[ previous ] [ next ] [ threads ]
 
 From:  CygnusX1 <cygnusx1 at insightbb dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Cable modem issue with m0n0wall - part1of 2
 Date:  Thu, 05 Aug 2004 22:42:19 -0500
I thought this went..was still to big. Broke it up in two parts....also 
in response to Mr. Wright: the spoofed MAC is there because Insight 
locked onto a MAC. During my initial setup 18 months ago, I did the 
install with my PC, an hour later, I put a Linksys router in place with 
the MAC of my PCs NIC, not to long after that I did the same with 
m0n0wall. I will remove this now that I am on Comcast and see what 
happens. In addition, when my sync is lost (according to the modem log), 
I still have connectivity but I have heavy spurts of packet loss. I will 
try and pay close attention to the modem lights for a bit, but they 
appear to indicate all is well. And, I am not trying to be difficult, 
but, before I go to the wall with Comcast, I need a better understanding 
of what is happening. Maybe Comcast is different, but Insight would 
first tell me to plug the PC in with no firewall and if it worked, they 
would be done.

Thanks for replying Justin and thank you for any help. I hope I have 
included enough info to provide a good picture of the situation.
I do not know what is going on here, but, I want to reiterate that a 
WinXP machine hooked straight to the cable modem works flawlessly. In 
the firewall log, I noted some blocked ICMP packets from the DHCP server 
noted in dhclient.leases. I have tried allowing all traffic from the UBR 
and the DHCP server to reach the m0n0wall...this didn't seem to work. My 
firewall rules are default except I have allowed SSH from my work IP 
address into the network.
 

***********************************************
config.xml
<?xml version="1.0"?>
<m0n0wall>
   <version>1.4</version>
   <system>
       <hostname>pluto</hostname>
       <domain>alpha.local</domain>
       <dnsallowoverride/>
       <password>xxxxx</password>
       <timezone>America/Indiana/Indianapolis</timezone>
       <time-update-interval>300</time-update-interval>
       <timeservers>ntp-2.mcs.anl.gov</timeservers>
       <webgui>
           <protocol>https</protocol>
           <certificate>SNIP</certificate>
           <private-key>SNIP</private-key>
           <port/>
       </webgui>
       <username>admin</username>
       <dnsserver>68.x.x.x</dnsserver>
       <dnsserver>68.x.x.x</dnsserver>
   </system>
   <interfaces>
       <lan>
           <if>xl0</if>
           <ipaddr>192.168.0.1</ipaddr>
           <subnet>24</subnet>
       </lan>
       <wan>
           <if>dc0</if>
           <blockpriv/>
           <spoofmac>xx.xx.xx.xx.xx.xx</spoofmac>
           <mtu/>
           <ipaddr>dhcp</ipaddr>
           <dhcphostname/>
       </wan>
   </interfaces>
   <staticroutes/>
   <pppoe/>
   <pptp/>
   <dyndns>
       <type>dyndns</type>
       <username/>
       <password/>
       <host/>
       <mx/>
   </dyndns>
   <dhcpd>
       <lan>
           <enable/>
           <range>
               <from>192.168.0.100</from>
               <to>192.168.0.200</to>
           </range>
           <defaultleasetime>2618784</defaultleasetime>
           <maxleasetime>3628800</maxleasetime>
       </lan>
   </dhcpd>
   <pptpd>
       <mode>off</mode>
       <redir/>
       <localip>snip</localip>
       <remoteip>snip</remoteip>
       <radius>
           <server/>
           <secret/>
       </radius>
       <req128/>
       <user>
           <name>snip</name>
           <password>xxxxx</password>
       </user>
   </pptpd>
   <dnsmasq>
       <enable/>
       <regdhcp/>
   </dnsmasq>
   <snmpd>
       <syslocation/>
       <syscontact/>
       <rocommunity>public</rocommunity>
   </snmpd>
   <diag>
       <ipv6nat>
           <ipaddr/>
       </ipv6nat>
   </diag>
   <bridge/>
   <syslog>
       <nentries>1000</nentries>
       <remoteserver>192.168.0.x</remoteserver>
       <filter/>
       <dhcp/>
       <system/>
       <enable/>
       <reverse/>
   </syslog>
   <nat>
       <rule>
           <protocol>tcp</protocol>
           <external-port>22</external-port>
           <target>192.168.0.x</target>
           <local-port>22</local-port>
           <interface>wan</interface>
           <descr>Jupiter SSH</descr>
       </rule>
   </nat>
   <filter>
       <rule>
           <type>pass</type>
           <interface>wan</interface>
           <protocol>tcp</protocol>
           <source>
               <address>x.x.x.x</address>
           </source>
           <destination>
               <address>192.168.0.x</address>
               <port>22</port>
           </destination>
           <log/>
           <descr>NAT Jupiter SSH</descr>
       </rule>
       <rule>
           <type>pass</type>
           <interface>wan</interface>
           <source>
               <address>10.92.92.1</address>
           </source>
           <destination>
               <address>68.x.x.x</address>
           </destination>
           <log/>
           <descr>DHCP blah to UBR</descr>
           <disabled/>
       </rule>
       <rule>
           <type>pass</type>
           <interface>wan</interface>
           <source>
               <address>172.30.58.34</address>
           </source>
           <destination>
               <address>68.x.x.x</address>
           </destination>
           <log/>
           <descr>DHCP server Comcast</descr>
           <disabled/>
       </rule>
       <rule>
           <type>pass</type>
           <descr>Default LAN -&gt; any</descr>
           <interface>lan</interface>
           <source>
               <network>lan</network>
           </source>
           <destination>
               <any/>
           </destination>
       </rule>
   </filter>
   <shaper/>
   <ipsec/>
   <aliases/>
   <captiveportal>
       <page/>
       <timeout>60</timeout>
       <interface>lan</interface>
       <idletimeout/>
       <radiusip/>
       <radiusport/>
       <radiuskey/>
   </captiveportal>
   <wol>
       <wolentry>
           <interface>lan</interface>
           <mac></mac>
           <descr></descr>
       </wolentry>
       <wolentry>
           <interface>lan</interface>
           <mac></mac>
           <descr></descr>
       </wolentry>
       <wolentry>
           <interface>lan</interface>
           <mac></mac>
           <descr></descr>
       </wolentry>
   </wol>
</m0n0wall>


