dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2139
share rss forum feed


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast

2 edits

Destination unreachable, USG20 confused

Click for full size
Essentially this is what happens.

USG20 -> DNS Server: Resolve Address Please (DNS Req)
DNS Server -> USG20: OK Here you go (DNS Reply)
USG20 -> DNS Server: Sorry, I can't be reached. (ICMP)

The original request is from an item on my LAN. the only thing remarkable here is that the UDP packet in the DNS request does not have a checksum. This seems to confuse the USG.

Any ideas.
--
dnoyeB

"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard. " Ecclesiastes
9:16


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1

I think perhaps the USG is translating the UDP packet and sending it out, but failing to start a session. Is there a way I can monitor sessions?



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2

I am not sure if it is your USG20 causing the issue. Have you tried using something like OpenDNS and seeing if you have the same issue.



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast
reply to dnoyeB

Its definitely the USG. As the log shows, the return packet is rejected by the USG.

Note, the packet is rejected, not simply dropped. All my firewall rules drop. Thus, the rejection is not from a rule.

Seems like there is a session because otherwise it should just be dropped. But then the NAT fails as if there is no session.

I really think this is a bug.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16



Gork
Ou812ic

join:2001-10-06
Bountiful, UT

As @Hank queried, have you tried a different DNS server just for testing purposes?



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast

2 edits
reply to dnoyeB

Yes. As you can see in the log however, the USG is rejecting the packet claiming there is no host. This has nothing to do with the DNS. But indeed I tried several. I should also add that this same transaction works fine over my cellular network. i.e. without the USG20.

--
dnoyeB

"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard. " Ecclesiastes
9:16



Gork
Ou812ic

join:2001-10-06
Bountiful, UT

1 recommendation

Could this have anything to do with the DNS load balancing option in the router?

I have DNS load balancing turned off. And on the page mentioned above for domain zone I have three entries: 1) 8.8.8.8; 2) 8.8.4.4; and 3) Default which is set at 75.75.76.76 & 75.75.75.75. I don't use those settings for my LAN connectios though... Because in DHCP settings of the ethernet connection my computer is attached to I have DNS settings set to custom defined and have the same listings as above, so that my computers are all given the actual DHCP server addresses instead of using the LAN IP address of the Zyxel to handle DNS queries.

If your computers are given the IP address of the Zyxel for DNS queries perhaps you could try setting things up similarly to how I have them set up, at least for testing purposes. It should work either way, though, unless there's some other setting not allowing the connection. Have you tried turning the firewall in the device completely off just for testing?



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast

1 recommendation

reply to dnoyeB

Click for full size
Once again I am back to blaming the device. USG is behaving. probably behaving more correct than others and that is why I am having this problem.

The stupid device apparently does not know how to respond to an ARP!! I had the USG give the device 192.168.0.77. You can see the device getting the address. Then you see USG asking who has the address and nothing but silence...

When there is data to be sent to the device at 192.168.0.77, an ARP is sent. If there is no reply, the data has no where to go. This is the reason for the ICMP host unreachable. Its also probably why the UDP session is ended abruptly.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast
reply to dnoyeB

I was able to make the device temporarily work by injecting the ip/MAC association through CLI when I saw the ARP in the wireshark log being ignored.

This confirms the issue. I have no way however to make a permanent association...
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

What device is it?



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB

Fitbit Aria, wifi scale.



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast
reply to dnoyeB

Found a workaround. Just need another router in the path to do DHCP. That router I'm guessing is caching the MAC/IP binding when it does DHCP.

Sure its double NAT, but its only for 1 device. Its kind of rediculous considering I just bought an AP that has multiple SSID and now I am having to run two AP anyway...
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
reply to dnoyeB

Try IP/MAC binding on USG and static DHCP. Maybe it will work (or not).



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast
reply to dnoyeB

I do have IP/MAC binding for all my devices through DHCP from the USG. Still didn't work. That is just how the USG behaves I guess. It does not fill its arp cache with anything unless it comes from an ARP reply to one of its own ARP requests.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

You could write zysh script to add the arp entry periodically, unfortunately I don't see option to add zysh script to a schedule ... would be nice though.



