LINUX.ORG.RU

После перезагрузки не всегда удаётся подключиться к локалке. В чём может быть дело?

 , , , ,


1

1

Здравствуйте, господа. Имеется ПК, работающий в качестве роутера с точкой доступа Wi-Fi. На нём установлен Debian 9 («Stretch») + isc-dhcp-server + hostapd.

Проблема вот в чём: иногда, после N-ой перезагрузки системы, ВСЕ устройства не могут подключиться к локалке. К примеру, пытаюсь я подключиться с телефона к точке доступа Wi-Fi. Соединение тут же рвётся и начинает устанавливаться заново. Снова рвётся и снова пытается установиться... И т.д. и т.п. Перезагружу систему несколько раз - устройства подключаются успешно. Снова перезагружу систему - устройства опять подключиться не могут.

Вывод cat /var/log/dhcpd.log:

Jun 23 11:23:12 J5005-ITX dhcpd[1381]: Internet Systems Consortium DHCP Server 4.3.5
Jun 23 11:23:12 J5005-ITX dhcpd[1381]: Copyright 2004-2016 Internet Systems Consortium.
Jun 23 11:23:12 J5005-ITX dhcpd[1381]: All rights reserved.
Jun 23 11:23:12 J5005-ITX dhcpd[1381]: For info, please visit https://www.isc.org/software/dhcp/
Jun 23 11:23:12 J5005-ITX dhcpd[1383]: Internet Systems Consortium DHCP Server 4.3.5
Jun 23 11:23:12 J5005-ITX dhcpd[1383]: Copyright 2004-2016 Internet Systems Consortium.
Jun 23 11:23:12 J5005-ITX dhcpd[1383]: All rights reserved.
Jun 23 11:23:12 J5005-ITX dhcpd[1383]: For info, please visit https://www.isc.org/software/dhcp/
Jun 23 11:23:12 J5005-ITX dhcpd[1383]: Wrote 4 leases to leases file.
Jun 23 11:23:12 J5005-ITX dhcpd[1383]: Multiple interfaces match the same subnet: eth1 br0
Jun 23 11:23:12 J5005-ITX dhcpd[1383]: Multiple interfaces match the same shared network: eth1 br0
Jun 23 11:23:12 J5005-ITX dhcpd[1384]: Server starting service.
Jun 23 11:23:20 J5005-ITX dhcpd[1384]: reuse_lease: lease age 57 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.116
Jun 23 11:23:20 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.116 from **:**:**:**:**:** (android-521fcb5b8ea3efe9) via br0
Jun 23 11:23:20 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.116 to **:**:**:**:**:** (android-521fcb5b8ea3efe9) via br0
Jun 23 11:24:01 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.117 from **:**:**:**:**:** (ASUS-i7) via br0
Jun 23 11:24:01 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.117 to **:**:**:**:**:** (ASUS-i7) via br0
Jun 23 11:24:04 J5005-ITX dhcpd[1384]: DHCPINFORM from 192.168.0.117 via br0
Jun 23 11:24:04 J5005-ITX dhcpd[1384]: DHCPACK to 192.168.0.117 (**:**:**:**:**:**) via br0
Jun 23 11:24:07 J5005-ITX dhcpd[1384]: DHCPINFORM from 192.168.0.117 via br0
Jun 23 11:24:07 J5005-ITX dhcpd[1384]: DHCPACK to 192.168.0.117 (**:**:**:**:**:**) via br0
Jun 23 11:24:10 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:11 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:12 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:12 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:15 J5005-ITX dhcpd[1384]: reuse_lease: lease age 4 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:15 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:15 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:15 J5005-ITX dhcpd[1384]: reuse_lease: lease age 4 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:15 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:15 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:19 J5005-ITX dhcpd[1384]: reuse_lease: lease age 8 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:19 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:19 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:19 J5005-ITX dhcpd[1384]: reuse_lease: lease age 8 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:19 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:19 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:23 J5005-ITX dhcpd[1384]: reuse_lease: lease age 12 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:23 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:23 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:23 J5005-ITX dhcpd[1384]: reuse_lease: lease age 12 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:23 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:23 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:27 J5005-ITX dhcpd[1384]: reuse_lease: lease age 16 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:27 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:27 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:27 J5005-ITX dhcpd[1384]: reuse_lease: lease age 16 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:27 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:27 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:31 J5005-ITX dhcpd[1384]: reuse_lease: lease age 20 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:31 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:31 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:31 