Opened 12 years ago
Closed 12 years ago
#213 closed incident (fixed)
HybridLivingLab update problemen
| Reported by: | huub | Owned by: | |
|---|---|---|---|
| Keywords: | Cc: | ||
| Location: | Generiek |
Description
Met Rene LivingLab node en proxy geupdate naar Hybrid. Dit ging niet van een leien dakje. Node kwam niet terug na soft reboot. Na twee keer wel met powercycle.
De external interface vr0 kreeg een ip-adres (192.168.1.101 van server 192.168.1.1 dat is de Linksys router) maar geen verbinding met internet via de lokale lijn (wel via wleiden.net - plantsoen2).
Scannen met nmap geeft aan dat 192.168.1.1 alleen port 53 udp open heeft?!
firewall rules zijn pf.hybrid.conf (zie hieronder).
Node komt nu weer niet op na een soft reboot.
HybridLivingLab# pfctl -s rules
No ALTQ support in kernel
ALTQ related functions disabled
pass in quick on vr0 inet all flags S/SA keep state tagged SRV
pass quick on lo0 all flags S/SA keep state
pass all flags S/SA keep state
block return out on wlan0 inet from any to ! 172.16.0.0/12
pass out on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http flags S/SA keep state
pass out on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = https flags S/SA keep state
block return on vr0 all
pass in on vr0 inet proto tcp from any to 192.168.1.101 port = ssh flags S/SA keep state
pass in on vr0 inet proto tcp from any to 192.168.1.101 port = domain flags S/SA keep state
pass in on vr0 inet proto udp from any to 192.168.1.101 port = domain keep state
pass in on vr0 inet proto udp from any to 192.168.1.101 port = snmp keep state
pass in on vr0 inet proto icmp from any to 192.168.1.101 icmp-type echoreq keep state
pass in on vr0 inet from 10.0.0.0/8 to 172.16.0.0/12 flags S/SA keep state
pass in on vr0 inet from 172.16.0.0/12 to 172.16.0.0/12 flags S/SA keep state
pass in on vr0 inet from 192.168.0.0/16 to 172.16.0.0/12 flags S/SA keep state
pass out on vr0 inet proto tcp from 172.16.0.0/12 to any port = http flags S/SA keep state (source-track rule, max-src-conn 10, max-src-conn-rate 100/10, src.track 10)
pass out on vr0 inet proto tcp from 172.16.0.0/12 to any port = https flags S/SA keep state (source-track rule, max-src-conn 10, max-src-conn-rate 100/10, src.track 10)
pass out on vr0 inet proto tcp from 192.168.1.101 to any port = domain flags S/SA keep state
pass out on vr0 inet proto tcp from 192.168.1.101 to any port = http flags S/SA keep state
pass out on vr0 inet proto tcp from 192.168.1.101 to any port = https flags S/SA keep state
pass out on vr0 inet proto tcp from 192.168.1.101 to any port = openvpn flags S/SA keep state
pass out on vr0 inet proto udp from 192.168.1.101 to any port = domain keep state
pass out on vr0 inet proto udp from 192.168.1.101 to any port = ntp keep state
pass out on vr0 inet proto udp from 192.168.1.101 to any port = openvpn keep state
pass out on vr0 inet proto icmp from 192.168.1.101 to any icmp-type echoreq keep state
block return out on vr0 inet from any to 10.0.0.0/8
block return out on vr0 inet from any to 172.16.0.0/12
block return out on vr0 inet from any to 192.168.0.0/16
pass out on vr0 inet proto udp from 192.168.1.101 to 10.0.0.0/8 port = domain keep state
pass out on vr0 inet proto udp from 192.168.1.101 to 172.16.0.0/12 port = domain keep state
pass out on vr0 inet proto udp from 192.168.1.101 to 192.168.0.0/16 port = domain keep state
pass out on vr0 inet proto tcp from 192.168.1.101 to 10.0.0.0/8 port = domain flags S/SA keep state
pass out on vr0 inet proto tcp from 192.168.1.101 to 172.16.0.0/12 port = domain flags S/SA keep state
pass out on vr0 inet proto tcp from 192.168.1.101 to 192.168.0.0/16 port = domain flags S/SA keep state
HybridLivingLab# cat /etc/rc.conf.local
#
# DO NOT EDIT - Automatically generated by 'gformat'
# Generated at Wed May 9 11:21:46 2012 by sunny.wleiden.net
#
hostname='HybridLivingLab.wleiden.net.'
