<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Hans Steegers <steegers,AT,steegers,DOT,nl>
Subject: Re: tcpdump - laptop
From: James Knott <james.knott,AT,rogers,DOT,com>
Date: Fri, 12 Sep 2003 10:12:04 -0400
Cc: CIPE-list <cipe-l,AT,inka,DOT,de>
In-reply-to: <002601c37912$a6f5ba80$d620a8c0@pcw_hans.hnsasd.priv>
References: <002601c37912$a6f5ba80$d620a8c0@pcw_hans.hnsasd.priv>

Hans Steegers wrote:
James,


[2003/09/11 21:59:45, 0] nmbd/nmbd_subnetdb.c:create_subnets(240)
 create_subnets: No local interfaces ! <<=======================<!!!>
[2003/09/11 21:59:45, 0] nmbd/nmbd.c:main(861)
 ERROR: Failed when creating subnet lists. Exiting.


There must be something wrong with the interfaces or route table, as nmbd is
stumbling on the local interface and subnets.
I suspect the problem in your routing and/or sub-netting, or the lo
interface is missing...

Please, provide the following information:

1. 'ifconfig' output of ALL your interfaces on the notebook and the
router/gatway.

router


cipcb0    Link encap:IPIP Tunnel  HWaddr
          inet addr:192.168.2.10  P-t-P:192.168.2.20  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:791 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1028 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:93944 (91.7 Kb)  TX bytes:545632 (532.8 Kb)

eth0      Link encap:Ethernet  HWaddr 00:05:5D:FE:FC:E4
          inet addr:192.168.3.132  Bcast:192.168.3.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18804 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22292 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:6015713 (5.7 Mb)  TX bytes:2609463 (2.4 Mb)
          Interrupt:11 Base address:0x4400

eth1      Link encap:Ethernet  HWaddr 00:C0:4F:A1:8F:94
          inet addr:192.168.1.40  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35797 errors:0 dropped:0 overruns:1 frame:0
          TX packets:20685 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:3723756 (3.5 Mb)  TX bytes:6312521 (6.0 Mb)
          Interrupt:10 Base address:0xdcc0

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:446 errors:0 dropped:0 overruns:0 frame:0
          TX packets:446 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:123624 (120.7 Kb)  TX bytes:123624 (120.7 Kb)

notebook

cipcb0    Link encap:IPIP Tunnel  HWaddr
          inet addr:192.168.2.20  P-t-P:192.168.2.10  Mask:255.255.255.255
          UP POINTOPOINT NOTRAILERS RUNNING NOARP  MTU:1442  Metric:1
          RX packets:42 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:5728 (5.5 Kb)  TX bytes:5712 (5.5 Kb)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1175 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1175 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:69600 (67.9 Kb)  TX bytes:69600 (67.9 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:209.188.82.80 P-t-P:209.188.80.73 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1524 Metric:1
RX packets:63 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:8409 (8.2 Kb) TX bytes:8787 (8.5 Kb)



2. your route tables 'route -n' of both the notebook and router/gateway.

router


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.20 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.3.1 0.0.0.0 UG 0 0 0 eth0


notebook

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.10 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb0
66.185.95.99 192.168.1.40 255.255.255.255 UGH 0 0 0 cipcb0
209.188.80.73 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 cipcb0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 209.188.80.73 0.0.0.0 UG 0 0 0 ppp0



3. the relevant ip-up script of the involved cipe interfaces (only if you changed something, omit if standard)

I have not changed them.



4. the settings in your samba configuration file (notebook only) of: hosts allow =, interfaces =, bind interfaces only = , socket options =

I'm not using any of those in smb.conf.



5. Check again with 'netstat -lnpt' for a list of tcp ports listening (139?)

notebook


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 4422/rpc.statd
tcp 0 0 127.0.0.1:32772 0.0.0.0:* LISTEN 4686/xinetd
tcp 0 0 0.0.0.0:32773 0.0.0.0:* LISTEN 4733/rpc.mountd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4394/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 5364/X
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 4965/perl
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 4686/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4653/sshd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 4920/cupsd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 4686/xinetd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4775/sendmail: acce
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 6082/sshd
tcp 0 0 0.0.0.0:668 0.0.0.0:* LISTEN 4728/rpc.rquotad
tcp 0 0 0.0.0.0:7741 0.0.0.0:* LISTEN 4946/lisa


server

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 765/rpc.statd
tcp 0 0 127.0.0.1:32769 0.0.0.0:* LISTEN 992/xinetd
tcp 0 0 0.0.0.0:32770 0.0.0.0:* LISTEN 1040/rpc.mountd
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 992/xinetd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1767/smbd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 992/xinetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 737/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1984/X
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1834/perl
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 992/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 959/sshd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1827/cupsd
tcp 0 0 0.0.0.0:791 0.0.0.0:* LISTEN 1035/rpc.rquotad
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 992/xinetd
tcp 0 0 192.168.1.10:25 0.0.0.0:* LISTEN 1660/sendmail: acce
tcp 0 0 0.0.0.0:7741 0.0.0.0:* LISTEN 1916/lisa



