Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
IndexSoft

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 70 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  
Linux Knowledge Base and Tutorial: Forums



Linux Tutorial :: View topic - Wireless problems
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Wireless problems

 
Post new topic   Reply to topic    Linux Tutorial Forum Index -> Networking
View previous topic :: View next topic  
Author Message
koen
Beginner


Joined: Sep 12, 2005
Posts: 224
Location: Belgium

PostPosted: Fri May 19, 2006 12:36 pm    Post subject: Reply with quote

Here's a scenario that could explain the voodoo:

assuming that the wireless router can route between 192.168.1.0 and 192.168.2.0, and
assuming the wireless router is running a dhcp-relay-agent to allow dhcp broadcast to pass from one subnet to another :

when wlan0 comes up, it sends a DHCPDISCOVER broadcast to find a dhcp server. Any dhcp server can reply (DHCPOFFER). wlan0 will get it's networkconfig from the first dhcpserver to DHCPOFFER.
So: maybe wired_network_dhcpserver was a bit faster in making a dhcpoffer than wireless_router_dhcpserver ...

Next, wlan0 will, when its dhcp-lease is halfway epired, request a renewal from the dhcpserver that made the initial dhcp offer, so it will ignore wireless_router_dhcpserver ... unless the lease completely expires -- then wlan0 will start all over with DHCPDISCOVER and wireless_router_dhcpserver has a chance to be the first to DHCPOFFER.

Does that make sense ?

If I'm not mistaking, the problem could show up again. However, I think there are options/parameters in dhcpserver and/or dhcpclient to work around this. (RFC 2131 explains how dhcp works, but there may be resources that are easier to read)
Back to top
View user's profile Send private message
koen
Beginner


Joined: Sep 12, 2005
Posts: 224
Location: Belgium

PostPosted: Fri May 19, 2006 4:14 pm    Post subject: Reply with quote

[quote] ... the sticking point to me is that why would the wireless router allow traffic through it to the wired dhcp server when it wouldn't allow a connection to it, i.e. wouldn't offer an IP address to DHCP requests?
(...)
This seems like a security hole to me as I can't understand why it would pass DHCP requests upstream after refusing to respond to the request itself.
[/quote]
Careful there, you're mixing things up. Obviously, your router does allow your Debian box to connect. The dhcpserver running on that appliance is just not not offering a lease. The dhcp-relay (not necessarily the same process as the dhcp server) transfers the DHCPDISCOVER to the next network, where there happens to be a more willing dhcp server.


DHCP can be strange sometimes. I've seen real workstations get leases from dhcpservers in a virtual test environment in a different IP-range while there was a perfectly good physical production dhcpserver available on the subnet. It's often a matter of timing : first is first, and if the dhcpserver takes to long to make an offer (eg while looking for available addresses), an other one may get there faster.

Still, it is kinda weird, and I have to admit I've seen similar things happen : you make a configuration that you know is correct, and it doesn't work. Then, when you come back later to have an other go, you find everything is working as it should be. Really frustrating.
Back to top
View user's profile Send private message
koen
Beginner


Joined: Sep 12, 2005
Posts: 224
Location: Belgium

PostPosted: Fri May 19, 2006 6:58 pm    Post subject: Reply with quote

[quote]That means it can allow anyone else in the world to connect to my internal network[/quote]
Yes and No.

So far, this was a dhcp story. So limiting it to dhcp:
The fact that your wireless workstation gets dhcpoffers from the wired LAN only indicates that it allows dhcp broadcasts, i.e. udp on ports 67 and 68. It doesn't say anything about other connections/communications

Secondly, routers normally don't pass on dhcp broadcasts and therefore dhcp negotiations are limited to 1 subnet. If you do want dhcp broadcast to travers subnet boundaries (i.e. routers) you need to enable an additional feature, a dhcp relay agent, to make that happen. It is possible that Netgear comes with dhcp relay enabled and that is indeed kinda sloppy - but it is not (or shouldn't be) standard practise. You also don't need it since you have a dedicated dhcp server for each of your subnets.




Looking at the broader picture, beyound the dhcp story:
The fact that your router routes is independent of the fact that its dhcp server does or doesn't give out leases. It routes, and from what i hear you say, it routes between your wired network, your wireless network, and the internet. That's what routers do. If you want to change its behaviour, you'll need to configure it (routes, acces control lists, packet filters, other firewalling measures, ...). It would be rather unusual to have access to your network depend on the fact whether or not a client can get an address fom your dhcp server ...

In protocol stack terms (TCP/IP suite, e.g. [url]http://www.linux-tutorial.info/modules.php?name=Tutorial&pageid=142[/url]
-routing happens on the 'network' or 'IP' layer
-connections happen on the 'transport' or 'TCP/UDP'layer (unless you're talking about media access / datalink eg. your wireless NIC being able to 'see' the wireless router - that's layer 1 in TCP/IP (network access layer), layers 1 and 2 (physical + datalink) in OSI)
-dhcp and other services happen on the application layer

and these layers are independent of each other, they're not even aware of each other. So the fact that a client connects (layer 1) to your router, the fact that your router routes (layer 2), and the fact that communication is established between the wirded_server and that client (layer 3) does not (and should not) depend on whether or not a dhcp server is offering leases.

I suppose that you don't mind comuinication between [i]your[/i] wireless LAN and the wired LAN. You obviously don't want anyone else, wired or not, to use your router to gain access to the private LANs connected to it.
If such access is possible, that is indeed a security problem, but it's not a dhcp issue, it's routing and firewalls.
Back to top
View user's profile Send private message
koen
Beginner


Joined: Sep 12, 2005
Posts: 224
Location: Belgium

PostPosted: Fri May 19, 2006 9:44 pm    Post subject: Reply with quote

[quote]The reason for setting up access security on a wireless network is to keep unauthorized computers from accessing your network.[/quote]
that would be layer 1 : communication between the wireless [i]access point[/i] and the wireless NIC. You secured it by setting the access point the allow the MAC of the NIC. NICs and MAC addresses are clearly layer 1 items.
Your wireless computer was allowed to make such connection. Other computers are not (I suppose), so on the wireless side you're secure.

The wired ports of your router don't have this access level (layer 1) security, so there you need to arrange your security on layer 3 (packet filtering, statefull inspection) or on the application layer (authentication, ...)

The flaw in your router is indeed that it relays dhcp broadcasts while it shouldn't.
Back to top
View user's profile Send private message
koen
Beginner


Joined: Sep 12, 2005
Posts: 224
Location: Belgium

PostPosted: Fri May 19, 2006 10:01 pm    Post subject: Reply with quote

I searched the reference guide for your netgear, but couldn't find any reference to turning of the dhcp relay. It does get mentioned in the manuals for other netgear appliances though.
Still, blocking ports 67 and 68 (udp) between the appropriate networks should also do the trick
Back to top
View user's profile Send private message
jimmo
Administrator


Joined: Jul 27, 2002
Posts: 309
Location: Coburg, Germany

PostPosted: Sat Jul 31, 2010 3:57 pm    Post subject: Reply with quote

I deleted a post that was pretty obviously spam.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Linux Tutorial Forum Index -> Networking All times are GMT
Page 1 of 1

 

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001-2007 phpBB Group
  




Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds