From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id AA3171389FE for ; Fri, 31 Oct 2014 10:48:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C2F95E089B; Fri, 31 Oct 2014 10:48:23 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5F22EE0849 for ; Fri, 31 Oct 2014 10:48:22 +0000 (UTC) Received: from marcec.fritz.box ([93.181.44.4]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LaXEN-1YUjIx2cbn-00mNfc for ; Fri, 31 Oct 2014 11:48:20 +0100 Date: Fri, 31 Oct 2014 11:47:50 +0100 From: Marc Joliet To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Strange behaviour of dhcpcd Message-ID: <20141031114750.19783056@marcec.fritz.box> In-Reply-To: <1639884.UKlFl08jV7@andromeda> References: <20141028004458.16d1bbbc@marcec.fritz.box> <201410281628.46275.michaelkintzios@gmail.com> <20141028193156.7b55437b@marcec.fritz.box> <1639884.UKlFl08jV7@andromeda> X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.24; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/Iq.tBBB0GjP=v7T8xscxeok"; protocol="application/pgp-signature" X-Provags-ID: V03:K0:ZnDXZ0H7/3TiQPy00R+/M5DH44VsyWOvdJdJK5fe1RmfI2nwodX 8DN5vfB+yqHXnW5zYKh90+Pea1DqkxGxYQQBMQGOZIaS/pkt9u912/M81vcNyJx5XKNaFFu q/isonbBUFROds8WCrUIpVV1gW7bnlin3LlipFbTbtQN0qU823VjOuW8Z1KVHv8UodwgkcY Mo8ZZ9V8f5RxUMcc+dQ6A== X-UI-Out-Filterresults: notjunk:1; X-Archives-Salt: c87eeaf6-5243-4954-8b15-141ae2a0ff1c X-Archives-Hash: 6064ad07d8b08498fe9ca3b27f4060cd --Sig_/Iq.tBBB0GjP=v7T8xscxeok Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Fri, 31 Oct 2014 07:52:54 +0100 schrieb "J. Roeleveld" : > On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: [...] > > Oh, and there are two powerline/dLAN adapters in between (the modem i= s in > > the room next door), but direct connections between my computer and my > > brother's always worked, and they've been reliable in general, so I ass= ume > > that they're irrelevant here. >=20 > Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you= =20 > might keep getting a different result each time it tries to refresh. How so? You mean if the modem is directly connected to the powerline adapt= er? I would be surprised if this were a problem in general, since AFAIU they're ultimately just bridges as far as the network is concerned, not to mention that they explicitly target home networks with multiple devices. But in the end, it doesn't matter, since it's just for my desktop (which doesn't have WLAN built-in); all other clients connect via WLAN. FWIW, I chose poewrline because it seemed like a better (and driverless!) alternative to getting a WLAN USB-stick (or PCI(e) card), and so far I'm qu= ite happy with it. > > Furthermore, I found out the hard way that you *sometimes* need to re= boot > > the modem when connect a different client for the new client to get a > > response from the DHCP server (I discovered this after wasting half a d= ay > > trying to get our router to work, it would log timeouts during > > DHCPDISCOVER). I didn't think it was the modem because when we first g= ot > > it, I could switch cables around between my computer and my brother's a= nd > > they would get their IP addresses without trouble. *sigh* >=20 > That's a common flaw. These modems are designed with the idea that people= only=20 > have 1 computer. Or at the very least put a router between the modem and= =20 > whatever else they have. > Please note, there is NO firewall on these modems and your machine is ful= ly=20 > exposed to the internet. Unless you have your machine secured and all unu= sed=20 > services