[ previous ] [ next ] [ threads ]
 
 From:  Graham Dunn <gdunn at inscriber dot com>
 To:  blaue0 <me at blaue0 dot net>
 Cc:  Graham Dunn <gdunn at inscriber dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem getting m0n0wall to work
 Date:  Thu, 5 Aug 2004 09:43:31 -0400
On Thu, Aug 05, 2004 at 03:01:21PM +0200, blaue0 wrote:
> I'm using a noname-switch which can do 10 and 100mbit fullduplex. All 
> ports are ok, I get a ping from my laptop to my gentoo machine on all 
> ports (just tested).
> 
> If I ping the m0n0wall when it's directly connected to the switch, all 
> LEDs of the switch where a computer is connected to, begin to flicker (I 
> think this is because no port wants to accept the packet..)

All ports flickering usually means broadcast traffic.

My guess is that the sis card in the m0n0wall isn't negotiating
correctly with the switch.

So, connect the m0n0 to your gentoo directly with a cross over cable,
go to http://m0n0-ip/exec.php and 

ifconfig sis0 media 100BaseTX mediaopt full-duplex

Then unplug the cross over, and plug both machines into the switch.

If that doesn't work, try 

... mediaopt half-duplex

If things are happy then, you'll have to edit your config to make that
change permanent.

See
http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=43&actionargs[]=58
on how to download your config file, edit and then restore it.

The ifconfig ... part will what you'll insert between
<shellcmd>...</shellcmd> tags.

