From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 5739A1389FE for ; Fri, 31 Oct 2014 14:47:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3CAEEE08BA; Fri, 31 Oct 2014 14:47:23 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B8868E0823 for ; Fri, 31 Oct 2014 14:47:21 +0000 (UTC) Received: from marcec.fritz.box ([93.181.44.4]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0McUnM-1XSgbA0DfU-00HgOX for ; Fri, 31 Oct 2014 15:47:20 +0100 Date: Fri, 31 Oct 2014 15:46:50 +0100 From: Marc Joliet To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Strange behaviour of dhcpcd Message-ID: <20141031154650.24fc075c@marcec.fritz.box> In-Reply-To: <11792074.PlbkFKk2Y8@andromeda> References: <20141028004458.16d1bbbc@marcec.fritz.box> <1639884.UKlFl08jV7@andromeda> <20141031114750.19783056@marcec.fritz.box> <11792074.PlbkFKk2Y8@andromeda> X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.24; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/FS.ejMuN.iUz.MRxyuPnDMx"; protocol="application/pgp-signature" X-Provags-ID: V03:K0:w9dwwonME5WBE4OwIWArhTMJI3LQgQlZyyMrfsDKFrKo0RKKJ2e WZEveqPSrjm26ews3UcE1oSX/BN1ENb1jxgEohv42OK+9+qLzIdybAICscZpLHGXC9SOjnU a31j7AGhskLRm6KPQ6vnalFuB8kiOLchl3HBm3kh7gYWu8CzEOeIFlIo1OuNCN0us6ML464 Hg/uopXskfkkl2ICyZTBA== X-UI-Out-Filterresults: notjunk:1; X-Archives-Salt: d159aa17-310f-432b-9d83-f2db9dd78fc0 X-Archives-Hash: 42ef5c8f2865a9df0d02d2d3a51a887d --Sig_/FS.ejMuN.iUz.MRxyuPnDMx Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Fri, 31 Oct 2014 12:16:04 +0100 schrieb "J. Roeleveld" : > On Friday, October 31, 2014 11:47:50 AM Marc Joliet wrote: > > Am Fri, 31 Oct 2014 07:52:54 +0100 > >=20 > > schrieb "J. Roeleveld" : > > > On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: > > [...] > >=20 > > > > Oh, and there are two powerline/dLAN adapters in between (the mod= em is > > > > in > > > >=20 > > > > the room next door), but direct connections between my computer and= my > > > > brother's always worked, and they've been reliable in general, so I > > > > assume > > > > that they're irrelevant here. > > >=20 > > > Uh-oh... If you have multiple machines that can ask for a DHCP-lease,= you > > > might keep getting a different result each time it tries to refresh. > >=20 > > How so? You mean if the modem is directly connected to the powerline > > adapter? I would be surprised if this were a problem in general, since > > AFAIU they're ultimately just bridges as far as the network is concerne= d, > > not to mention that they explicitly target home networks with multiple > > devices. >=20 > Actually, a HUB is a better comparison. > All the powerline adapters all connect to the same network. Some you can = set=20 > to a network-ID (think vlan) to limit this. Also, AFAICS, all newer ones support encryption (AES128 in my case), where = you pair the devices, for which you need physical access to press the necessary buttons. This can be used to similar effect IIUC. No clue on cross-vendor compatibility, though. However, encryption was mainly targeted at solving = the next problem: > The one time I played with one, I ended up seeing my neighbours NAS. Yeah, that problem gets mentioned a lot. You can access every other (compatible) powerline adapter on the same electric network. Adapters on different phases could have trouble communicating, I believe, and cross-talk between cables can lead to data leaking into another network (but my knowle= dge on things electric is reaching its end). In my case, our apartment has an electric meter that isolates our apartment from the others, so we're fine (plus, the adapters use encryption as mentioned above) > > But in the end, it doesn't matter, since it's just for my desktop (which > > doesn't have WLAN built-in); all other clients connect via WLAN. > >=20 > > FWIW, I chose poewrline because it seemed like a better (and driverless= !) > > alternative to getting a WLAN USB-stick (or PCI(e) card), and so far I'm > > quite happy with it. >=20 > If you can ensure that only 2 devices communicate, it's a valid replaceme= nt=20 > for a dedicated network cable. I didn't explicitly mention this, but the problem is that the router and mo= dem are in my brothers room (four room shared students apartment, plus bathroom= and kitchen). Now, I'm not about to drag a cable out of my room, across the ha= ll, and into my brother's room, never mind that neither of us could close our d= oors anymore without unplugging the cable and dragging it back. So the alternative would have been to teach my desktop WLAN, which would've= been slower unless I could find something for PCI(e) or USB3 that works with Lin= ux, *without* me having to check out some git repository and manually compile things in the hope that it works. The first USB3 WLAN adapter I found woul= d've lead to that, so I made a snap decision in favour of powerline. It also di= dn't hurt that I was curious about it and