You are not logged in.
- Topics: Active | Unanswered
#1 2020-10-11 13:59:38
- extcake
- Member
- Registered: 2008-11-11
- Posts: 10
[SOLVED] Can't access services on server after changing LAN to 10.0.0.
I have weird problem with accessing my camera running DAFANG after changing LAN ip range to 10.0.0.*
I can ping it just fine, but cant access it rtsp or http service.
I can access them normally from all other device and Windows on same machine just fine.
I tried use dhcpcd, resetting all iptables, changing to LAN range to 10.1.1.*
All others things seems to works just fine and I ran out of ideas what could it be 
Any ideas what the culprit could be are highly appreciated 
/etc/netctl/home:
Description='Home connection'
Interface=eth0
Connection=ethernet
IP=static
Address=('10.0.0.222/24')
Gateway='10.0.0.1'
DNS=('8.8.8.8')➜ ~ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 70:85:c2:86:95:7f brd ff:ff:ff:ff:ff:ff
inet 10.0.0.222/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::7285:c2ff:fe86:957f/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 94:b8:6d:ef:ff:47 brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:85:39:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.137.2/24 brd 192.168.137.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:85:39:59 brd ff:ff:ff:ff:ff:ff➜ ~ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.137.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0Last edited by extcake (2020-10-12 19:12:16)
Offline
#2 2020-10-11 14:56:19
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,960
Re: [SOLVED] Can't access services on server after changing LAN to 10.0.0.
Is the camera in the same subnet?
Does nmap report the desired ports to be open?
If so, how exactly can't you access it? Do you get an error response or does the connection just time out…?
If this is "my browser does not works", can you curl/wget the IP?
Did you try to wireshark the connection?
Offline
#3 2020-10-11 16:50:46
- extcake
- Member
- Registered: 2008-11-11
- Posts: 10
Re: [SOLVED] Can't access services on server after changing LAN to 10.0.0.
So i think that camera network setup is ok (it's from dhcp, I included info below)
Nmap report ports as closed
I get error: "Connection refused". I always get error instantly (no timeout).
I included outputs from wget and mpv that I use to play rtsp.
*Camera network setup info*
Interfaces:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 2C:AA:8E:0E:DC:1A
inet addr:10.0.0.10 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:46134 errors:0 dropped:320 overruns:0 frame:0
TX packets:3236650 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18035783 (17.2 MiB) TX bytes:413647549 (394.4 MiB)
wlan0 IEEE 802.11bgn ESSID:"RanczoSzatana" Nickname:""
Mode:Managed Frequency:2.462 GHz Access Point: 88:C3:97:C3:14:6A
Bit Rate:72.2 Mb/s Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:****-****-****-****-****-****-****-**** Security mode:open
Power Management:off
Link Quality=90/100 Signal level=100/100 Noise level=0/100
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
Routes:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default XiaoQiang 0.0.0.0 UG 0 0 0 wlan0
10.0.0.0 * 255.255.255.0 U 0 0 0 wlan0➜ ~ wget 10.0.0.10
--2020-10-11 18:41:29-- http://10.0.0.10/
Connecting to 10.0.0.10:80... failed: Connection refused.➜ ~ mpv --no-resume-playback --profile=low-latency --rtsp-transport=udp rtsp://10.0.0.10:666/unicast --framedrop=no --speed=1.01
[ffmpeg] tcp: Connection to tcp://10.0.0.10:666?timeout=0 failed: Connection refused
[lavf] avformat_open_input() failed
Failed to recognize file format.➜ ~ nmap -v 10.0.0.10
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-11 18:19 CEST
Initiating Ping Scan at 18:19
Scanning 10.0.0.10 [2 ports]
Completed Ping Scan at 18:19, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:19
Completed Parallel DNS resolution of 1 host. at 18:19, 0.00s elapsed
Initiating Connect Scan at 18:19
Scanning 10.0.0.10 [1000 ports]
Completed Connect Scan at 18:19, 0.01s elapsed (1000 total ports)
Nmap scan report for 10.0.0.10
Host is up (0.0019s latency).
All 1000 scanned ports on 10.0.0.10 are closed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds➜ ~ nmap 10.0.0.10 -p 80
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-11 18:40 CEST
Nmap scan report for 10.0.0.10
Host is up (0.00042s latency).
PORT STATE SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.02 seconds➜ ~ nmap 10.0.0.10 -p 666
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-11 18:41 CEST
Nmap scan report for 10.0.0.10
Host is up (0.00036s latency).
PORT STATE SERVICE
666/tcp closed doom
Nmap done: 1 IP address (1 host up) scanned in 0.04 secondsWireshark log when trying to connect with mpv:
1 0.000000000 10.0.0.222 10.0.0.10 TCP 74 35590 → 666 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=4054220120 TSecr=0 WS=128
2 0.000785635 10.0.0.10 10.0.0.222 TCP 60 666 → 35590 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface eth0, id 0
Interface id: 0 (eth0)
Encapsulation type: Ethernet (1)
Arrival Time: Oct 11, 2020 18:57:35.076862372 CEST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1602435455.076862372 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: ASRockIn_86:95:7f (70:85:c2:86:95:7f), Dst: BeijingX_c3:14:6a (88:c3:97:c3:14:6a)
Destination: BeijingX_c3:14:6a (88:c3:97:c3:14:6a)
Source: ASRockIn_86:95:7f (70:85:c2:86:95:7f)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.0.222, Dst: 10.0.0.10
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 60
Identification: 0xb9cf (47567)
Flags: 0x4000, Don't fragment
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x6a03 [validation disabled]
[Header checksum status: Unverified]
Source: 10.0.0.222
Destination: 10.0.0.10
Transmission Control Protocol, Src Port: 35590, Dst Port: 666, Seq: 0, Len: 0
Source Port: 35590
Destination Port: 666
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Sequence number (raw): 1297277177
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 0
Acknowledgment number (raw): 0
1010 .... = Header Length: 40 bytes (10)
Flags: 0x002 (SYN)
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0x1718 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
TCP Option - Maximum segment size: 1460 bytes
TCP Option - SACK permitted
TCP Option - Timestamps: TSval 4054220120, TSecr 0
TCP Option - No-Operation (NOP)
TCP Option - Window scale: 7 (multiply by 128)
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface eth0, id 0
Interface id: 0 (eth0)
Encapsulation type: Ethernet (1)
Arrival Time: Oct 11, 2020 18:57:35.077648007 CEST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1602435455.077648007 seconds
[Time delta from previous captured frame: 0.000785635 seconds]
[Time delta from previous displayed frame: 0.000785635 seconds]
[Time since reference or first frame: 0.000785635 seconds]
Frame Number: 2
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: BeijingX_c3:14:6a (88:c3:97:c3:14:6a), Dst: ASRockIn_86:95:7f (70:85:c2:86:95:7f)
Destination: ASRockIn_86:95:7f (70:85:c2:86:95:7f)
Source: BeijingX_c3:14:6a (88:c3:97:c3:14:6a)
Type: IPv4 (0x0800)
Padding: 000000000000
Internet Protocol Version 4, Src: 10.0.0.10, Dst: 10.0.0.222
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x4000, Don't fragment
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x23e7 [validation disabled]
[Header checksum status: Unverified]
Source: 10.0.0.10
Destination: 10.0.0.222
Transmission Control Protocol, Src Port: 666, Dst Port: 35590, Seq: 1, Ack: 1, Len: 0
Source Port: 666
Destination Port: 35590
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number)
Sequence number (raw): 0
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Acknowledgment number (raw): 1297277178
0101 .... = Header Length: 20 bytes (5)
Flags: 0x014 (RST, ACK)
Window size value: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xdcf9 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
[Timestamps]
[Time since first frame in this TCP stream: 0.000785635 seconds]
[Time since previous frame in this TCP stream: 0.000785635 seconds]➜ ~ ping 10.0.0.10
PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
64 bytes from 10.0.0.10: icmp_seq=1 ttl=64 time=2.79 ms
64 bytes from 10.0.0.10: icmp_seq=2 ttl=64 time=2.33 ms
64 bytes from 10.0.0.10: icmp_seq=3 ttl=64 time=3.15 ms
64 bytes from 10.0.0.10: icmp_seq=4 ttl=64 time=5.37 ms
64 bytes from 10.0.0.10: icmp_seq=5 ttl=64 time=2.72 ms
64 bytes from 10.0.0.10: icmp_seq=6 ttl=64 time=5.56 ms
^C
--- 10.0.0.10 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5009ms
rtt min/avg/max/mdev = 2.326/3.652/5.564/1.305 msmy Windows network info where everything works fine (same machine, dhcp):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::72:ee6c:99d3:a669%13
IPv4 Address. . . . . . . . . . . : 10.0.0.39
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.39 25
10.0.0.0 255.255.255.0 On-link 10.0.0.39 281
10.0.0.39 255.255.255.255 On-link 10.0.0.39 281
10.0.0.255 255.255.255.255 On-link 10.0.0.39 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.0.0.39 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.0.0.39 281Last edited by extcake (2020-10-11 17:31:09)
Offline
#4 2020-10-11 19:24:55
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,960
Re: [SOLVED] Can't access services on server after changing LAN to 10.0.0.
There's either a local firewall (iptables/netfilter - check https://wiki.archlinux.org/index.php/Iptables & https://wiki.archlinux.org/index.php/Nftables on how to dump rules) or the different IP (linux gets 10.0.0.222, windows gets 10.0.0.39) is significant.
Maybe there's also a different MAC (which could be relevant either to the dhcp server or the camera), but maybe it's also a "firewall" (even a trivial subnet segmentation in the router or config in the camera) - as long as the ports are closed to the client, the behavior is not surprising.
Offline
#5 2020-10-12 08:44:21
- extcake
- Member
- Registered: 2008-11-11
- Posts: 10
Re: [SOLVED] Can't access services on server after changing LAN to 10.0.0.
I tried to reset iptables i don't have nftables installed.
➜ ~ iptables -nvL
Chain INPUT (policy ACCEPT 422 packets, 38689 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2101 packets, 1156K bytes)
pkts bytes target prot opt in out source destination IP is different because is manually set outside of dhcp range. I tried using DHCP (dhcpcd), got similar IP to windows one but it didn't resolve problem.
Ofc Windows and Arch have same network card MAC.
Is there any other thing beside iptables that can block connections? (that is installed by default. My system is pretty clean, not lots of stuff installed, but installation itself is like 15 years old now)
Is there any way I can trace what block those packets?
Offline
#6 2020-10-12 19:10:57
- extcake
- Member
- Registered: 2008-11-11
- Posts: 10
Re: [SOLVED] Can't access services on server after changing LAN to 10.0.0.
Well culprit was piavpn.service It pia deamon somehow blocked this connections even I wasn't connected to VPN
Disabling service fix the problem. Actually after reinstalling pia software, all works even with piavpn.service enabled.
It seems it generates some config at install time.
Thanks all for help!
Offline