***********************************************
dhclient.leases
lease {
 interface "dc0";
 fixed-address 68.x.x.x;
 filename "msb3100_v1_silver_c01";
 option subnet-mask 255.255.252.0;
 option dhcp-lease-time 604800;
 option routers 68.x.x.x;
 option dhcp-message-type 5;
 option domain-name-servers 68.x.x.x,68.x.x.x;
 option dhcp-server-identifier 172.30.58.34;
 option domain-name "xxx.xxx.indy.comcast.net";
 renew 5 2004/8/6 17:48:40;
 rebind 2 2004/8/10 03:11:25;
 expire 3 2004/8/11 00:11:25;
}

************************
Cable Modem Log (Ethernet cable was disconnected due to storms until 
about 17:45)
2004-08-04 18:03:33    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
2004-08-04 18:03:32    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
2004-08-04 17:44:49    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
2004-08-04 15:58:02    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
2004-08-04 15:58:01    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
2004-08-04 15:51:51    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
2004-08-04 15:51:40    information    Authorized MAC addr:xx xx xx xx xx xx
2004-08-04 15:51:39    information    Cable Modem Status set to 
Registration Complete
2004-08-04 15:51:39    information    Received REG-RSP from CMTS
2004-08-04 15:51:39    information    Sending Registration Request
2004-08-04 15:51:39    information    Processing Configuration File
2004-08-04 15:51:36    information    DHCP: IP complete
2004-08-04 15:51:36    information    DHCP: Syslog server not specified
2004-08-04 15:51:36    information    DHCP: Syslog server not specified
2004-08-04 15:51:32    debug    DHCP_coldstart() successfully
2004-08-04 15:51:30    information    Beginning ranging process. Initial 
Power=49.00 dBmV
2004-08-04 15:51:26    information    Sync recovery loop is locked
2004-08-04 15:51:22    information    Scan Downstream Frequency...
2004-08-04 15:51:21    information    DHCP: back to initial state
2004-08-04 15:51:21    critical    Unicast Maintenance Ranging attempted 
- No response - Retries exhausted
2004-08-04 15:51:21    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
2004-08-04 15:51:20    critical    Started Unicast Maintenance Ranging - 
No Response received - T3 time-out
(THIS continues every 1 or 2 seconds for the previous 5 minutes)


Justin Ellison wrote:

Just getting in on this thread - forgive me if I missed something...

If your cable modem is not coming online, then it has nothing to do with
m0n0wall, or any other box behind it.  T3 timeouts mean that the modem
has lost communication from the CMTS, and it basically reboots and tries
to re-register. 
Send your m0n0wall logs, as well as your modem logs.

Justin