Web lists-archives.com

Re: Strange Network Problem




On 09/01/2018 04:05 AM, Stephen P. Molnar wrote:


On 08/31/2018 10:41 PM, David Christensen wrote:
On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:
I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing anything outside of my LAN.  This has made me a tad suspicious.

Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
         inet 162.237.98.238  netmask 255.255.252.0  broadcast 162.237.99.255
         ether bc:ee:7b:5e:83:36  txqueuelen 1000  (Ethernet)
         RX packets 796401  bytes 529829454 (505.2 MiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 236054  bytes 22520861 (21.4 MiB)
         TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
         inet 127.0.0.1  netmask 255.0.0.0
         loop  txqueuelen 1  (Local Loopback)
         RX packets 399  bytes 42360 (41.3 KiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 399  bytes 42360 (41.3 KiB)
         TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio.

The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be.

Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.


Running nslookup(1):

    2018-08-31 18:53:21 dpchrist@vstretch ~
    $ nslookup 162.237.98.238
    Server:        192.168.5.1
    Address:    192.168.5.1#53

    Non-authoritative answer:
    238.98.237.162.in-addr.arpa    name = 162-237-98-238.lightspeed.clmboh.sbcglobal.net.

    Authoritative answers can be found from:


Running host(1):

    2018-08-31 18:58:15 dpchrist@vstretch ~
    $ host 162.237.98.238
    238.98.237.162.in-addr.arpa domain name pointer 162-237-98-238.lightspeed.clmboh.sbcglobal.net.


162.237.98.238 appears to be a valid IPv4 public Internet address.


You should have a device provided by your Internet service provider (ISP) between their wiring (e.g. telephone service) and your wiring (e.g. Ethernet local area network/LAN).  What is the make and model of the ISP device?  Please provide a URL to the product support page.


What are the "other four nodes"?


How is everything interconnected?


David


Thanks for your reply.

ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from AT&T (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway)

Wired Connections:  2 Desktops,  printer and VOIP telephone

Wireless Connections:  Laptop and two Android Smartphones

root@AbNormal:/home/comp# nslookup
 > nslookup -a
Server:        192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
Name:    nslookup
Address: 198.105.244.130
Name:    nslookup
Address: 104.239.207.44
 >
 > host
Server:        192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
*** Can't find host: No answer
 >


It appears that your ISP gateway device is configured to pass through it's Internet address (and all incoming packets) to the computer in question. This is a feature that allows a server behind the gateway to be visible on the Internet.


Enabling or disabling gateway features is a matter of browsing to the gateway's IP address (192.168.1.254?) and operatingthe web control panel.


I have a Pace Plc Model 5268AC, also through AT&T. The relevant control panel page for putting a server on the Internet would seem to be Settings -> Firewall -> Applications, Pinholes and DMZ. I would pick a computer and then select "Allow all applications (DMZplus mode)" to turn the feature on. The feature is currently off, so I don't know how I would turn it off.


If you can't figure out the control panel for your gateway, contact your ISP.


David