birdy-97 |
06-23-2017 08:11 PM |
Need help with dhcpagent errors
I have been having trouble with my OpenIndiana server for the past few weeks. The dhcpagent has been acting up and displaying these errors on both stderror and /var/adm/messages. This is what it is displaying in /var/adm/messages:
Code:
Jun 23 16:38:27 Tallac /sbin/dhcpagent[153]: [ID 490758 daemon.error] send_pkt_internal: cannot send INFORMATION-REQUEST packet to server (will retry in 130 seconds): Network is unreachable
Jun 23 16:40:38 Tallac /sbin/dhcpagent[153]: [ID 490758 daemon.error] send_pkt_internal: cannot send INFORMATION-REQUEST packet to server (will retry in 115 seconds): Network is unreachable
Jun 23 16:42:34 Tallac /sbin/dhcpagent[153]: [ID 490758 daemon.error] send_pkt_internal: cannot send INFORMATION-REQUEST packet to server (will retry in 116 seconds): Network is unreachable
Although it states that the network is unreachable I do happen to have a working ipv4 address, which allows me to remote connect to my server. I'm also able to ping remote hosts such as 8.8.8.8. Here is what ifconfig says:
Code:
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
inet 192.168.1.135 netmask ffffff00 broadcast 192.168.1.255
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
e1000g0: flags=20002000841<UP,RUNNING,MULTICAST,IPv6> mtu 1472 index 2
inet6 fe80::1aa9:5ff:fe18:9ab5/10
e1000g0:1: flags=20002080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1472 index 2
inet6 2602:304:b117:659:1aa9:5ff:fe18:9ab5/64
Now I had this same problem on my test server, which is running a newer installation of Openindiana but hasn't been updated since may. For this fix I allowed port 67 to pass in and out of my firewall. Now this fixed my initial issue on my test server. However when I tried it on my actual server, it continues to give out the above errors in /var/adm/messages...
On my actual server I have made new entries in the firewall to allow both ports: 67 and 68, to pass in and out, but the error does not stop. I'm starting to ponder whether or not I should just do a clean install with an updated iso from OpenIndiana. I have had this operating system since august. Its been a great learning experience, and I can do things a more efficient job than when I started with this server.
Here is my firewall rules in question for my test server in /etc/ipf/ipf.conf:
Code:
#Allow DNS Cleunt
pass out quick on e1000g0 proto tcp/udp from any to any port = 67 keep state
pass in quick on e1000g0 proto tcp/udp from any to any port = 67 keep state
These rules are the same in /etc/ipf/ipf6.conf
Here is the last 5 lines in /var/adm/messages on my test server:
Code:
Jun 22 09:40:12 openindiana rootnex: [ID 349649 kern.info] xsvc0 at root: space 0 offset 0
Jun 22 09:40:12 openindiana genunix: [ID 936769 kern.info] xsvc0 is /xsvc@0,0
Jun 22 09:40:35 openindiana pseudo: [ID 129642 kern.info] pseudo-device: devinfo0
Jun 22 09:40:35 openindiana genunix: [ID 936769 kern.info] devinfo0 is /pseudo/devinfo@0
Jun 22 09:40:35 openindiana ipf: [ID 774698 kern.info] IP Filter: v4.1.9, running.
As you can see no dhcpagent messages on my test server.
Here is firewall rules in question on my actual server:
Code:
#Allow DNS Client
pass out quick on e1000g0 proto tcp/udp from any to any port = 67 keep state
pass in quick on e1000g0 proto tcp/udp from any to any port = 67 keep state
pass out quick on e1000g0 proto tcp/udp from any to any port = 68 keep state
pass in quick on e1000g0 proto tcp/udp from any to any port = 68 keep state
Along with the output of ipfstat -hio on my server:
Code:
0 pass out quick on e1000g0 proto tcp from any to any port = http keep state
0 pass out quick on e1000g0 proto tcp from any to any port = 2220 keep state
0 pass out quick on e1000g0 proto icmp from any to any keep state
107 pass out quick on e1000g0 proto tcp/udp from any to any port = domain keep state
0 pass out quick on e1000g0 proto tcp/udp from any to any port = 9000 keep state
5 pass out quick on e1000g0 proto tcp/udp from any to any port = 67 keep state
0 pass out quick on e1000g0 proto tcp/udp from any to any port = 68 keep state
973 block out log first quick on e1000g0 all
140 pass in quick on e1000g0 proto tcp from any to any port = http keep state
2 pass in quick on e1000g0 proto tcp from any to any port = 2220 keep state
236 pass in quick on e1000g0 proto icmp from any to any keep state
0 pass in quick on e1000g0 proto tcp/udp from any to any port = 9000 keep state
168 pass in quick on e1000g0 proto tcp/udp from any to any port = 67 keep state
47 pass in quick on e1000g0 proto tcp/udp from any to any port = 68 keep state
0 block in log first quick on e1000g0 proto tcp from any to any flags FPU/FSRPAU
0 block in quick on e1000g0 from any to any with frag
0 block in quick on e1000g0 proto tcp from any to any with short
0 block in log first quick on e1000g0 proto tcp/udp from any to any port = microsoft-ds
3633 block in log first quick on e1000g0 proto tcp/udp from any to any port = netbios-ns
682 block in log first quick on e1000g0 proto tcp/udp from any to any port = netbios-dgm
0 block in log first quick on e1000g0 proto tcp/udp from any to any port = netbios-ssn
0 block in log first quick on e1000g0 proto tcp/udp from any to any port = 81
0 block in quick on e1000g0 from 172.16.0.0/12 to any
0 block in quick on e1000g0 from 10.0.0.0/8 to any
0 block in quick on e1000g0 from 169.254.0.0/16 to any
0 block in quick on e1000g0 from 192.0.2.0/24 to any
0 block in quick on e1000g0 from 204.152.64.0/23 to any
0 block in quick on e1000g0 from 224.0.0.0/3 to any
0 block in quick on e1000g0 from any to any with ipopts
So my question is: is there any way to fix this issue? Or I am better off by going on a fresh re install of the operating system?
|