LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Network issues with server (https://www.linuxquestions.org/questions/slackware-14/network-issues-with-server-4175620946/)

montagdude 01-04-2018 03:31 PM

Network issues with server
 
I just received a MikroTik RouterBoard RB951Ui-2HnD to replace my aging and unreliable Netgear router. I have not done anything advanced with it yet; I just set an SSID and password and connected to it. Everything is working without issue, except that I am having problems connecting to my server (which is on the WiFi network) from any other machine.

The server is at 192.168.88.253, and I have set a static IP for it in the router's DHCP leases. If I try to ping it after connecting to the network on my laptop:
Code:

dan@Thinkpad-T430:~$ ping 192.168.88.253
PING 192.168.88.253 (192.168.88.253) 56(84) bytes of data.
From 192.168.88.254 icmp_seq=1 Destination Host Unreachable
From 192.168.88.254 icmp_seq=2 Destination Host Unreachable
From 192.168.88.254 icmp_seq=3 Destination Host Unreachable
From 192.168.88.254 icmp_seq=4 Destination Host Unreachable

However, I can ping other devices with no issue, for example, my phone:
Code:

dan@Thinkpad-T430:~$ ping 192.168.88.252
PING 192.168.88.252 (192.168.88.252) 56(84) bytes of data.
64 bytes from 192.168.88.252: icmp_seq=1 ttl=64 time=56.9 ms
64 bytes from 192.168.88.252: icmp_seq=2 ttl=64 time=56.1 ms
64 bytes from 192.168.88.252: icmp_seq=3 ttl=64 time=27.2 ms
64 bytes from 192.168.88.252: icmp_seq=4 ttl=64 time=1.33 ms

The same thing happens if I try to ping it from another device, such as my phone. However, I have found that if I first ping in the other direction, from the server to the laptop or other device, this fixes the problem, and I can then ping from the other device to the server. Here is the result of pinging the server from my laptop after pinging the laptop from the server:
Code:

dan@Thinkpad-T430:~$ ping 192.168.88.253
PING 192.168.88.253 (192.168.88.253) 56(84) bytes of data.
64 bytes from 192.168.88.253: icmp_seq=1 ttl=64 time=76.1 ms
64 bytes from 192.168.88.253: icmp_seq=2 ttl=64 time=137 ms
64 bytes from 192.168.88.253: icmp_seq=3 ttl=64 time=228 ms
64 bytes from 192.168.88.253: icmp_seq=4 ttl=64 time=41.2 ms

It will continue to work until my laptop (or other device) is disconnected from the network. Upon connecting again, it is not able to ping the server.

Now, this may be an issue with the router, but considering I have no problems pinging between other devices on the network, I think there must be something misconfigured on the router side. I've never seen anything like this before, and I'm at a loss for what could be causing it. As I mentioned, the server's DHCP lease is static, but the same behavior occurs when it is dynamic.

More information: the server uses Network Manager, specifically nmcli from the command line. I have tried clearing /etc/NetworkManager/system-connections and changing the network SSID and password. It is running Slackware64-14.2. I can provide any other information as needed.

montagdude 01-04-2018 03:46 PM

I should clarify, the server is definitely connected to the network, and it appears on the web interface for the router. The problem seems to be that no other devices on the network can see it until they have been pinged by it.

OldHolborn 01-04-2018 04:23 PM

If you assign the server's mac address/ip in the router's dhcpd and set the server to use dhcp what happens?

abga 01-04-2018 04:32 PM

Your router has some more advanced capabilities and your reported issue looks to me as an ARP table (update) issue:
https://wiki.mikrotik.com/wiki/Manua...ocol_operation
- check on the router if the ARP table contains info about your Slackware system

Additionally, try arp -a on your Slackware system and check if you have the router (gateway IP) in the table.
To enforce a static ARP entry on your Slackware system, in your case the router GW MAC address, try:
Code:

/sbin/arp -s Router_GW_IP xx:xx:xx:xx:xx:xx
- substitute Router_GW_IP with the router GW IP and xx:xx:xx:xx:xx:xx with the router MAC (LAN/Wifi)

Extra:
Make sure that on the Slackware system you have the networking configured correctly (WiFi iface IP, GW, default route and no conflicting-with-your-actual-new-setup firewall restriction or static ARP records).

