PC has a DHCP lease but loses connection to the internet.



  • This has been happening randomly to some computers.

    What might be the cause?


  • Netgate Administrator

    Could be many things. More details please.

    Possibly a rogue DHCP server.

    Steve



  • @stephenw10:

    Could be many things. More details please.

    Possibly a rogue DHCP server.

    Steve

    No rogue server.
    PCs run Windows 7.
    Affected PCs can ping other PCs in the network, but not the gateway (PFSense)
    It generally affects 1, 2 PCs and then grows to a large number of PCs without internet.

    malware maybe?



  • Sounds potentially like the symptoms of an IP conflict on the gateway IP (a good reason to never stay with 192.168.1.1 as your gateway IP). Or a rogue DHCP server that's assigning conflicting IPs to clients. Impossible to say definitively from that info.

    Check ARP cache on the affected client machines to see if the gateway IP has an entry and if it matches the firewall. Check the firewall's ARP cache, and its system log for indications of IP conflicts ('IP moved from x MAC to x MAC' logs).



  • @cmb:

    Sounds potentially like the symptoms of an IP conflict on the gateway IP (a good reason to never stay with 192.168.1.1 as your gateway IP). Or a rogue DHCP server that's assigning conflicting IPs to clients. Impossible to say definitively from that info.

    Check ARP cache on the affected client machines to see if the gateway IP has an entry and if it matches the firewall. Check the firewall's ARP cache, and its system log for indications of IP conflicts ('IP moved from x MAC to x MAC' logs).

    Thanks for the answer. Is it possible for smartphones connected wirelessly to cause this?

    Is this 'IP moved from x MAC to x MAC' a System log? Haven't found any.



  • Yes that'll be in the system log. You may also see any IP conflicts for the firewall's LAN IP there.

    Generally no, phones won't cause any such issues, but I have heard of at least one other person here who had problems along those lines when some phone with 192.168.1.1 statically assigned was connected.



  • @cmb:

    Yes that'll be in the system log. You may also see any IP conflicts for the firewall's LAN IP there.

    Generally no, phones won't cause any such issues, but I have heard of at least one other person here who had problems along those lines when some phone with 192.168.1.1 statically assigned was connected.

    Only one IP conflict might cause other IP conflicts?
    If there was some rogue device in my network, I don't think it would be solved with Rebooting the firewall , or reconnecting WAN cable. These were some approaches that worked for me, but they do not work 100% of the time.



  • If one device is taking over the gateway IP, that'll eventually take off all or at least a big chunk of the network. Rebooting the firewall fixing that doesn't mean it has anything to do with the firewall, that does things such as sending a gratuitous ARP on the interface IPs which will temporarily fix an IP conflict amongst other potential general internal network problems with no relation to the firewall.



  • @cmb:

    If one device is taking over the gateway IP, that'll eventually take off all or at least a big chunk of the network. Rebooting the firewall fixing that doesn't mean it has anything to do with the firewall, that does things such as sending a gratuitous ARP on the interface IPs which will temporarily fix an IP conflict amongst other potential general internal network problems with no relation to the firewall.

    That makes sense.
    I have some critical PCs which can't lose connection, is there something I can do? I've read about dhcp snooping, but it is proprietary tech.

    There might be something here.. the android lease was the first lease of the day, and the 2 PCs above had connection problems:



  • Check the ARP cache of an affected host when it goes offline, see what MAC it has for its gateway IP.


  • Netgate Administrator

    There was an interesting thread on here recently where a network admin was suffering similar symptoms. It turned out to be someone who had his iphone set to share it's 3g connection via wifi. It was running a dhcp server and randomly handing out addresses. Probably also on 192.168.1.x.

    Steve



  • @cmb:

    Check the ARP cache of an affected host when it goes offline, see what MAC it has for its gateway IP.

    I think it will come down to this, thanks.

    @stephenw10:

    There was an interesting thread on here recently where a network admin was suffering similar symptoms. It turned out to be someone who had his iphone set to share it's 3g connection via wifi. It was running a dhcp server and randomly handing out addresses. Probably also on 192.168.1.x.

    Steve

    Hmm interesting. But PCs here only have wired network.


  • Netgate Administrator

    And any wifi you have is isolated from that? Different subnet?

    It's probably not that. I remember thinking it was an incredibly obscure problem at the time.  I only suggested it because you mentioned smartphones.  ;)

    Steve



  • @stephenw10:

    And any wifi you have is isolated from that? Different subnet?

    It's probably not that. I remember thinking it was an incredibly obscure problem at the time.  I only suggested it because you mentioned smartphones.  ;)

    Steve

    My wifi is in the same lan. But surely a smartphone tethering won't affect my lan? To be honest it got me thinking.

    I hoped it would be smartphones, because otherwise I have no idea.


  • Netgate Administrator

    It could be that then. If you turn on 'personal hotspot' mode, or whatever they're calling it, the phone will be running a dhcp server and will start responding to dhcp requests with itself as the gateway. If your wifi is connected to the LAN at layer2 (access point plugged into a switch) then a phone could causing this.

    Steve



  • I caught the culprit!
    It was really an Iphone which was causing a conflict.. now to discover why!
    Hotspot is turned off, Wifi is on DHCP..


  • Netgate Administrator

    Some 3rd party hotspot app.? There are plenty of solutions to enable 'hotspot mode' or similar without going through the official hoops because many operators like to charge extra for that.
    Is it jailbroken?

    Steve


Locked