Open port from subnet on eth1 visible on eth0 from other PC

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
User avatar
otacon14112
Level 2
Level 2
Posts: 64
Joined: Sun Apr 21, 2013 11:43 pm

Open port from subnet on eth1 visible on eth0 from other PC

Post by otacon14112 » Thu Apr 05, 2018 7:06 pm

I'm learning about networking, and have set up a dhcp server on an old comp for educational purposes. It has several NICs. Its eth0 NIC is connected to my normal LAN router which faces the modem/internet. I discovered from one computer with an nmap scan that the old comp has an open port on 53 (I only specified that one port to scan; I'll check others later). I specified in /etc/dnsmasq.conf to only listen on eth1. So why would its open port be visible from an external computer through eth0?

eth1 is taking DCHP requests from whatever computer I plug into it. In /etc/network/interfaces, I have specified that eth0 should use IPv4, and get its configuration via DHCP.

My nmap scan showed 53/TCP was open. On the actual old computer, netstat -untap shows that TCP port 53 was being listened to, which is the only IPv4 TCP line listed, and it's listening, which my nmap scan detected.

So I'm confused; I know that it needs to get its configuration from the router via eth0, but I can't tell in reality which interface the old computer is actually listening on. I know what I want (for it to listen on eth1), but what should really be expected from this configuration? Sorry if this sounds confusing; I don't know how else to describe it. I can clarify more if anyone asks anything more specific. Thanks
Otacon: You remember pre-ripped jeans? Manufacturers thought that just because people loved old, broken-in jeans, they would want to buy new jeans that looked old. So they purposefully...
Solid Snake: What do jeans have to do with nature and order?

rene
Level 7
Level 7
Posts: 1761
Joined: Sun Mar 27, 2016 6:58 pm

Re: Open port from subnet on eth1 visible on eth0 from other PC

Post by rene » Fri Apr 06, 2018 3:03 am

otacon14112 wrote:
Thu Apr 05, 2018 7:06 pm
I specified in /etc/dnsmasq.conf to only listen on eth1.
Is that machine running Mint and using dnsmasq through NetworkManager as a standard install would? If yes, if you run ps ax | grep dnsmasq you'll find that dnsmasq is launched with --conf-file=/dev/null --conf-dir=/etc/NetworkManager/dnsmasq.d. That is, ignoring /etc/dnsmasq.conf and needing configuration (-fragments) to be placed in /etc/NetworkManager/dnsmasq.d/ instead. I for example have

Code: Select all

$ cat /etc/NetworkManager/dnsmasq.d/cache-size.conf
cache-size=1000
so as to compensate for the --cache-size=0 with which it is also started by NetworkManager. Name any configuration files/fragments in there foo.conf.

Did not (yet) pay close attention to to rest of your description; thought this would be useful as step 1...

User avatar
otacon14112
Level 2
Level 2
Posts: 64
Joined: Sun Apr 21, 2013 11:43 pm

Re: Open port from subnet on eth1 visible on eth0 from other PC

Post by otacon14112 » Fri Apr 06, 2018 6:02 pm

Thank you for your prompt reply. IIRC, I think I removed NetworkManager, which uses dnsmasq-base. I read somewhere that if you want to use dnsmasq, to remove NetworkManager.

I know that first post was hard to follow. I'll define some terms here to make it easier to follow.

Linksys = my regular router connected to the modem
testrouter = my Dell desktop running Debian Stretch i386 w/no GUI. Intended to be a gateway, firewall, router, DHCP server, and DNS cache to speed up the networks connected to its eth1 and eth2 NICs.
Mint desktop = my main computer running Mint Sylvia 64-bit
Mint laptop = my main laptop running Mint Sonya 64-bit. I've been using this to connect to testrouter's eth1 NIC.

Linksys gets its configuration from my ISP via DHCP (IP address, primary DNS server, secondary DNS server). Testrouter (from eth0) and my Mint desktop are connected to my regular LAN. My Mint laptop successfully gets an IP address from testrouter, and when I ping www.google.com and other sites, it shows the IP address on the terminal, but all the packets get lost, and it never received a reply.

It was from my Mint desktop that I did the nmap scan on testrouter and found TCP/53 open. netstat -untap on testrouter showed that it was listening on TCP/53. When I get home, I'll provide more information.

Image
Last edited by otacon14112 on Sat Apr 07, 2018 11:14 am, edited 1 time in total.
Otacon: You remember pre-ripped jeans? Manufacturers thought that just because people loved old, broken-in jeans, they would want to buy new jeans that looked old. So they purposefully...
Solid Snake: What do jeans have to do with nature and order?

User avatar
otacon14112
Level 2
Level 2
Posts: 64
Joined: Sun Apr 21, 2013 11:43 pm

Re: Open port from subnet on eth1 visible on eth0 from other PC

Post by otacon14112 » Fri Apr 06, 2018 11:13 pm

I've thought about it more, and I'm fed up with this Debian system. From start to finish, it's been unreliable; half the time raise network interfaces fails, requiring me to reboot it again, and it's not jut this system. This has been the case with other Debian systems of mine lately. I've found that an insane number of people have this problem, and that others are complaining about this unreliability as well. I am extremely disappointed, because I've always been a fan of Debian, even donating to them, but it seems they've lost their mind, changing one traditional UNIX thing after another, abandoning reliable, time and battle-test system configurations. I'll keep using Mint, but I'll be surprised if I try Debian again, at least for the foreseeable future.
Otacon: You remember pre-ripped jeans? Manufacturers thought that just because people loved old, broken-in jeans, they would want to buy new jeans that looked old. So they purposefully...
Solid Snake: What do jeans have to do with nature and order?

rene
Level 7
Level 7
Posts: 1761
Joined: Sun Mar 27, 2016 6:58 pm

Re: Open port from subnet on eth1 visible on eth0 from other PC

Post by rene » Sat Apr 07, 2018 8:45 am

Saw yesterday you went to a lot of trouble making a diagram but didn't have time to reply; now see the diagram as well as your resolve to get it going is gone :-)

If I remember correctly the "testrouter-downstream" (i.e., the mint laptop) had a 172.* address. In fact, I seem to remember a 176.* address but given that that wouldn't be a private IP range, I shall assume not. What I expect is/was the issue is "testrouter" not having set a default route through "linksys"; it having no idea where to in fact ship packets destined for say www.google.com.

