Logs - check problems


(paweł nowak) #1

Hello,
in which logs to check problems with DHCP and static routing?


(Markus Neuberger) #2

You may have a look in /var/log/messages but…may I ask what’s the problem?


(paweł nowak) #3

Sometimes static routing does not work or printers do not get an IP address


(Markus Neuberger) #4

You may check which device got an IP via DHCP with:

cat /var/log/messages | grep dhcp

(Markus Neuberger) #5

What does not work, can you explain?

With “cat /var/log/messages | grep dhcp” you can see if your printer gets an IP address. As a workaround you may give your printer a static IP.


(paweł nowak) #6

Ok, unfortunately I do not know which ones have mistakes. I’ve already tried to assign static ip, sometimes it did not help


(Markus Neuberger) #7

Did you check your network hardware? If static IPs do only work sometimes the error may be there…


(Rob Bosch) #8

If you want this resolved it might be a good idea to give some more info on how your network looks like. Do you use multiple subnets? (you talk about static routes)
How can a static IP not be issued to a printer? If it is a networked printer you can always assign it a static IP address. Does your DHCP sope overlap the static IP you assign to your printer? Or is it a permanent IP address assigned in DHCP?


(paweł nowak) #9

192.168.203.0 /24 LAN
172.16.0.0 / OpenVPN
Network 10.200.20.0 /24 --> 192.168.203.254 – interface br0 - Static route (sometimes not working)
I use permanet Ip adress assigned in DHCP , my DHCP can overlap the static ip to printer in some cases.


(paweł nowak) #10

How to distinguish between logs and errors?

Jan 25 15:26:57 neth kernel: IPv4: host 192.168.203.144/if5 ignores redirects for 10.200.20.11 to 192.168.203.254


(Markus Neuberger) #11

What are you trying to do that gives an error? Print from openvpn? Is the network 10.200.20.0/24 connected to br0?

Could you please post the output of ip addr and ip route?

Usually you have something like “error”, “warning” or “fail” in bad log entries.


(paweł nowak) #12

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:e0:4c:0f:67:86 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2e0:4cff:fe0f:6786/64 scope link
valid_lft forever preferred_lft forever
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UP qlen 1000
link/ether 6c:62:6d:b2:e8:38 brd ff:ff:ff:ff:ff:ff
inet 78.11.48.28/24 brd 78.11.48.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::6e62:6dff:feb2:e838/64 scope link
valid_lft forever preferred_lft forever
4: enp4s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UNKNOWN qlen 1000
link/ether 00:e0:4c:4d:37:5a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.4/24 brd 192.168.1.255 scope global enp4s2
valid_lft forever preferred_lft forever
inet6 fe80::2e0:4cff:fe4d:375a/64 scope link
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:e0:4c:0f:67:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.203.1/24 brd 192.168.203.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::2e0:4cff:fe0f:6786/64 scope link
valid_lft forever preferred_lft forever
6: vb-nsdc@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP qlen 1000
link/ether 4a:90:6b:7a:52:38 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::4890:6bff:fe7a:5238/64 scope link
valid_lft forever preferred_lft forever
7: tunrw: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/none
inet 172.16.0.1 peer 172.16.0.2/32 scope global tunrw
valid_lft forever preferred_lft forever
inet6 fe80::653e:3b23:a9c:60f4/64 scope link flags 800
valid_lft forever preferred_lft forever

10.200.20.0/24 via 192.168.203.254 dev br0
78.11.48.0/24 dev enp2s0 proto kernel scope link src 78.11.48.28
78.11.48.25 dev enp2s0 scope link src 78.11.48.28
169.254.0.0/16 dev enp2s0 scope link metric 1003
169.254.0.0/16 dev enp4s2 scope link metric 1004
169.254.0.0/16 dev br0 scope link metric 1005
172.16.0.0/24 via 172.16.0.2 dev tunrw
172.16.0.2 dev tunrw proto kernel scope link src 172.16.0.1
192.168.1.0/24 dev enp4s2 proto kernel scope link src 192.168.1.4
192.168.1.1 dev enp4s2 scope link src 192.168.1.4
192.168.203.0/24 dev br0 proto kernel scope link src 192.168.203.1

Everything works fine 1-2 days, then static routing stops working. Network 10.200.20.0/24 is connected to some Fortigate device and has IP 192.168.203.254. Then I change the nethserver to TD-W8970 tp-link router and again the network works correctly.


(Markus Neuberger) #13

Strange. This may happen If the FortiGate got its LAN IP via DHCP from the TP-Link and not from NethServer.

Is the static route “10.200.20.0/24 via 192.168.203.254 dev br0” still in the routing table (ip route) when the error occurs? Can you ping the FortiGate?

You don’t have a default gateway on NethServer?

I don’t get how you connect to the internet…please help me.

Is the TD-W8970 tp-link configured exactly like NethServer (same IPs, static routes…)?


(paweł nowak) #14

624/5000
Nethserver is connected to two WAN links.
WAN1 - interface 78.11.48.28 - gateway - 78.11.48.25
WAN2 - interface 192.168.1.4 - gateway adsl router -192.168.1.1
DHCP range on Nethserver is 192.168.203.3 - 192.168.203.253

Is the static route “10.200.20.0/24 via 192.168.203.254 dev br0” still in the routing table (ip route) when the error occurs? Can you ping the FortiGate? - I will check this

You do not have a default gateway on NethServer? - I understand that it should be 192.168.203.1 on the br0 interface?

TD-W8970 tp-link is configured similarly NethServer - it does not have only OpenVPN and only supports one WAN link


(Markus Neuberger) #15

The default route looks like this:

For WAN1: default via 78.11.48.25 dev enp2s0
For WAN2: default via 192.168.1.1 dev enp4s2

Did you setup your multi wan correctly?

http://docs.nethserver.org/en/v7/firewall.html#multi-wan


(paweł nowak) #16

I changed the settings to active backup as in the example. Is traffic shapping necessary?


(Markus Neuberger) #17

No, it’s not needed for multi wan.