Graham

> 
> I used the switch for over a half year now, and I didn't had any 
> problems. I'm sure it has autosense for the speed.
> 
> # netstat -nr
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt 
> Iface
> 192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 
> eth0
> 127.0.0.0       127.0.0.1       255.0.0.0       UG        0 0          0 lo
> 0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 
> eth0
> 
> Graham Dunn wrote:
> 
> >On Thu, Aug 05, 2004 at 02:47:14PM +0200, blaue0 wrote:
> > 
> >
> >># mii-tool eth0
> >>eth0: negotiated 100baseTx-FD, link ok
> >>   
> >>
> >
> >What type of switch are you using?
> >
> >When box machines are plugged into the switch, and you ping the
> >m0n0wall, do the traffic lights on the switch flicker?
> >
> >Did you say you've used this switch with other machines and had it work?
> >
> >What's the default route (netstat -nr) on your gentoo box?
> >
> >Graham
> >
> > 
> >
> >>Graham Dunn wrote:
> >>
> >>   
> >>
> >>>On Thu, Aug 05, 2004 at 02:34:35PM +0200, blaue0 wrote:
> >>>
> >>>
> >>>     
> >>>
> >>>>Ok, I think it's time for some debug output:
> >>>>
> >>>>IP configuration of my NIC on my Gentoo machine:
> >>>>
> >>>># ifconfig eth0
> >>>>eth0   Link encap:Ethernet  HWaddr 00:30:4F:2B:32:D8
> >>>>      inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
> >>>>      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >>>>      RX packets:66308 errors:0 dropped:0 overruns:0 frame:0
> >>>>      TX packets:56775 errors:0 dropped:0 overruns:0 carrier:0
> >>>>      collisions:0 txqueuelen:1000
> >>>>      RX bytes:63189031 (60.2 Mb)  TX bytes:4926310 (4.6 Mb)
> >>>>      Interrupt:10 Base address:0xac00
> >>>>
> >>>>and IP configuration of my m0n0wall:
> >>>>
> >>>>$ ifconfig sis0
> >>>>sis0:   flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >>>>	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
> >>>>	ether 00:0d:b9:00:76:7c
> >>>>	media: Ethernet autoselect (100baseTX <full-duplex>)
> >>>>	status: active
> >>>>
> >>>>I really think the IP config is ok.
> >>>>When I say all ok, I mean I can browse the web, send emails etc.. 
> >>>>(Traffic flows).
> >>>> 
> >>>>
> >>>>       
> >>>>
> >>>What does
> >>>
> >>>mii-tool eth0
> >>>
> >>>on your gentoo say? I wonder if there's a port auto-negotiation
> >>>wierdness happening?
> >>>
> >>>You may have to force your gentoo eth0 to 100BaseT full-duplex.
> >>>
> >>>Graham
> >>>
> >>>
> >>>
> >>>     
> >>>
> >>>>Graham Dunn wrote:
> >>>>
> >>>> 
> >>>>
> >>>>       
> >>>>
> >>>>>On Wed, Aug 04, 2004 at 11:08:42PM +0200, blaue0 wrote:
> >>>>>
> >>>>>
> >>>>>   
> >>>>>
> >>>>>         
> >>>>>
> >>>>>>Thanks a lot. First: With crossover cable from my machine to m0n0, 
> >>>>>>all works fine.
> >>>>>>I don't know much about electronic and such stuff. I don't know if my 
> >>>>>>switch is grounded correctly, but I think it's not.
> >>>>>>
> >>>>>>I know, that I have to use https instead of http with HTTPS, but it's 
> >>>>>>as I said: nmap shows a completly closed firewall. Not even one port 
> >>>>>>is open.
> >>>>>>
> >>>>>>I'm not using the same IP subnet on WAN and LAN interface, the LAN is 
> >>>>>>192.168.1.x and the WAN is assigned by DHCP from my cable provider.
> >>>>>>
> >>>>>>I can ping the box with a crossover cable (when it's directly 
> >>>>>>connected to my machine), but I can't if it's connected to the switch 
> >>>>>>using crossover or patch cable.
> >>>>>>
> >>>>>>
> >>>>>>     
> >>>>>>
> >>>>>>           
> >>>>>>
> >>>>>Switch <-> machine connections will never use a crossover cable (unless
> >>>>>the port on the switch says MDI-X, in which case you should use another
> >>>>>port). Link lights will come on regardless of if you're using a
> >>>>>straight-through, or crossover, so that's not a reliable diagnostic.
> >>>>>
> >>>>>Your cables are known good, right (I think you mentioned using them 
> >>>>>with
> >>>>>a windows ICS setup).
> >>>>>
> >>>>>Make sure your machine is in the same subnet as the m0n0wall. Double
> >>>>>check the IP and subnet settings on both the client and the m0n0wall.
> >>>>>
> >>>>>Make sure you're plugging the NIC you think you are into the switch 
> >>>>>(LAN
> >>>>>vs WAN). I've made this mistake, most annoying :/
> >>>>>
> >>>>>When you say "all works fine" above, do you mean that you can send
> >>>>>traffic through the m0n0wall, or just ping it? If traffic flows, then 
> >>>>>it
> >>>>>sounds like purely a cabling issue, or a broken switch port.
> >>>>>
> >>>>>Graham
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>   
> >>>>>
> >>>>>         
> >>>>>
> >>>>>>Allan D. Piske wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>     