location='Pergolesipad 95, 2324 DG, Leiden'
nodetype="Hybrid"
#
# Configured listings
#
captive_portal_whitelist=""
#
# Hybrid Configuration
#
list_ileiden_proxies="
172.16.4.54 # ProxyDeClercq
172.16.18.38 # ProxyHenk
172.16.4.138 # ProxyLHS
172.23.25.66 # ProxyLangeVoort
172.17.0.1 # ProxyLeythenrode
172.16.2.254 # ProxyLivingLab
172.17.169.66 # ProxyPlantsoen
172.25.90.66 # ProxyWatertoren1
172.17.21.1 # HybridLHS
172.20.140.1 # HybridLivingLab
172.17.22.1 # HybridMeerburg
172.17.34.1 # HybridRick2
172.17.160.1 # HybridRund
172.25.52.1 # HybridWBRotary
"
list_normal_proxies="
172.17.143.4 # ProxyCeTIM
172.17.8.68 # ProxyCope
172.17.0.36 # ProxyHerman
172.16.18.18 # ProxyKWVdeKaag
172.17.28.1 # ProxyMeerburg
172.16.3.146 # ProxyMuiderkring
172.20.128.98 # ProxyRV
172.19.168.66 # ProxyWP
172.25.90.69 # ProxyWatertoren2
172.22.0.66 # ProxyZwaluwak
172.27.129.67 # ProxyZwet
172.17.16.1 # HybridHuub
172.17.21.1 # HybridLHS
172.20.140.1 # HybridLivingLab
172.17.22.1 # HybridMeerburg
172.17.34.1 # HybridRick2
172.17.160.1 # HybridRund
172.25.52.1 # HybridWBRotary
"
captive_portal_interfaces="wlan0"
externalif="vr0"
masterip="172.20.140.1"
# Defined services
service_proxy_ileiden="YES"
service_proxy_normal="YES"
service_accesspoint="YES"
#
pf_rules="/etc/pf.hybrid.conf"
pf_flags="-D ext_if=$externalif -D ext_if_net=$externalif:network -D masterip=$masterip"
pf_flags="$pf_flags -D publicnat=80,443"
tinyproxy_enable="yes"
pf_flags="$pf_flags -D captive_portal_interfaces=$captive_portal_interfaces"
lvrouted_flags="$lvrouted_flags -z make_list "$list_ileiden_proxies" ",""
#
# Fat configuration, board has 256MB RAM
#
dnsmasq_enable="NO"
named_enable="YES"
dhcpd_enable="YES"
dhcpd_flags="$dhcpd_flags wlan0"
#
# Interface definitions
#
wlans_ath0='wlan0'
create_args_wlan0='wlanmode ap mode 11b ssid ap-WirelessLeiden-Livinglab regdomain ETSI country NL channel 4'
| 127.0.0.1/8 | LocalHost |
| 172.31.255.1/32 | Proxy IP |
ipv4_addrs_lo0='127.0.0.1/8 172.31.255.1/32'
| 172.16.4.60/29 | link naar Roomburgh2 |
ipv4_addrs_ue0='172.16.4.60/29'
| 0.0.0.0/30 | External Link |
ifconfig_vr0='SYNCDHCP'
| 172.16.17.105/29 | link naar AJSoft2 |
ipv4_addrs_vr1='172.16.17.105/29'
| 172.16.17.113/29 | Ethernet naar Haagwijk |
ipv4_addrs_vr2='172.16.17.113/29'
| 172.20.140.1/24 | AP voor de buurt |
ipv4_addrs_wlan0='172.20.140.1/24'
HybridLivingLab# ps ax
PID TT STAT TIME COMMAND
0 ?? DLs 0:04.83 [kernel]
1 ?? ILs 0:00.22 /sbin/init --
2 ?? DL 0:00.00 [crypto]
3 ?? DL 0:00.00 [crypto returns]
4 ?? DL 0:00.89 [pfpurge]
5 ?? DL 0:00.00 [sctp_iterator]
6 ?? DL 0:00.00 [xpt_thrd]
7 ?? DL 0:00.04 [pagedaemon]
8 ?? DL 0:00.05 [idlepoll]
9 ?? DL 0:00.00 [pagezero]
10 ?? RL 381:52.68 [idle]