6. Verify that your traffic is going through the tunnel, if connected via WiFi or LAN, and not by-passing it: Use tcpdump [-n -i <cipcbX> icmp and host <serveraddress> ] on the cipcb interface on the router, ping from the notebook to the server. You should see something like: 10:24:58.289472 192.168.a.x > 192.168.b.y: icmp: echo request (DF) 10:24:58.290441 192.168.b.y > 192.168.a.x: icmp: echo reply (DF)

tcpdump: listening on cipcb0
09:55:08.267148 192.168.2.20 > 192.168.1.10: icmp: echo request (DF)
09:55:08.620097 192.168.1.10 > 192.168.2.20: icmp: echo reply
09:55:09.280093 192.168.2.20 > 192.168.1.10: icmp: echo request (DF)
09:55:09.620103 192.168.1.10 > 192.168.2.20: icmp: echo reply
09:55:10.291699 192.168.2.20 > 192.168.1.10: icmp: echo request (DF)
09:55:10.620102 192.168.1.10 > 192.168.2.20: icmp: echo reply
09:55:17.600251 192.168.2.20 > 192.168.1.10: icmp: 192.168.2.20 udp port netbios-dgm unreachable [tos 0xc0]


..
Note: an encrypted CIPE tunnel over Wi-Fi is 128-bit CIPE encryption over an
effectively 104 bit encrypted connection: is your traffic that secret? Or
didn't you set the 128-bit WEB-key?

At the moment, I'm trying to emulate the dial up connection as much as possible, so that means using the VPN, just as I would over dial up. Normall networking without a VPN over wireless also works fine.


When I access newsgroups from my notebook over wireless, I run Knode remotely, using X, through ssh, through CIPE, through WEP. Those messages are *REALLY* protected! ;-)


7. Verify the setting of ip_forward: cat /proc/sys/net/ipv4/ip_forward (just to be sure, it should say '1').

It's "1" on the firewall and "0" on the notebook, as expected.



=


Why no 137/138 ports are listening when nmb is running is a mystery to me.
Anyone any idea?

Or why only on the notebook. The server shows those ports. I'm using the same software on both.



** For reference: When I only run NMBD, after stopping SMBD: # ps ax | grep mbd 157 ? S 0:05 /usr/local/samba/bin/nmbd -D I get the following: # netstat -lnpu ... udp 0 0 192.168.x.y:137 0.0.0.0:* 157/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 157/nmbd udp 0 0 192.168.x.y:138 0.0.0.0:* 157/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 157/nmbd .. udp 0 0 192.168.x.y:9900 0.0.0.0:* ESTABLISHED 19815/ciped-db .. If I start SMBD again, I also get 139/tcp listening. # ps ax | grep mbd 157 ? S 0:05 /usr/local/samba/bin/nmbd -D 20875 ? S 0:00 /usr/local/samba/bin/smbd -D # netstat -lnpt ... tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 20875/smbd ...

*** The SMB/CIFS protocol must have been developed in a mental asylum, like
most M$$hit, so I am not going to waste time on it.
I want to restrict my involvement to the CIPE-related issues.
Start nmbd with increasing -d <debug_level> , to get more verbose error
messages, if necessary. Search the Samba mailing lists or 'google' the error
message(s).

I have posted this problem on both the Samba mailing list and news group. No response whatsoever on either.


As I recall, the original protocol was intended for local network use only, and only later adapted to TCP/IP.

And, DO USE A FIREWALL when connected to the internet! Not doing so is stupid. But wait until this problem is solved, to not complicate matters further..

That is what I'm doing. Normal proceedure is to use the firewall, when connected directly to the internet via dial up, but not when connected to my local lan.




Hans Steegers


Well, thanks for your help anyway. If I could get CIPE working on XP, I'd at least have something to compare with. I'll keep plugging away and maybe something will turn up.


Thanks again.


<< | Thread Index | >> ]    [ << | Date Index | >> ]