in timeout and gives up.

Before we blame the router, a little more information would be good.

First, are you coming into your LAN from outside, or going outwards?

If it's an outgoing-connection problem, I would look into the firewall
setting of the FBSD box. Maybe you set didn't set it up to pass the ports
for outgoing telnet and ssh, or maybe you shut off the replies on those
same ports.

As for the timeout - many ssh setups will attempt to confirm the incoming 
connection, and many clients come from unconfirmable IP addresses. This 
usually involves a timeout of a few tens of seconds, but not terminating 
the connection. On the other hand, if you are discarding reply packets, I 
would expect the remote server to timeout awaiting your response to its 
acknowledgement.

Second, if incoming, does your DSL account have a static IP address? Does
your FBSD box have a static address within your LAN? You need these in
order to route to your [FBSD] server. Are you running 'sshd' and 'telnetd'
in the FBSD box to accept incoming connections?

Try plugging the WindowBox into another of the router's ports, then use
PuTTY to telnet and ssh into your FBSD box (using it's LAN address,
naturally). If that works, the problem is definitely the router, but
possibly a setup issue. Especially since telnet is also involved. (Many
people disable incoming telnet, for security reasons.)

When you have intra-LAN access working, look into port forwarding in the 
router's setup: you want incoming traffic from the ports used by ssh and 
(if you enable it) telnet to be sent to the LAN address of your FBSD box. 
Knowing what you are looking for may help you find it in the manuals. 
PuTTY's control panel to set up a connection shows you the default 
'telnet' and 'ssh' ports if you are in doubt.

My experience with the D-Link router has been outgoing and setting up a 
local WindowBox with a static IP (so it could server as a printer for the 
LAN).

Keep us posted.

Tschuess.

 - John Mills
   [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]