J5005-ITX dhcpd[1384]: reuse_lease: lease age 20 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:31 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:31 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:35 J5005-ITX dhcpd[1384]: reuse_lease: lease age 24 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:35 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:35 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:35 J5005-ITX dhcpd[1384]: reuse_lease: lease age 24 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:35 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:35 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:39 J5005-ITX dhcpd[1384]: reuse_lease: lease age 28 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:39 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:39 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:39 J5005-ITX dhcpd[1384]: reuse_lease: lease age 28 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:39 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:39 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:43 J5005-ITX dhcpd[1384]: reuse_lease: lease age 32 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:43 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:43 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:43 J5005-ITX dhcpd[1384]: reuse_lease: lease age 32 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:43 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:43 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:46 J5005-ITX dhcpd[1384]: reuse_lease: lease age 35 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:46 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:46 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:46 J5005-ITX dhcpd[1384]: reuse_lease: lease age 35 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:46 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:46 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:50 J5005-ITX dhcpd[1384]: reuse_lease: lease age 39 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:50 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:50 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:50 J5005-ITX dhcpd[1384]: reuse_lease: lease age 39 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:50 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:50 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:54 J5005-ITX dhcpd[1384]: reuse_lease: lease age 43 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:54 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:54 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:54 J5005-ITX dhcpd[1384]: reuse_lease: lease age 43 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:54 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:54 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:58 J5005-ITX dhcpd[1384]: reuse_lease: lease age 47 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:58 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:58 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:58 J5005-ITX dhcpd[1384]: reuse_lease: lease age 47 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:24:58 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:24:58 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:02 J5005-ITX dhcpd[1384]: reuse_lease: lease age 51 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:25:02 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:02 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:02 J5005-ITX dhcpd[1384]: reuse_lease: lease age 51 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:25:02 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:02 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:06 J5005-ITX dhcpd[1384]: reuse_lease: lease age 55 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:25:06 J5005-ITX dhcpd[1384]: DHCPDISCOVER from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:06 J5005-ITX dhcpd[1384]: DHCPOFFER on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:06 J5005-ITX dhcpd[1384]: reuse_lease: lease age 55 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
Jun 23 11:25:06 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.2 (192.168.0.1) from **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:25:06 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.2 to **:**:**:**:**:** (android-4bbe66904fb5f42b) via br0
Jun 23 11:26:35 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.3 from **:**:**:**:**:** (Galaxy-A8-2018) via br0
Jun 23 11:26:35 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.3 to **:**:**:**:**:** (Galaxy-A8-2018) via br0
Jun 23 11:28:16 J5005-ITX dhcpd[1384]: DHCPREQUEST for 192.168.0.116 from **:**:**:**:**:** (android-521fcb5b8ea3efe9) via br0
Jun 23 11:28:16 J5005-ITX dhcpd[1384]: DHCPACK on 192.168.0.116 to **:**:**:**:**:** (android-521fcb5b8ea3efe9) via br0