As to non-deterministic behaviour wrt. raising interfaces: I do also notice you refer to interfaces as "eth0" and "eth1". This is an at this point in time obsolete naming scheme since indeed intrinsically non-deterministic: which interface gets to be eth0 and which one eth1 depends only on the order in which the kernel initializes them at boot, which may in turn supposedly depend on for example VERY non-deterministic conditions such as cable conditions determining which NIC responds fastest to initialization. And clearly certainly on hot-pluggable hardware such as USB adaptors. As such, and although on single-NIC systems a bit annoying at times, it does make technical sense that NIC naming has transitioned to e.g. "enp4s0" or alike; tied to bus-topology. If my guess is correct that that transition was one of the things that annoys you in current Debian then I do believe you may have caused yourself an issue there if you switched back to the old ethN naming...

As to dumping Debian then: not sure I would advise that. I came over to Mint 17 from the Slackware and Arch side of things two or so years ago and if there's anything I immediately started noticing is that given that you understand the underpinnings of any Linux system you understand any other as well; the trick is just knowing what amount of the through Debian, Ubuntu and finally Mint progressively growing heap of nonsense to ignore. Given how you formulated things it's relatively likely that systemd is another explicit part of your Debian annoyance; realistically speaking you'd only have Slackware to retreat to. Even without the systemd difference slack has now for 10+ years been a mindlessly conservative "older is better" bastion; slack users obsolete themselves upon install.

Which, mind you, may be a valid choice, certainly on obsolete hardware. But if you are learning about things NOW then I'd stick it out with Debian. It's really the only relevant "basic" Linux distribution left...

User avatar
otacon14112
Level 2
Level 2
Posts: 64
Joined: Sun Apr 21, 2013 11:43 pm

Re: Open port from subnet on eth1 visible on eth0 from other PC

Post by otacon14112 » Sat Apr 07, 2018 11:39 am

Yeah, I removed it because I was going to start from scratch, but I put it back since you showed interest. I did change it back to ethX, simply because it's easier for me to remember, by using ifrename. However, I even noticed that incorrectly got eth2 and eth3 mixed up. Some of my preferences might not be rational or reasonable to some people, but I guess I'm OCD on things. In particular, I'm especially OCD and picky about computer stuff :lol:

I personally have more fun with "traditional" *nix systems. I especially love inittab because of the ease of changing runlevels from just one line. I am thinking about adding udev rules to take care of the NIC names instead. After installing another Debian-based Linux distribution on another partition (Ubuntu 17.10), I went back to it and played with it some more. I think I'll continue to experiment with it, because I've spent a lot of time so far configuring things the way I want.

I haven't kept up with Slackware for a long time. By obsolete, do you mean bugs and vulnerabilities, or just old ways of doing things?
Otacon: You remember pre-ripped jeans? Manufacturers thought that just because people loved old, broken-in jeans, they would want to buy new jeans that looked old. So they purposefully...
Solid Snake: What do jeans have to do with nature and order?

rene
Level 7
Level 7
Posts: 1761
Joined: Sun Mar 27, 2016 6:58 pm

Re: Open port from subnet on eth1 visible on eth0 from other PC

Post by rene » Sat Apr 07, 2018 2:56 pm

otacon14112 wrote:
Sat Apr 07, 2018 11:39 am
By obsolete, do you mean bugs and vulnerabilities, or just old ways of doing things?
Obsolete ways of doing things. I.e., the installer, as far as I'm aware still absent "official" repositories, the packaging system (afaia still no "official" dependencies), the software selection ("minicom" being installed as part of the base distribution made me giggle last time I looked, xetex instead of texlive made me cry), the BSD init system, ....

"Old" can have the advantage of "simple and basic" and it does in some senses in slack. But at this point in time I find slack to be at that point where it's by its remaining users and, largely, its main developer simply frozen in time and declared to be necessarily superior to anything that could possibly follow. Picture horses and carriages and raising barns and what have you. Not for me..

User avatar
otacon14112
Level 2
Level 2
Posts: 64
Joined: Sun Apr 21, 2013 11:43 pm

Re: Open port from subnet on eth1 visible on eth0 from other PC

Post by otacon14112 » Sun Apr 08, 2018 8:11 pm

rene wrote:
Sat Apr 07, 2018 2:56 pm
But at this point in time I find slack to be at that point where it's by its remaining users and, largely, its main developer simply frozen in time and declared to be necessarily superior to anything that could possibly follow. Picture horses and carriages and raising barns and what have you. Not for me..
That made me chuckle :lol:
Otacon: You remember pre-ripped jeans? Manufacturers thought that just because people loved old, broken-in jeans, they would want to buy new jeans that looked old. So they purposefully...
Solid Snake: What do jeans have to do with nature and order?

Post Reply

Return to “Other networking topics”