11 ?? WL 1:45.04 [intr]
12 ?? DL 0:00.00 [ng_queue]
13 ?? DL 0:00.84 [geom]
14 ?? DL 1:55.18 [yarrow]
15 ?? DL 0:45.25 [usb]
16 ?? DL 0:00.19 [bufdaemon]
17 ?? DL 0:00.22 [vnlru]
18 ?? DL 0:01.23 [syncer]
19 ?? DL 0:00.24 [softdepflush]
36 ?? DL 0:00.83 [md0]
46 ?? DL 0:03.56 [md1]
1512 ?? Is 0:00.11 /sbin/devd
1736 ?? Ss 0:02.96 /usr/sbin/syslogd -s -A -c
1759 ?? Ss 0:15.84 /usr/sbin/named -u bind
1941 ?? Ss 0:03.64 /usr/sbin/ntpd -g -c /etc/ntp.conf -p /var/run/ntpd.pid -f /var/db/ntp.drift
2010 ?? Ss 0:00.40 /usr/local/sbin/dhcpd -q wlan0 -cf /usr/local/etc/dhcpd.conf -lf /var/db/dhcpd/dh
2027 ?? S 0:00.36 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2032 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2033 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2034 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2035 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2036 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2037 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2039 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2040 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2041 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2042 ?? I 0:00.00 /usr/local/sbin/tinyproxy -c /usr/local/etc/tinyproxy.conf
2043 ?? Ss 0:02.65 /usr/local/sbin/thttpd -C /usr/local/etc/thttpd.conf
2051 ?? S 0:59.20 /usr/local/sbin/snmpd -p /var/run/net_snmpd.pid -Ls 1
2067 ?? Is 0:00.29 /usr/sbin/sshd -u0
2118 ?? Is 0:00.27 /usr/sbin/watchdogd -t 300 -s 60 -e /etc/rc.d/sshd status
2134 ?? Ss 0:00.30 /usr/sbin/cron -s
2192 ?? I 0:00.05 /usr/libexec/getty Pc ttyv0
3341 ?? Is 0:00.00 dhclient: vr0 [priv] (dhclient)
3362 ?? Is 0:00.04 dhclient: vr0 (dhclient)
3870 ?? Ss 3:39.53 [lvrouted]
23523 ?? Ss 0:00.19 sshd: root@pts/0 (sshd)
1865 u0- I 0:00.00 /usr/local/bin/tcpserver -R -H -l 0 172.31.255.1 8081 /usr/local/bin/http302
4108 u0 I<s+ 0:00.03 login
23525 0 Ss 0:00.07 -csh (csh)
23815 0 R+ 0:00.00 ps ax
Het lokale subnet staat niet in de routing table
HybridLivingLab# netstat -rn|more
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.16.4.57 UGD3 0 59184 ue0 3595
127.0.0.1 link#10 UH 0 1070 lo0
172.16.0.0/27 172.16.17.108 UGD 0 0 vr1
172.16.0.32/27 172.16.4.57 UGD3 0 419 ue0 3577
172.16.0.64/26 172.16.4.57 UGD3 0 58 ue0 3333
172.16.0.128/25 172.16.17.108 UGD 0 0 vr1
172.16.1.0/25 172.16.17.108 UGD 0 0 vr1
172.16.1.128/27 172.16.4.57 UGD 0 0 ue0
172.16.1.160/28 172.16.17.108 UGD 0 0 vr1
172.16.1.176/28 172.16.4.57 UGD 0 0 ue0
172.16.2.0/24 172.16.4.57 UGD3 0 724 ue0 3572
172.16.3.0/26 172.16.4.57 UGD3 0 1897 ue0 3568
172.16.3.64/30 172.16.17.116 UGD 0 0 vr2
172.16.3.68/30 172.16.17.108 UGD 0 0 vr1