wanted to try it out :) . (I actually had to (unexpectedly) to do that with my wireless keyboard. Now there's app-misc/solaar, thankfully, although why Logitech couldn't just st= ick with infrared...) > (If you accept the reduction in line-speed) How long ago was this? I read that all modern devices incorporate various filters to mitigate disturbances coming from other devices and, thus, that = they perform much better (or at least more robustly) than previous generations (they also *cause* less disturbances). Either way, I can saturate our 16 Mi= B/s internet connection with enough parallel downloads (or with a fast enough server, such as with speedtest.net), and LAN performance is satisfactory. I suspect one limiting factor is that the powerline adapters only have Fast Ethernet connections (of course, so does the router, so it doesn't matter). [...] > > > I once connected a fresh install directly to the modem. Only took 20 > > > seconds to get owned. (This was about 9 years ago and Bind was runnin= g) > >=20 > > Ouch. >=20 > I was, to be honest, expecting it to be owned. (Just not this quick). > It was done on purpose to see how long it would take. I pulled the networ= k=20 > cable when the root-kit was being installed. Was interesting to see. I bet :) ! > > I just hope the Fritz!Box firewall is configured correctly, especially = since > > there doesn't appear to be a UI for it. Well, OK, there is, but it's n= ot > > very informative in that it doesn't tell me what rules (other than manu= ally > > entered ones) are currently in effect; all it explicitly says is that it > > blocks NetBIOS packets. The only other thing that's bothered me about = the > > router is the factory default (directly after flashing the firmware) of > > activating WPA2 *and* WPA (why?!). I turned off WPA as soon as I notic= ed. >=20 > It will have NAT enabled, which blocks most incoming packets. As long as = the=20 > router isn't owned, you should be ok. Right, I *expected* that, but it's nice to be able to verify it. > > Out of curiosity, I looked through the exported configuration file (loo= ks > > like JSON), and found entries that look like firewall rules, but don't > > really know how they apply. It's less the rules themselves, though, th= an > > the context, i.e., the rules are under "pppoefw" and "dslifaces", even > > though the router uses neither PPPoE nor DSL (perhaps a sign that AVM's > > software grows just as organically as everybody else's ;-) ). The one t= hing > > I'm most curious about is what "lowinput", "highoutput", etc. mean, as > > Google only found me other people asking the same question. >=20 > Not familiar with those routers. Maybe someone with more knowledge can ha= ve a=20 > look at the config and shed some light. I would do a find/replace on the= =20 > username and password you use to ensure that is masked before sending it = to=20 > someone to investigate. It's not really important, again, I just like to be able to verify it, alth= ough right now I'm probably just being unnecessarily paranoid. AVM's routers ha= ve a good reputation (which is why we got one), and I'm inclined to trust them u= nless given reason to. > > Anyway, it *looks* like it blocks everything from the internet by defau= lt > > (except for "output-related" and "input-related", which I interpret to = mean > > responses to outgoing packets and... whatever "input-related" means), a= nd > > the manual seems to agree by implying that the firewall is for explicit= ly > > opening ports. Also, I used the Heise "Netzwerk Check" and it reports no > > problems, so I'm mostly relieved. >=20 > Yes, that's a common setting. Again, me being overly focused on this, with a dose of paranoia. I would be surprised if the firewall were set up differently. [...] > > Anyway, I think that I'll contact the dhcpcd maintainer (Roy Marples) > > directly and ask for his opinion. >=20 > Oki, keep us updated. Will do. --=20 Marc Joliet -- "People who think they know everything really annoy those of us who know we don't" - Bjarne Stroustrup --Sig_/FS.ejMuN.iUz.MRxyuPnDMx Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUU6D1AAoJEL/Q5oYsiHj0oLgQAL+YUoM3Wel1x75dNvhh2E2j OdVc++/swvqI4RaNe79yCW2ntxbrYkVLyuwAjqoZdHEL5rub1G1QLdT430y8BhL6 0TcBJTsOpb7EX/n8eXV6ChMJGKi8BYJQtKUDJOgC0DmSqqknxHmsiqyaI6IHYBrS kB2IKXl4IS+h1SpMAwKX4PRitpqrsapriqXuM7LLCFvUdzmUrmlwj+1sTEpZGga0 L+6QwF3+4YMREr5TwYQKjq2NqJLlKCk0iwe7TLAkzd/1jcz46DHTaI6b0qNdb+TM ScE5XeCJRSC0wlhfE2Z9c/ke9Gf7Eznkp6uUyVvHYBzW1kUg9a1hXZulPuI9ccDg egVA9BppKpcygH3vkJMV05TpiOC8PTq8FIYXHKSVNUnTAR3mpdHZ4GuyuZZhhztE 65jxm3m9iUiLI3YdDviYaxTWEWAMmOjOhMFzcHonXMg9TT4+tYq/Twh7i7/tf803 jI1JU/u27OHH9eWPIDhRMDY+fOoPdm/W0e3aasgDH+c5QN5Ju/eoYS8CsdBy6Cjm nkHCX+MtOQ0yF/l/uaillH8GIVH11y/E0ChkLnpI4QR46lTWO2MtccW8jLBQEonA WOf0fc+4ykm3iVhM8q2i872Xz7d4Eze3R4Dm2vbkpsu/2OoQap1mTQSt+ONDhvCf 4d+kAsOX8PyEpFPWp7XU =f6I/ -----END PGP SIGNATURE----- --Sig_/FS.ejMuN.iUz.MRxyuPnDMx--