Web lists-archives.com

Re: Strange Network Problem






On 09/02/2018 01:37 AM, David Christensen wrote:
On 09/01/2018 04:05 AM, Stephen P. Molnar wrote:


On 08/31/2018 10:41 PM, David Christensen wrote:
On 08/31/2018 12:50 PM, Stephen P. Molnar wrote:
I am running Debian Stretch on my Linux platform.

I have noticed low internet traffic when I have not been doing anything outside of my LAN. This has made me a tad suspicious.

Now:

root@AbNormal:/home/comp# ifconfig
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 162.237.98.238 netmask 255.255.252.0 broadcast 162.237.99.255
         ether bc:ee:7b:5e:83:36  txqueuelen 1000 (Ethernet)
         RX packets 796401  bytes 529829454 (505.2 MiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 236054  bytes 22520861 (21.4 MiB)
         TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
         inet 127.0.0.1  netmask 255.0.0.0
         loop  txqueuelen 1  (Local Loopback)
         RX packets 399  bytes 42360 (41.3 KiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 399  bytes 42360 (41.3 KiB)
         TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0


It turns out that this ISP, 162.237.98.238 is my ISP, AT&T here in Columbus, Ohio.

The other four nodes on my LAn all have IP's starting with 192.168.1 - which is what it's supposed to be.

Just what is going on here? I don't have a clue.

I dop have firewalls implemented on both the modem and the computers.

Any insights will be much appreciated.

Thanks in advance.


Running nslookup(1):

    2018-08-31 18:53:21 dpchrist@vstretch ~
    $ nslookup 162.237.98.238
    Server:        192.168.5.1
    Address:    192.168.5.1#53

    Non-authoritative answer:
238.98.237.162.in-addr.arpa name = 162-237-98-238.lightspeed.clmboh.sbcglobal.net.

    Authoritative answers can be found from:


Running host(1):

    2018-08-31 18:58:15 dpchrist@vstretch ~
    $ host 162.237.98.238
238.98.237.162.in-addr.arpa domain name pointer 162-237-98-238.lightspeed.clmboh.sbcglobal.net.


162.237.98.238 appears to be a valid IPv4 public Internet address.


You should have a device provided by your Internet service provider (ISP) between their wiring (e.g. telephone service) and your wiring (e.g. Ethernet local area network/LAN). What is the make and model of the ISP device? Please provide a URL to the product support page.


What are the "other four nodes"?


How is everything interconnected?


David


Thanks for your reply.

ISO device is an Arris BGE210-700 Broadband Gateway Release 1.0 from AT&T (http://www.arris.com/Search/?q=Arris+BGE210-700+Broadband+Gateway)

Wired Connections:  2 Desktops,  printer and VOIP telephone

Wireless Connections:  Laptop and two Android Smartphones

root@AbNormal:/home/comp# nslookup
 > nslookup -a
Server:        192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
Name:    nslookup
Address: 198.105.244.130
Name:    nslookup
Address: 104.239.207.44
 >
 > host
Server:        192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
*** Can't find host: No answer
 >


It appears that your ISP gateway device is configured to pass through it's Internet address (and all incoming packets) to the computer in question. This is a feature that allows a server behind the gateway to be visible on the Internet.


Enabling or disabling gateway features is a matter of browsing to the gateway's IP address (192.168.1.254?) and operatingthe web control panel.


I have a Pace Plc Model 5268AC, also through AT&T. The relevant control panel page for putting a server on the Internet would seem to be Settings -> Firewall -> Applications, Pinholes and DMZ. I would pick a computer and then select "Allow all applications (DMZplus mode)" to turn the feature on. The feature is currently off, so I don't know how I would turn it off.


If you can't figure out the control panel for your gateway, contact your ISP.


David


Thanks for your reply.

The Firewall Passthrough is set to Allocation Mode set to 'Passthrough with the Passthrough Mode set to 'DHCPS-dynamic '.

It's my intention to change the Allocation Mode to 'Off', as soon as I talk to AT&T Tech Support to make sure that doesn't mess things up.

--
Stephen P. Molnar, Ph.D.
Consultant
www.molecular-modeling.net
(614)312-7528 (c)
Skype: smolnar1