172.16.3.72/29 172.16.4.57 UGD 0 0 ue0
172.16.3.80/29 172.16.17.108 UGD3 0 1610 vr1 3499
172.16.3.88/29 172.16.17.116 UGD 0 0 vr2
172.16.3.96/27 172.16.4.57 UGD 0 0 ue0
172.16.3.128/28 172.16.4.57 UGD3 0 528 ue0 3482
172.16.3.144/28 172.16.17.108 UGD3 0 18476 vr1 3598
172.16.3.160/28 172.16.4.57 UGD 0 0 ue0
172.16.3.176/29 172.16.4.57 UGD3 0 3 ue0 2513
172.16.3.184/29 172.16.17.108 UGD 0 0 vr1
172.16.3.192/27 172.16.4.57 UGD 0 0 ue0
172.16.3.224/28 172.16.4.57 UGD 0 0 ue0
172.16.3.240/29 172.16.4.57 UGD 0 0 ue0
172.16.3.248/29 172.16.17.108 UGD 0 0 vr1
172.16.4.0/26 172.16.4.57 UGD3 0 33890 ue0 3599
172.16.4.56/29 link#11 U 0 4989 ue0
172.16.4.60 link#11 UHS 0 0 lo0
172.16.4.64/29 172.16.17.108 UGD 0 0 vr1
172.16.4.72/29 172.16.4.57 UGD 0 0 ue0
172.16.4.80/29 172.16.17.108 UGD 0 0 vr1
172.16.4.88/29 172.16.4.57 UGD 0 0 ue0
172.16.4.96/28 172.16.4.57 UGD 0 0 ue0
172.16.4.112/28 172.16.17.108 UGD 0 0 vr1
172.16.4.128/28 172.16.4.57 UGD 0 0 ue0
172.16.4.144/29 172.16.17.116 UGD3 0 3757 vr2 3528
172.16.4.152/29 172.16.4.57 UGD 0 0 ue0
172.16.4.160/27 172.16.4.57 UGD 0 0 ue0
172.16.4.192/28 172.16.4.57 UGD 0 0 ue0
172.16.4.208/28 172.16.17.108 UGD 0 0 vr1
172.16.4.224/27 172.16.4.57 UGD3 0 1531 ue0 3581
172.16.5.8/30 172.16.17.116 UGD 0 0 vr2
172.16.5.12/30 172.16.4.57 UGD 0 0 ue0
172.16.5.16/29 172.16.17.116 UGD 0 0 vr2
172.16.5.24/30 172.16.17.116 UGD 0 0 vr2
172.16.5.28/30 172.16.17.108 UGD 0 0 vr1
172.16.5.32/27 172.16.17.116 UGD3 0 1 vr2 2513
172.16.5.64/26 172.16.4.57 UGD3 0 44 ue0 3181
172.16.5.128/28 172.16.4.57 UGD3 0 715 ue0 3569
172.16.5.144/29 172.16.4.57 UGD3 0 417 ue0 3441
172.16.5.152/30 172.16.4.57 UGD 0 0 ue0
172.16.5.156/30 172.16.17.116 UGD 0 0 vr2
172.16.5.160/27 172.16.4.57 UGD3 0 3223 ue0 3598
172.16.5.192/28 172.16.4.57 UGD 0 0 ue0
172.16.5.208/29 172.16.4.57 UGD 0 0 ue0
172.16.5.216/29 172.16.17.108 UGD 0 0 vr1
172.16.5.224/29 172.16.17.108 UGD3 0 1 vr1 1631
172.16.5.232/29 172.16.17.116 UGD 0 0 vr2
172.16.5.240/28 172.16.17.108 UGD3 0 7026 vr1 3556
172.16.6.0/28 172.16.4.57 UGD 0 0 ue0
172.16.6.16/29 172.16.17.108 UGD3 0 2329 vr1 3538
172.16.6.24/29 172.16.4.57 UGD 0 0 ue0
172.16.6.32/29 172.16.4.57 UGD 0 0 ue0
172.16.6.40/29 172.16.17.108 UGD 0 0 vr1
172.16.6.48/28 172.16.17.108 UGD3 0 3414 vr1 3572
172.16.6.64/29 172.16.4.57 UGD 0 0 ue0
Terwijl die interface wel geconfigureerd is:
HybridLivingLab# ifconfig vr0
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE>
ether 00:0d:b9:1c:dd:28
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
na weer een powercycle de meest recente versie software gedownload, config files geupdate (inclusief statische ip-configuratie van externe interface met gateway) en het probleem doet zich niet meer voor.