Check if your Slackware system / router SW has no other internal ARP unresolved issues, like:
https://www.linuxquestions.org/quest...7/#post5776741

abga 01-04-2018 04:46 PM

P.S. If unsatisfied with your actual router SW, you might want to take a look at OpenWRT and the newly developed LEDE port/fork and "pour" it into your router ;)
https://wiki.openwrt.org/toh/mikrotik/rb951g_2hnd
https://forum.lede-project.org/t/ins...51ui-2hnd/3751

Personally, I really like OpenWRT, stable, advanced, flexible and fast.

montagdude 01-04-2018 06:11 PM

Thanks for the suggestions. I haven't gotten to try them yet, but I wanted to add that apparently this problem is not limited to the server, but also my wife's MacBook. My phone and laptop have no trouble reaching each other, though. Also, all the connected devices show up in the arp table on the router, but the MacBook and the server don't appear when I run arp -a on my laptop. My Android phone does. So yes, it's definitely an arp issue.

abga 01-04-2018 07:05 PM

Quote:

Originally Posted by montagdude (Post 5802071)
Thanks for the suggestions. I haven't gotten to try them yet, but I wanted to add that apparently this problem is not limited to the server, but also my wife's MacBook. My phone and laptop have no trouble reaching each other, though. Also, all the connected devices show up in the arp table on the router, but the MacBook and the server don't appear when I run arp -a on my laptop. My Android phone does. So yes, it's definitely an arp issue.

You can try to look what's going on at the ARP level and investigate more by using tcpdump on your Slackware system (+ router & other systems where you have the ability):
Code:

/usr/sbin/tcpdump -lnvi INTERFACE arp
INTERFACE = wlan0 (or whatever name it has)

On OpenWRT/LEDE, besides a lot of nice features, there are 3 major configuration possibilities that are really helpful and not many of-the-shelf routers support them:
1. you have the possibility to use your own iptables rules sets
2. you can disable the forwarding on the (pseudo)LAN-Bridge, isolating LAN clients and only discretionary forward ports between them
3. you can remove the WiFi from the LAN bridge:
https://wiki.openwrt.org/doc/recipes/routedap

montagdude 01-04-2018 10:31 PM

Quote:

Originally Posted by OldHolborn (Post 5801964)
If you assign the server's mac address/ip in the router's dhcpd and set the server to use dhcp what happens?

Do you mean instead of using NetworkManager? NetworkManager is already using dhcp to get an IP from the router.

montagdude 01-04-2018 10:52 PM

Quote:

Originally Posted by abga (Post 5801971)
Your router has some more advanced capabilities and your reported issue looks to me as an ARP table (update) issue:
https://wiki.mikrotik.com/wiki/Manua...ocol_operation
- check on the router if the ARP table contains info about your Slackware system

Additionally, try arp -a on your Slackware system and check if you have the router (gateway IP) in the table.
To enforce a static ARP entry on your Slackware system, in your case the router GW MAC address, try:
Code:

/sbin/arp -s Router_GW_IP xx:xx:xx:xx:xx:xx
- substitute Router_GW_IP with the router GW IP and xx:xx:xx:xx:xx:xx with the router MAC (LAN/Wifi)

I checked arp -a on the server, and it already lists the correct router gateway and MAC address, so I don't think that's the problem.

Quote:

Originally Posted by abga (Post 5801971)
Extra:
Make sure that on the Slackware system you have the networking configured correctly (WiFi iface IP, GW, default route and no conflicting-with-your-actual-new-setup firewall restriction or static ARP records).

Check if your Slackware system / router SW has no other internal ARP unresolved issues, like:
https://www.linuxquestions.org/quest...7/#post5776741

This went a little over my head, but the server has nothing other than the default set in iptables:

Code:

root@zmserver:~# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

Here is the output of the route command. I notice that there are two entries for 192.168.88.0. Could that be a problem? On my laptop there is only one (with Metric = 600).

Code:

root@zmserver:~# route
Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
default        router.lan      0.0.0.0        UG    600    0        0 wlan0
loopback        *              255.0.0.0      U    0      0        0 lo
192.168.88.0    *              255.255.255.0  U    303    0        0 wlan0
192.168.88.0    *              255.255.255.0  U    600    0        0 wlan0

Regarding the thread you linked, are you suggesting I run those ARP flux mitigation commands, or is there something I should check first to know if it's needed? Sorry, I'm still a bit of a n00b when it comes to networking.

Quote:

Originally Posted by abga (Post 5802079)
You can try to look what's going on at the ARP level and investigate more by using tcpdump on your Slackware system (+ router & other systems where you have the ability):
Code:

/usr/sbin/tcpdump -lnvi INTERFACE arp
INTERFACE = wlan0 (or whatever name it has)

Here is some output of tcpdump on the server during the time when I was trying to ping it from my laptop.