disabled, you might as well assume your machine compromised. Yes, I wasn't explicitly aware of this, but it makes sense, since AFAIU the modem's job boils down to carrying the signal over the cable network and (on a higher level) dialing in to the ISP and forwarding packets. I would = not really expect a firewall there. > I once connected a fresh install directly to the modem. Only took 20 seco= nds=20 > to get owned. (This was about 9 years ago and Bind was running) Ouch. I just hope the Fritz!Box firewall is configured correctly, especially since there doesn't appear to be a UI for it. Well, OK, there is, but it's not v= ery informative in that it doesn't tell me what rules (other than manually ente= red ones) are currently in effect; all it explicitly says is that it blocks Net= BIOS packets. The only other thing that's bothered me about the router is the factory default (directly after flashing the firmware) of activating WPA2 *= and* WPA (why?!). I turned off WPA as soon as I noticed. Out of curiosity, I looked through the exported configuration file (looks l= ike JSON), and found entries that look like firewall rules, but don't really kn= ow how they apply. It's less the rules themselves, though, than the context, = i.e., the rules are under "pppoefw" and "dslifaces", even though the router uses neither PPPoE nor DSL (perhaps a sign that AVM's software grows just as organically as everybody else's ;-) ). The one thing I'm most curious about= is what "lowinput", "highoutput", etc. mean, as Google only found me other peo= ple asking the same question. Anyway, it *looks* like it blocks everything from the internet by default (except for "output-related" and "input-related", which I interpret to mean responses to outgoing packets and... whatever "input-related" means), and t= he manual seems to agree by implying that the firewall is for explicitly openi= ng ports. Also, I used the Heise "Netzwerk Check" and it reports no problems, = so I'm mostly relieved. > > - At the time there was no router, just the modem. We now have a Fritz= !Box > > 3270 with the most recent firmware, but we got it after I "solved" th= is > > problem. > >=20 > > - I don't know whether we have an IP block or not; I suspect not. At t= he > > very least, we didn't make special arrangements to try and get one. >=20 > Then assume not. Most, if not all, ISPs charge extra for this. (If they e= ven=20 > offer it) That's what I thought :) . Anyway, I think that I'll contact the dhcpcd maintainer (Roy Marples) direc= tly and ask for his opinion. --=20 Marc Joliet -- "People who think they know everything really annoy those of us who know we don't" - Bjarne Stroustrup --Sig_/Iq.tBBB0GjP=v7T8xscxeok Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUU2jaAAoJEL/Q5oYsiHj0ZjwP/35DdxjLfzJRFjskvKuONEnU F5IUS1Zycka5NZM0wTgTWQQaGLbxSCWSuHtwqXdWdywoDEH+QEgOhpUJW/27ItOQ l7n92bVpvQDADNc4ViCpbx3MXL4iJBFMTJmaFHQfZDwHgtq7cXgZ5hpyet6k0DjV +fqPFBibvLG4CKR61ijhit9muzUioepPSnrtdb1sEmC7l0TMBQb7tdjjkwVTMAWV FwVEdQLvnfHkx3kcYlrmko7uy8AQaULtwwF4SjHeouTE9u9Yqdei8ewEnIiOn08D 1eTy/4Yi2WSYcKcx8fSxspY2SzMIRydEKPGUTCRCQkYiVmGhgvB/QFD/nc2W1uVH khcdIbCx1IO50FrwjztLtiABSOYur3GkRmCRbODyIjqdwz98fyfeiF4LUC9w+I9G 5faRYiNhCHevFcxgQvqadvOLZxPS+CFv/x6GN0fkH4Swgz6X2FXy2um5G/L5eidp n9aKFfsrL1mgR1sbD8+0VgaYL1YXF0b5+irXBuR2LRng3hucYMo7WJ68umC3H0Uz pRZA+2hU4wHzUwzwXaCmmE/qba0PLFgUa+02BmkSCo4F0ah6Xv6DCEIHhaMy/zlV c7JVp1xGq/kvHYuhaT7xeW+c6MHmNttqVlMjmFMzxIgK8ZEcAFqHKG/+i6zoS31K tSMUs8rKThlld7Pj9GW9 =3bwX -----END PGP SIGNATURE----- --Sig_/Iq.tBBB0GjP=v7T8xscxeok--