В тех случаях, когда после перезагрузки устройствам не удаётся подключиться к сети, в логах фигурируют подозрительные строчки:

reuse_lease: lease age 4 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.2
В случаях, когда устройства благополучно могут подключаться - этих строчек в логах нет.

На всякий случай привожу содержимое своих конфигов.

/etc/default/isc-dhcp-server:

INTERFACESv4="eth1 br0"
INTERFACESv6=""

/etc/dhcp/dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {
	range 192.168.0.2 192.168.0.254;
	option domain-name-servers 8.8.8.8, 8.8.4.4;
	option domain-name "local";
	option routers 192.168.0.1;
	option broadcast-address 192.168.0.255;
	default-lease-time 600;
	max-lease-time 7200;
}

/etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug eth1
iface eth1 inet static
address 192.168.0.1
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255

auto br0
iface br0 inet static
bridge_ports eth1 wlan0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
bridge_waitport 0
address 192.168.0.1
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255

Вывод iptables -L:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
DROP       icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
DROP       tcp  --  anywhere             anywhere             ctstate NEW tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere             ctstate NEW tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere             ctstate NEW tcp flags:!FIN,SYN,RST,ACK/SYN
REJECT     tcp  --  anywhere             anywhere             ctstate INVALID,NEW tcp flags:SYN,ACK/SYN,ACK reject-with tcp-reset
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP       tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN,RST
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN/FIN,SYN
           tcp  --  anywhere             anywhere             tcp multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** ctstate NEW recent: SET name: ddos_block_conn_tcp side: source mask: 255.255.255.255
DROP       tcp  --  anywhere             anywhere             tcp multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** ctstate NEW recent: UPDATE seconds: 60 hit_count: 180 name: ddos_block_conn_tcp side: source mask: 255.255.255.255
           udp  --  anywhere             anywhere             udp multiport dports ntp,netbios-ns,netbios-dgm,openvpn ctstate NEW recent: SET name: ddos_block_conn_udp side: source mask: 255.255.255.255
DROP       udp  --  anywhere             anywhere             udp multiport dports ntp,netbios-ns,netbios-dgm,openvpn ctstate NEW recent: UPDATE seconds: 60 hit_count: 180 name: ddos_block_conn_udp side: source mask: 255.255.255.255
DROP       tcp  --  anywhere             anywhere             multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** #conn src/32 > 16
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** ctstate NEW limit: up to 36/min burst 24 mode srcip
DROP       udp  --  anywhere             anywhere             multiport dports ntp,netbios-ns,netbios-dgm,openvpn #conn src/32 > 16
ACCEPT     udp  --  anywhere             anywhere             multiport dports ntp,netbios-ns,netbios-dgm,openvpn ctstate NEW limit: up to 36/min burst 24 mode srcip
DROP       tcp  --  anywhere             anywhere             multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** #conn src/32 > 16
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** ctstate NEW limit: up to 36/min burst 24 mode srcip
DROP       udp  --  anywhere             anywhere             multiport dports ntp,netbios-ns,netbios-dgm,openvpn #conn src/32 > 16
ACCEPT     udp  --  anywhere             anywhere             multiport dports ntp,netbios-ns,netbios-dgm,openvpn ctstate NEW limit: up to 36/min burst 24 mode srcip
DROP       tcp  --  anywhere             anywhere             multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** #conn src/32 > 16
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp-data,ftp,smtp,http,netbios-ssn,https,microsoft-ds,openvpn,****,**** ctstate NEW limit: up to 36/min burst 24 mode srcip
DROP       udp  --  anywhere             anywhere             multiport dports ntp,netbios-ns,netbios-dgm,openvpn #conn src/32 > 16
ACCEPT     udp  --  anywhere             anywhere             multiport dports ntp,netbios-ns,netbios-dgm,openvpn ctstate NEW limit: up to 36/min burst 24 mode srcip
DROP       udp  --  anywhere             anywhere             PKTTYPE = broadcast
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.0.0/16       anywhere             ctstate NEW
ACCEPT     gre  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.0.0/16       anywhere             ctstate NEW
ACCEPT     gre  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.0.0/16       anywhere             ctstate NEW
ACCEPT     gre  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     tcp  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp,ssh,domain,http,81,netbios-ssn,https,microsoft-ds,1024:65535 ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             multiport dports domain,ntp,netbios-ns,netbios-dgm,1024:65535 ctstate NEW
ACCEPT     icmp --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp,ssh,domain,http,81,netbios-ssn,https,microsoft-ds,1024:65535 ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             multiport dports domain,ntp,netbios-ns,netbios-dgm,1024:65535 ctstate NEW
ACCEPT     icmp --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp,ssh,domain,http,81,netbios-ssn,https,microsoft-ds,1024:65535 ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             multiport dports domain,ntp,netbios-ns,netbios-dgm,1024:65535 ctstate NEW
ACCEPT     icmp --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             ctstate NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,RELATED,ESTABLISHED
ACCEPT     gre  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,RELATED,ESTABLISHED
ACCEPT     gre  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,RELATED,ESTABLISHED
ACCEPT     gre  --  anywhere             anywhere
Подскажите, пожалуйста, в чём может быть дело? Как-то непонятно: то работает, то, после перезагрузки, уже не работает.


Ответ на: комментарий от xaTa

/etc/dhcp/dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {
	range 192.168.0.2 192.168.0.254;
	option domain-name-servers 8.8.8.8, 8.8.4.4;
	option domain-name "local";
	option routers 192.168.0.1;
	option broadcast-address 192.168.0.255;
	default-lease-time 600;
	max-lease-time 7200;
}

Sferg ()

Сразу вижу как минимум одну проблему: у тебя кривой конфиг сети на сервере с dhcpd: IP настроен одновременно и на eth-интерфейсе и на мосту, в который он входит. Тем более одинаковый IP. Убери eth1 вообще из /etc/default/isc-dhcp-server и убери настройки IP с eth1 в /etc/network/interfaces (не знаю как это правильно в дебиане делается, но способ точно есть).

Deleted ()
Ответ на: комментарий от Deleted

Спасибо за наводку. В файле /etc/default/isc-dhcp-server строчку:

INTERFACESv4="eth1 br0"
заменил на:
INTERFACESv4="br0"

Затем в файле /etc/network/interfaces строчки:

allow-hotplug eth1
iface eth1 inet static
address 192.168.0.1
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
заменил на:
allow-hotplug eth1
iface eth1 inet manual
В логах dhcpd продолжают фигурировать строчки вида:
reuse_lease: lease age 57 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.0.116
Но, кажется, теперь всё работает. Впрочем, нужно ешё понаблюдать.

Sferg ()