Code:

root@zmserver:~# tcpdump -lnvi wlan0 arp
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:36:22.829953 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.253 tell 192.168.88.1, length 28
22:36:22.829983 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.88.253 is-at [removed], length 28
22:36:48.294049 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.1 tell 192.168.88.253, length 28
22:36:48.296132 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.253 tell 192.168.88.1, length 28
22:36:48.296211 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.88.253 is-at [removed], length 28
22:36:48.296268 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.88.1 is-at [removed], length 28
22:37:21.810999 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.253 tell 192.168.88.1, length 28
22:37:21.811057 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.88.253 is-at [removed], length 28
22:37:48.642770 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.253 tell 192.168.88.1, length 28
22:37:48.642833 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.88.253 is-at [removed], length 28
22:38:48.966004 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.1 tell 192.168.88.253, length 28
22:38:48.967995 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.253 tell 192.168.88.1, length 28
22:38:48.968087 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.88.253 is-at [removed], length 28
22:38:48.968148 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.88.1 is-at [removed], length 28
22:39:18.253056 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.88.249 tell 192.168.88.1, length 28
^C
15 packets captured
15 packets received by filter
0 packets dropped by kernel

Looks like it is only communicating with the router.

Quote:

Originally Posted by abga (Post 5802079)
On OpenWRT/LEDE, besides a lot of nice features, there are 3 major configuration possibilities that are really helpful and not many of-the-shelf routers support them:
1. you have the possibility to use your own iptables rules sets
2. you can disable the forwarding on the (pseudo)LAN-Bridge, isolating LAN clients and only discretionary forward ports between them
3. you can remove the WiFi from the LAN bridge:
https://wiki.openwrt.org/doc/recipes/routedap

I will keep that in mind. On my old router, I installed DD-WRT, but RouterOS (that the MikroTik runs) is obviously way more capable than I am, and I would expect it to work better than anything else on MikroTik hardware. I think this must be a problem with my router setup somewhere. I've posted on the MikroTik forums too, so hopefully I can work this out without switching to a completely different firmware.

abga 01-05-2018 12:05 AM

Quote:

Originally Posted by montagdude (Post 5802161)
Here is the output of the route command. I notice that there are two entries for 192.168.88.0. Could that be a problem? On my laptop there is only one (with Metric = 600).
Code:

root@zmserver:~# route
Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
default        router.lan      0.0.0.0        UG    600    0        0 wlan0
loopback        *              255.0.0.0      U    0      0        0 lo
192.168.88.0    *              255.255.255.0  U    303    0        0 wlan0
192.168.88.0    *              255.255.255.0  U    600    0        0 wlan0


- this is wrong and I'm not sure which is to blame - router for providing crap over DHCP or your Slackware Server having maybe a manual leftover wlan0 adapter definition.
But then you stated that you have another MacBook that is experiencing the same behavior like your Slackware server. In this case it's only the router playing crazy.
Check on your router for any potential mistakes in the LAN Network/NetworkMask definition, LAN Default Gateway IP - which should be 192.168.88.1 and the IP for your Slackware System in the DHCP reservation fields.

Try to setup your Slackware box with static IP (disable DHCP) and on the router disable the IP reservation you've made for your Slackware system - the router should accept that the client has a static IP already configured. See if you get a normal routing table and check again the connectivity with ping.

Extra, could you please use instead of the old route command (just cosmetics and a better representation):
Code:

/sbin/ip route show

Quote:

Originally Posted by montagdude (Post 5802161)
Regarding the thread you linked, are you suggesting I run those ARP flux mitigation commands, or is there something I should check first to know if it's needed? Sorry, I'm still a bit of a n00b when it comes to networking.

- just check the vales of those variables, instead of echo 1 > /proc/sys/something... run: cat /proc/sys/something and see if the returning value is 1/0 (ON/OFF). But that is just for the router (since your Slackware box is only connected through WiFi - doesn't have multiple adapters on the same LAN) and I was just speculating - I hope that the ones that have built your router were knowledgeable enough to get it configured properly.


If I were you, I would edit the post in which you pasted your real MAC addresses and delete / change them, juts for the sake of your privacy ;)

montagdude 01-05-2018 12:55 AM

Quote:

Originally Posted by abga (Post 5802198)
But then you stated that you have another MacBook that is experiencing the same behavior like your Slackware server. In this case it's only the router playing crazy.
Check on your router for any potential mistakes in the LAN Network/NetworkMask definition, LAN Default Gateway IP - which should be 192.168.88.1 and the IP for your Slackware System in the DHCP reservation fields.

Actually, seems I was wrong about the MacBook. It doesn't appear in arp -a until I ping it, but I think that's normal. I actually don't have a problem pinging it.