Gork
Ou812ic

join:2001-10-06
Bountiful, UT

1 recommendation

I've added a schedule to run a zysh script on the first day of every month at 1am... These are my notes:

# script is meant to be scheduled to update ddns profile once per month
# schedule to run at 0100 hrs on the first day of the month with:
# configure terminal
# schedule-run 1 ddns-update.zysh monthly 01:00 01
# write
# show schedule-run #shows the schedules
# no schedule-run {Run No.} #deletes a sched (PROBABLY need)



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

So are you saying that zysh script can be attached to a schedule? I did not know that, that's good news.



Gork
Ou812ic

join:2001-10-06
Bountiful, UT

1 recommendation

Yup! The schedule's not super configureable but it works. I use it to update DDNS once per month since ZyXEL didn't incorporate that into the USGs. Per dyndns you're supposed to update once every 28 days, but the unit doesn't work with that schedule. Once every 30 days is cutting it close but it works.

The best part of this is I get to help @Brano learn something for a switch.



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast
reply to dnoyeB

Problem with the script is that it needs to run during the period where the USG is looking for the MAC address. Otherwise, the USG will just dump any existing binding. i.e. if/when the USG decides it needs to talk to the Aria it will initiate a new ARP request. It does not seem to matter if there is already an entry in the ARP cache.

Perhaps that is the fundamental problem here. The ARP cache is not really being used like a cache. Or maybe the DHCP causes the ARP cache to flush. Not sure, but I know the entry is lost as soon as the USG starts looking for the ARIA.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1

FWIW my home uses a USG50, running latest firmware, and I have a Mac OS X Server handling DNS and DHCP on the LAN. Our Aria WiFi scale has no problem connecting to the FitBit website.

Obviously the big difference is that my LAN Server is handling DHCP/DNS, which means the ARP-following-DHCP doesn't involve the USG50 (per your second screenshot), its between my LAN server and the Aria.

For normal networking between Aria and FitBit website, the USG50-and-Aria appear to be properly handling ARP requests.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

You two are ober-geeks! wifi connected scale ... geeks!



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1

I like my stats and graphs! Use RunKeeper for tracking exercise, and FitBit feeds weights from scale into RunKeeper.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Sure, when your about 80 you will look back and wonder, what the heck was I doing with all that geek stats stuff. I should have been reading a good book instead.


Kirby Smith

join:2001-01-26
Derry, NH

Or warming Canada's chilly climate with llama flatulence.



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2
reply to bbarrera

I am with bbarrera. Reading a tech manual, stats, and graphs are intriguing.



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast
reply to dnoyeB

I like my graphs and data. Keeps me subconsciously conscious of what direction I'm heading.

I put a TP-Link AP in router mode and let the scale connect to that. I don't have any problems with it now. The ARP only happens between the scale and the other device on the segment that needs to talk to it. Putting a NATing router between the Aria and the USG broke that segment. The other router does not seem to need the ARP.

On a side note, after about a day being connected the scale downloaded a new firmware. I remember when the lady sent me this scale she said it had the latest firmware on it and that was supposed to solve my problem. Its a problem that happens to some people apparently. It may be that she just sent me an older scale by mistake. I'll retest maybe this weekend and see.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1

V29 firmware is on my Aria scale.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to dnoyeB

said by dnoyeB:

Essentially this is what happens.

USG20 -> DNS Server: Resolve Address Please (DNS Req)
DNS Server -> USG20: OK Here you go (DNS Reply)
USG20 -> DNS Server: Sorry, I can't be reached. (ICMP)

The original request is from an item on my LAN. the only thing remarkable here is that the UDP packet in the DNS request does not have a checksum. This seems to confuse the USG.

Any ideas.

Professes deep ignorance by stating.... How fat are you that you need to connect your scale to computers and presumably chart and graph your weight loss program!!
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1

The fitbit.com website is pretty cool, with minor effort after meals and workouts it helps me manage calories at meals and snacks (or conversely, tells me how many calories to burn in a workout). My goal is to lose 25 lbs @ 1lb/week and the fitbit.com website really helps keep me on track.

Its not for everyone, but if you like stats and graphs to motivate then fitbit scale and website make it fun.



Gork
Ou812ic

join:2001-10-06
Bountiful, UT

I assumed the whole thing was some kind of a postal scale or something. heh Now the whole thing makes more sense! But, well, @Anav kinda' has a point. That IS kinda' weird... But as long as you realize it, that's ok.