> >>>>>>
> >>>>>>           
> >>>>>>
> >>>>>>>Hi, there maybe a compatibility problem with your switch and these 
> >>>>>>>adapters,
> >>>>>>>If you connect the PC to m0n0 with the crossover cable it works or 
> >>>>>>>not?
> >>>>>>>Remember that grounding can affect data communications as well, it's 
> >>>>>>>where
> >>>>>>>important that every device interconnnected in the LAN are grounded.
> >>>>>>>If PC-m0n0 works, and PC-SWITCH-m0n0 doesnt, or your switch is 
> >>>>>>>broken, or
> >>>>>>>you have a serious grounding problem or it's simple ethernet 
> >>>>>>>adapter/switch
> >>>>>>>imcompatibility ( did i wrote that right? )
> >>>>>>>
> >>>>>>>got it?
> >>>>>>>
> >>>>>>>sorry about my english too, it's not my primary language.
> >>>>>>>
> >>>>>>>regards,
> >>>>>>>
> >>>>>>>Allan.
> >>>>>>>
> >>>>>>>----- Original Message ----- 
> >>>>>>>From: "blaue0" <me at blaue0 dot net>
> >>>>>>>To: <m0n0wall at lists dot m0n0 dot ch>
> >>>>>>>Sent: Wednesday, August 04, 2004 5:16 PM
> >>>>>>>Subject: Re: [m0n0wall] Problem getting m0n0wall to work
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> 
> >>>>>>>
> >>>>>>>       
> >>>>>>>
> >>>>>>>             
> >>>>>>>
> >>>>>>>>Yes, I'm sure that they are good, I get a connection with these 
> >>>>>>>>cables
> >>>>>>>>   
> >>>>>>>>
> >>>>>>>>         
> >>>>>>>>
> >>>>>>>>               
> >>>>>>>>
> >>>>>>>>from my machine.
> >>>>>>> 
> >>>>>>>
> >>>>>>>       
> >>>>>>>
> >>>>>>>             
> >>>>>>>
> >>>>>>>>Unfortunately I don't have any hub or something like that.
> >>>>>>>>It does light up on the switch with both cables, with both cables
> >>>>>>>>the light on the switch does flicker a bit... don't know if this is
> >>>>>>>>important.
> >>>>>>>>
> >>>>>>>>I really know the difference between a crossover and a patch cable 
> >>>>>>>>:)
> >>>>>>>>
> >>>>>>>>You said, pinging is disabled by default. If my machine is 
> >>>>>>>>connectet to
> >>>>>>>>the m0n0 by crossover cable, then I get a ping to it. Browsing to 
> >>>>>>>>the
> >>>>>>>>webinterface doesn't work at all with both cables...
> >>>>>>>>
> >>>>>>>>Seth Rothenberg wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>   
> >>>>>>>>
> >>>>>>>>         
> >>>>>>>>
> >>>>>>>>               
> >>>>>>>>
> >>>>>>>>>Are you sure that all the cables you tried are good?
> >>>>>>>>>
> >>>>>>>>>Do you have any other test equipment available?
> >>>>>>>>>eg, a hub, with or without an uplink....
> >>>>>>>>>
> >>>>>>>>>the PC engines should light up a port on the hub
> >>>>>>>>>with one cable or the other.
> >>>>>>>>>
> >>>>>>>>>You didn't mention if you are knowledgable about
> >>>>>>>>>cables.  You can check by eye if it is a crossover.
> >>>>>>>>>If the orange and/or green are reversed from one
> >>>>>>>>>end to the other, it is crossover.
> >>>>>>>>>
> >>>>>>>>>You can test 2 crossover cables with a coupler
> >>>>>>>>>on a regular cable run.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>These are just some ideas to try...
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>     
> >>>>>>>>>
> >>>>>>>>>           
> >>>>>>>>>
> >>>>>>>>>                 
> >>>>>>>>>
> >>>>>>>>---------------------------------------------------------------------
> >>>>>>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>>>>>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>Esta mensagem foi verificada pelo E-mail Protegido Terra.
> >>>>>>>>Scan engine: VirusScan / Atualizado em 04/08/2004 / Vers?o: 1.5.2
> >>>>>>>>Proteja o seu e-mail Terra: http://www.emailprotegido.terra.com.br/
> >>>>>>>>
> >>>>>>>>E-mail classificado pelo Identificador de Spam Inteligente Terra.
> >>>>>>>>Para alterar a categoria classificada, visite
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>   
> >>>>>>>>
> >>>>>>>>         
> >>>>>>>>
> >>>>>>>>               
> >>>>>>>>
>
>>>>>>>http://www.terra.com.br/centralunificada/emailprotegido/imail/imail.cgi?+_u=zyryz&_l=1091650706.438850.21046.gravatal.terra.com.br
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> 
> >>>>>>>
> >>>>>>>       
> >>>>>>>
> >>>>>>>             
> >>>>>>>
> >>>>>>---------------------------------------------------------------------
> >>>>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>>>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>>>>
> >>>>>>
> >>>>>>     
> >>>>>>
> >>>>>>           
> >>>>>>
> >>>>>---------------------------------------------------------------------
> >>>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>   
> >>>>>
> >>>>>         
> >>>>>
> >>>
> >>>
> >>>
> >>>     
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>   
> >>
> >
> >
> >
> > 
> >