Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    Then the modem can't be the rogue DHCP server, Untangle is a broadcast wall... the DHCP requests aren't getting into that segment. You've got something else going on.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    If the Untangle does not have any interfaces bridged to the External NIC, then there is something wrong with your Untangle configuration if you can see DHCP server sessions from the Comcast modem. NAT should block all incoming sessions.
    Last edited by jcoffin; 03-20-2014 at 07:36 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    Forget NAT, the layer 3 boundary should stop it all by itself. Broadcasts don't go past routers.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Master Untangler SirBC's Avatar
    Join Date
    May 2008
    Location
    San Carlos, CA
    Posts
    115

    Default

    I unplugged the Comcast modem and was still seeing the rogue server....

    I've since disconnected every device except my computer (and at that point did not see the rogue server) and then brought them back online one by one, and I am still no longer showing the rogue server, so I'm at a loss as to what was causing the issue.
    Last edited by SirBC; 03-21-2014 at 10:38 AM.

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    Didn't you record the MAC address of the rogue? If your network is small enough to unplug everything, a quick check would reveal the machine responsible.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Master Untangler SirBC's Avatar
    Join Date
    May 2008
    Location
    San Carlos, CA
    Posts
    115

    Default

    To see if the rogue server was active, I was using Microsoft's Rogue Detection Utility, which lists the server IP and Offered Client IP, but not the MAC address. Is there a way to find that out using Untangle (when the rogue server is present)?

  7. #17
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    tcpdump, wireshark, any packet capture utility will let you see the DHCP offer packets.

    I would use tcpdump.
    Probably 90% of network troubleshooting can be solved with tcpdump & ping alone.
    Use them. Love them.
    Last edited by dmorris; 03-21-2014 at 11:38 AM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #18
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    If you're lucky, simply ping the IP address of the rogue, if you get a response then follow it up with arp -a. Find the IP of the rogue in the list and write down the mac for it.

    And I echo Dirk on the use of TCPDump. It's one of the primary reasons why I love Untangle so much. My edge router... has tcpdump, I can call, on demand. It's so easy to just go... hmmm... so THAT's where that packet's going... Usually 10 seconds later is a facepalm moment as you realize what you've misconfigured.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #19
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    We have tons of clients on Comcast....lots of them with Untangle. You can leave DHCP on with the older SMC gateways and with the similar new Netgear gateways they are using. You don't "bridge" them when you use your own router, you just configure them to allow the public IP subnet under the firewall rule, and type in the public static IPs on Untangle WAN interface(s). As Rob mentioned...Untangle and its NAT will block the DHCP from flowing inwards. Yet...you can still plug in other devices into one of the LAN ports of the Comcast gateway and have them use that network (like phone systems, whatever)..separated from Untangles network.

  10. #20
    Master Untangler SirBC's Avatar
    Join Date
    May 2008
    Location
    San Carlos, CA
    Posts
    115

    Default

    So, it just gets weirder. And Comcast is saying it's Untangle's fault.

    After the issues outlined above, I just went and assigned every device a static IP (via the Untangle add as static) so that computers/devices wouldn't even try and pull an ip. Problems went away. However, I was still seeing the 10.1.10.1 DHCP server in addition to Untangle's 192.168.1.x, it just wan't causing any issues so I ignored it.

    Today, I built a new computer, brought it online and of course it pulled a 10.1.10.x IP before I could give it static IP in Untangle. Here is where it gets weird. I ran arp -a and the mac address is not that of my Comcast modem. So I logged into the Comcast modem on my new computer and it shows a different public static IP as well as a different MAC address as my own Comcast modem. I have two computers sitting side by side, both connected to my network with a wired connection, back to the same switch, and one shows a different public IP address than the other.

    Also, other modem settings are different, with the "rogue" modem having a different firmware version and DHCP turned on; so I must be logged into my neighbors (?) modem. How is that possible? There currently are no wireless access points on my network and I'm connecting to my network with wired connections.

    My home network is pretty simple. I have about 10 drops, and at this time, no wireless access points. So two computers, both going back to the same switch, which is attached to my Comcast modem with DHCP turned off, and one shows a different public IP address than the other. How is it even possible that I can log into some other customers Comcast modem (Comcast has confirmed that it is another customers modem)?

    Comcast almost couldn't wrap their heads around this. We spent around 90 minutes on the phone and they confirmed, by looking at the MAC address, that it isn't my modem. They said they were not allowed to tell me who's modem it is, but it is under a different account than mine with an address that is not mine. However, according to them, since I have my Comcast modem bridged with my own "firewall", the problem must be on my end with a misconfigured firewall. I explained that the way I was going to fix this was to simply turn off DHCP on my neighbors (?) modem, which would solve my problem but likely not help my neighbors network. They said they would escalate to tier 2 and call me back.

    Is there any scenario under which Untangle could be contributing to this problem?
    Last edited by SirBC; 04-19-2014 at 04:23 PM.

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2