Quote:

Originally Posted by abga (Post 5802198)
Try to setup your Slackware box with static IP (disable DHCP) and on the router disable the IP reservation you've made for your Slackware system - the router should accept that the client has a static IP already configured. See if you get a normal routing table and check again the connectivity with ping.

Well, I'm having trouble getting a static IP to work with wireless. I will have to try later. Anyway, after restarting NetworkManager, the duplicate line in the routing table is gone. (IP address changed because I decided to try a different static DCHP lease, just to see if changing it made a difference.)

Code:

root@zmserver:~# ip route
default via 192.168.88.1 dev wlan0  proto static  metric 600
127.0.0.0/8 dev lo  scope link
192.168.88.0/24 dev wlan0  proto kernel  scope link  src 192.168.88.10  metric 600

But the problem persists.

Quote:

Originally Posted by abga (Post 5802198)
If I were you, I would edit the post in which you pasted your real MAC addresses and delete / change them, juts for the sake of your privacy ;)

Thanks for the tip. I have edited it. I'm afraid I have to give up for today. Hopefully tomorrow will be less frustrating. :(

abga 01-05-2018 01:15 AM

Quote:

Originally Posted by montagdude (Post 5802215)

Code:

root@zmserver:~# ip route
default via 192.168.88.1 dev wlan0  proto static  metric 600
127.0.0.0/8 dev lo  scope link
192.168.88.0/24 dev wlan0  proto kernel  scope link  src 192.168.88.10  metric 600


- 192.168.88.10 is the IP the router assigned to your Slackware host (interface wlan0) over DHCP, which is different from 192.168.88.253 and is obviously not what you expected/configured
- check on the router to see if the DHCP pool (maybe is divided between Ethernet and WiFi) is covering all the address space up to 254 - for example: 192.168.88.10-192.168.88.254 I don't know anything about RouterOS.
- I'm afraid I cannot help you with NetworkManager but only with basic Linux commands (I'm not even installing the NetworkManager package) and I'm also ending my LQ "addiction" for today ... busy


P.S. It's not the best practice to configure a server through DHCP. I'm usually defining the IP Address reservation together with the MAC in the router DHCP table and use static IP definition on the host. The host won't send any DHCP requests and the router will only keep the IP Address reserved and allow the host (IP & MAC match) once is up and communicating. Everybody's happy!

montagdude 01-05-2018 01:26 AM

Quote:

Originally Posted by abga (Post 5802219)
- 192.168.88.10 is the IP the router assigned to your Slackware host (interface wlan0) over DHCP, which is different from 192.168.88.253 and is obviously not what you expected/configured

Actually, it is what I configured. I purposely changed it in the router just to see if it would make a difference. Upon disconnecting and reconnecting the server to the network, 192.168.88.10 is the new IP address, but it still can't be pinged from other devices in the LAN (except for the router itself, or if the server first pings the other device).

Quote:

Originally Posted by abga (Post 5802219)
- check on the router to see if the DHCP pool (maybe is divided between Ethernet and WiFi) is covering all the address space up to 254 - for example: 192.168.88.10-192.168.88.254 I don't know anything about RouterOS.

Yes, it seems to be.

Quote:

Originally Posted by abga (Post 5802219)
- I'm afraid I cannot help you with NetworkManager but only with basic Linux commands (I'm not even installing the NetworkManager package) and I'm also ending my LQ "addiction" for today ... busy

Well, I really appreciate your help. Have a good one.

abga 01-05-2018 01:41 AM

Quote:

Originally Posted by montagdude (Post 5802221)
Well, I really appreciate your help. Have a good one.

Always happy to help! You should have a good one (lecture) too:
https://wiki.mikrotik.com/wiki/Manual:IP/ARP

- as a workaround, before you switch to LEDE :) - > check ARP Mode on the router and eventually define a static ARP record for the Slackware server - put that static arp definition in a boot script somewhere (if possible) to survive a router reboot.

Me out! ;)

montagdude 01-05-2018 10:26 AM

Quote:

Originally Posted by abga (Post 5802219)
P.S. It's not the best practice to configure a server through DHCP. I'm usually defining the IP Address reservation together with the MAC in the router DHCP table and use static IP definition on the host. The host won't send any DHCP requests and the router will only keep the IP Address reserved and allow the host (IP & MAC match) once is up and communicating. Everybody's happy!

Thanks. I will try this next. I think from reading the docs that I now know how to set up a static IP on wireless using rc.inet1.conf and wpa_supplicant. I will also try a static ARP.


All times are GMT -5. The time now is 10:58 AM.