General discussion

Locked

IP CONFLICT

By jrubi ·
Hi, tech people.
I manage a Wireless ISP.
I have clients with outdoor wireless unit and his PC wired to it.
The PCs have an 192.168.x.2 IP and the wireless unit a 192.168.x.254 IP.
The x is diferent for each client, of course.
I have a Redhat 9 linux system doing NAT and PROXY between my clients networks and internet.
Some days ago, suddenly, PCs started to give an IP conflict error:
"The system has detected an IP address conflict with another system on the network"
The behavior is randomic. There is no fixed time or hour to happen. Neither fixed PC. Afected PC solves after 5 or 6 restarts.
Excuse my poor english. And help me with this crazy problem, please.

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by ReWrite In reply to IP CONFLICT

If you know what 2 pc's are conflicting check and see if they are releasing their ip address. My guess is that either 1 or both is getting an ip for a connection. After disconnecting and returning that ip has been handed out and the 1st pc is not automatically releasing the old ip and getting a new one. Have the user do a release.

Cheers.

RW

Collapse -

by jrubi In reply to

I do not know wath 2 PCs are conflicting.
just one of them. And the PCs are randomics.
They are a lot of PCs in diferents clients locations with Wireless connection.
Is imposible to go every time to each PC to see their actual IP.
And the IPs are staticals... so IP conflicts is UNACCEPTABLE!!!!

Collapse -

by razz2 In reply to IP CONFLICT

How are the clients getting ip's? Are they static or DHCP? If they are DHCP then I doubt that it is giving the same address twice, but check the DHCP clients list and make sure.

If they are static then I would guess someone is war-driving and trying to get on the network. WEP and MAC filters are far from secure. Do you know the MAC address for permitted clients? Then use Ethereal to capture some packets and see who's on.

Good Luck,

razz

Collapse -

by jrubi In reply to

Is STATIC.
I like the term WAR-driving.. Another ISP trying to drive me crazy ??? ..
hmm... it is a possible idea.

Collapse -

by sgt_shultz In reply to IP CONFLICT

you are not dishing out ip addresses via dhcp are you? cut that out right away. use static addresses only. turn off dhcp server.
or, wonder if this would work: why don't you just re-scope the dhcp server to only hand out address that won't conflict with the static addresses you have surely configured on the lans...
i find your English to be excellent. i apologize for using slang. i do not mean to make it difficult for you to understand that is the best i can do. sorry.
i am intrigued by the war driving answer. my gut likes that one. but i wonder, if war-driver was smart enough to war drive, seems to me they would be smart enough to not put pc with conflicting ip address on your network, thereby generating a known error message. like 'waving a red flag' as we say. unless they are messing with you and want you to see them. so it is 'splitting hairs' maybe but i say is not somebody trying to hack you. just somebody 'freeloading' on your broadband (stealing internet access). so i say: believe your error message. somebody is parking ip device on your network (laptop, palm pilot, handheld, whatever) intermittently on that lan and for whatever reason it has ip address same as the one already on your lan. this error means what it says: 2 devices at same address. do you have any network discovery tools. can you ping etc when this happens. sniff, yes.
i do not think you are running dhcp server and i think you have configured all with static ip addresses. therefore, i conclude a 'wiseguy' has copied the tcpip settings from a pc on your lan onto their laptop and are trying for free broadband. sorry if i am 'missing the mark' badly.

Collapse -

by jrubi In reply to

The IPs are static. And I have MAC filter in my wireless.
Excuse me for forgetting this data.

Collapse -

by razz2 In reply to IP CONFLICT

Your english is better than many I know and it is their main
language.

I agree with sgt_shultz that my war-driving answer might make
no sense IF they know what they are doing. They would not put
the Red Flag up. BUT, I made an assumption that the LAN uses
some form of security such as WEP or MAC filters. If that is the
case then either they are new and playing around to try a hack
(for fun/bandwidth use) or it is someone internal that knows the
access code and as the SGT mentioned copied ip settings
without thinking.

I find that now days many do not use simple security in wireless
and the war-driving craze is big now, so I always wonder. You
should see the GPS maps out there of access points people have
logged. Scary. It propbly is an internal user though.

I like the suggestion by SGT that maybe you are using both
static and DHCP and have an overlap in the scope.

Good Luck,

razz

Collapse -

by jrubi In reply to

May somebody out of the network clone any allowed mac ??
I mean, having a MAC address filter in the Access Point and a IP filter in linux.. may somebody get in to mess (mesh?) the net ??

guys.. thanks for your answer.. please keep thinking about that.. I will make more test and post the results.

Collapse -

by razz2 In reply to IP CONFLICT

MAC address filtering is the easiest of all things to get by. War-
driving is using a laptop with a wireless card (usually hooked to
a large Ant. on the car roof. Many times they even have GPS
software and can scan WLAN's from far away and have the GPS
map them. Take a look:

http://www.pasadena.net/vacation/

http://www.wardriving.com/code.php

http://www.wifimaps.com/

They capture a few packets and poof they know some MAC
address' in use.

Do you have WEP or another form of encryption enabled?

That is harder (though not impossible) to get by.

razz

Collapse -

by drew In reply to IP CONFLICT

IP Networking is done at a hierarchical level, not only through routers and switches (physically) but also logically in all pieces.

When doing TCP/IP networking, you'll want them to be in the same network, which is defined as a combination of an IP address and netmask. This defines the range of IPs for the particular network. Most networks have a network with a /24 subnet mask, which is commonly seen as 255.255.255.0.

The computers that need to talk to each other must be within their subnet range, or the traffic is deemed to be "outside," and a router must be used to push the packet towards it's final destination.

For this example, pick a number and use it -- 192.168.4.0/24 for example, will and leave addresses 192.168.4.1-254 available, with a subnet mask of 255.255.255.0.
For a home gateway with Redhat, I recommend dhcpd and iptables and named combo, and two NICs. Use the quietest thing you've got, and leave it in your closet. You can install these from the installation procedure, when you select individual packages.

Back to Networks Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums