FingBox disrupting Raspberry Pi’s
A strange and frustrating situation keeps occurring when the following happens.
If a device enters my wifi network which had previously been connected successfully and therefore still has valid wifi credentials, Fingbox of course correctly still blocks the device because I had removed it thinking it would not be connecting again.
In my router logs I can see a long list of DHCP declines, again as I imagine expected behaviour.
I have 3 raspberry pi’s, 2 of which are responsible for network wide DNS via Pi-hole and unbound.
Now when the above situation occurs, all 3 raspberry pi’s suddenly become inaccessible via their Ethernet connections. One of the pi’s also has a wifi connection with which I can still obtain access to it and can see that eth0 has been taken offline.
This brings down my whole network and the only fix is to power off and on the Pi’s assuming of course the reintroduced device is no longer attempting to connect to my network.
It seems to be an effect created by my Fingbox but my question would be why does it only affect the Ethernet connections on the Pi’s?
This is probably an unexpected side effect of normal functionality of the Fingbox but it would be great to understand how it is affecting the Pi’s and what could be done to mitigate this situation.
Thanks for your assistance.
Answers
-
Thanks @Marc
@niknick
Apologies for delay in responding. As you mentioned when one of your old devices makes the connection again then the all 3 raspberry pie loses connection, is that right? Have you check if you have set correct network size on the Fing app settings?
Also, instead of removing the unknown device, you can block it in Fing app and then check if the issue persists? Also, check if there is any firmware pending on your router.Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
Hi @Robin
Thank you for your reply.
That is correct, a previously joined device which knows my wifi credentials but one I have removed from Fing is the cause of the problem.
I set the network size to /24 since my initial install however I have recently added an additional subnet due to having a HomeKit Router which handles all my Apple HomeKit devices. So now you mention this I guess I should change this setting to /23 ?
All firmware on my devices are up to date, I’m pretty fastidious on that.
If I were to block the device then yes the problem does not present itself. The only reason I haven’t is because I thought that device would not be in my network again. For example a workman doing something in my home who needed temporary wifi at the time.
I will also try @Marc suggestion to turn off auto block and see what happens but I imagine all will be fine as auto block would seem to be the feature inadvertently causing the issue.
So I wonder if it’s down to network size as you mentioned. I will make that change and observe, thanks for the suggestion.
I will feedback on how I get on, thank you both for your help thus far.
Kind regards
Nick
0 -
@niknick
Removing a device will only ignore the device and deletes from the Fing App. It means that you do not want to monitor that particular device but when you rescan the network and if the device is still connected to that network, it will appear again on the network. Removing a device does not delete the device from the network.
Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
Indeed and that’s exactly my intention as once a temporary user or an old device is no longer on my network I don’t want it listed in my Fing app.
In the case of a temporary user I don’t have ability to have them forget my network credentials and of course if they were to return then the issue presents itself immediately.
Unfortunately there have been quite a few scenarios recently in which this has happened.
Do you think changing to /23 will be effective or perhaps further investigation is required?
Thanks again
0 -
@niknick
Changing network size could help resolve the issue. If the issue persists, try to assign static Ip address to Fingbox from router settings and then we can investigate further.Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
Thanks @Robin
I have made the change to network size will let you know what happens.
The Fingbox and the Raspberry Pi’s all have static IP addresses from the router. The Pi’s are also set to static mode themselves now too as I thought that my help prevent the problem but it seems this issue can override that too.
0 -
Hi @Robin
Just following up on this issue. The change made to the network size did not solve the issue unfortunately and the I had already issued static IP addresses to my Fingbox and the Pi’s however this problem seems to override those.What are the next steps in diagnosing this?
Thanks
Nick0 -
@niknick
Can you remove Fingbox from the network for 24 hours and then check if the issue persists with Pi's or not? This will help to further isolate the issue.Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
It seems like both raspberry pie and Fingbox are sharing some ports which might be causing such issue. You need to have ports 80, 443, 4443, 5671 open so the Fingbox can connect to the Fing Software servers.niknick said:@Robin
Ive had Fingbox off for a week now and there has not been any occurrences of the issue.(If you are going to run a speed test, please also have ports 3001, 3002, and 3003 enabled also)
Can you check if the Pie is also using those ports? Thanks
Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
So when you say open, to my knowledge I have no outbound restrictions on which ports can be opened from my network.
Are you saying I need to allow those ports inbound to Fingbox?
The raspberry pi’s use port 80 for the UI of pi-hole but none of the other ports you mentioned.
So having port 80 in common what is fingbox doing to port 80 on the pi’s?
Thanks for all your help on this.
0 -
I am chasing a similar problem which started some some weeks ago. I am loosing IPV4 Adress on the the pi on a regular base (multiple times a day). This is what is shown in the log on the pi:
journalctl -u dhcpcd
output:
Jul 01 09:11:44 raspberrypi4 dhcpcd[563]: eth0: hardware address f0:23:b9:ec:1f:?? claims 192.168.188.79
Jul 01 09:11:44 raspberrypi4 dhcpcd[563]: eth0: hardware address f0:23:b9:ec:1f:?? claims 192.168.188.79
Jul 01 09:11:44 raspberrypi4 dhcpcd[563]: eth0: 10 second defence failed for 192.168.188.79
Jul 01 09:11:44 raspberrypi4 dhcpcd[563]: eth0: deleting route to 192.168.188.0/24
Jul 01 09:11:44 raspberrypi4 dhcpcd[563]: eth0: deleting default route via 192.168.188.1
Jul 01 09:11:44 raspberrypi4 dhcpcd[563]: eth0: probing address 192.168.188.79/24
Jul 01 09:11:44 raspberrypi4 dhcpcd[563]: eth0: hardware address f0:23:b9:ec:1f:?? claims 192.168.188.79
Jul 01 09:11:45 raspberrypi4 dhcpcd[563]: eth0: DAD detected 192.168.188.79
(demaskier the MAC from my fingbox: f0:23:b9:ec:1f:?? is the MAC of my fingbox. Very strange. It looks like the router wants to assign the same IPV4 Adress to the fingbox and this is when my PI becomes unavailable. when I manually disconnect the ethernet cable and re-connect it it works fine again (for some time). I do have pi-hole installed on that pi (might be related)? Had there been some FW updates recently on the fingbox which could be related?
0 -
@niknick
You need to have both inbound and outbound rules set for the ports needed by Fingbox. If pie is using port 80 then can you configure pie with another port than port 80 and see if the issue persists?Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
So I have to open those ports you listed inbound from the Internet into Fingbox?
I am reluctant to want to open any inbound ports for obvious reasons and In all the time I have had fingbox, with the exception of this issue, it has worked perfectly fine without these ports open inbound and with showing any errors.
I would imagine if not having them open all this time I would have received some notifications in the app to say fingbox cannot function properly.?
does this also mean therefore that any other device on my network using any of the four ports would potentially have an issue. So far it’s limited to the pis but I do have other devices that use port 80 for example. And In this situation when fingbox is blocking would I be exposing port 80 etc on all devices to the internet?
I wish to understand the requirement a bit more as it may be my understanding that not right so sorry for the questions but I just want to be very sure I am correctly implementing what you have asked.
Thanks for sharing your experience of similar situation. You seem to have been able to get further along with analysing the pi’s. I wasn’t aware of the disconnect and connect technique however on mine as I have poe I can’t try right away.
have you had any thoughts on what’s triggering it for you? With me it’s when a device I have removed from Fingbox but still retains my wifi credentials then rejoins and fingbox attempts to auto block it but the device knowing the credentials keeps persisting.
0 -
I was wondering if you had a chance to review my message? My Fingbox has been off for over a week now and of course that’s worrying.
I just wanted to make sure i fully understand what your recommendation is regarding the ports which I outlined in my last message as to my concerns or misunderstanding.
I reviewed again the documentation and while it mentions outbound possibilities there is no mention of any inbound requirements. And it would seem contrary to the whole vulnerability test etc.
“Due to the distributed and resilient design of Fing services, we recommend giving Fing app and Fingbox access to the full Internet. If you want to limit outbound connections and still ensure minimum functionality, make sure to allow Fingbox to reach any IP address on the following TCP ports: 80, 443, 4443, 5671.”
I have not limited outbound connections so Fingbox does have access to the full internet as suggested.
look forward to hearing from you.
0 -
I had some trouble with the autoblock-feature, too. Actually i don't see any difference between blocking a new device and blocking an existing device. In my case, blocked devices ask for dynamic ip address many times. Because the DHCP is answering and fingbox is returning (i guess) this will cause BAD_ADDRESS entries in DHCP-Server. Sometimes the scope filled up and no device will get dynamic ip anymore. I just could solve that problem during blocking the unwanted devices through my network-switches (block MAC-addresses).
For more details about my experience: https://community.fing.com/discussion/5424/private-mac-in-ios-14-and-auto-block-new-devices-causes-bad-address#latest
0 -
Hi @mozarella
Thanks for sharing your scenario. It does have some similarities on what I’m experiencing. In your case, an Apple device with the private MAC address feature enabled would probably yield the same effect as in my situation, where a device that was once in Fing and I then removed, for then some time later to come back and as it knows my WiFi credentials it attempts to connect but of course Fing blocks it as a new device.It’s simply the situation where a device has the correct WiFi credentials but as far as Fing is concerned it’s a new device to block. In this situation my router logs multiple dhcp-decline errors and all 3 Ethernet connections on my 3 pi’s stop responding. Their WiFi interfaces continue fine but as two of the three pis are responsible for dns (Pi-hole and unbound) and do that via their Ethernet connections, my whole network becomes unusable till I reboot the pis and remove the device from attempting to connect.
@LarsD suggest that disconnecting the Ethernet cable and reconnecting solved a similar issue he had however mine are also tied into PoE but I do want to try and test this.@Robin I have not heard from you following my two messages wishing to clarify your instructions to open inbound ports. In the time I have been using Fingbox I have been extremely satisfied with the product with this being the only exception. I hope we can pick up where we left off as I am with regret starting to think about finding an alternative solution to Fing, but I really hope we can find the solution to this.Thank you all
kind regards
Nick0 -
@niknick
As you mentioned there is on restrictions on the outbound rules to the Fingbox and if the none of the ports are being shared by Pie and Fingbox then it should not create any issues. In few cases, we have seen that the inbound rules have helped users and thus, I suggested that.
I will seek further advice on this and get back to you with an update. Thanks
Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
I have had the problem since Friday on my Pi.
Randomly the fing box takes the IP address of eth0 and I lose connection.
Turn off the fing box and all is fine.
It has been driving me insane.
It is only doing this on one of my pis. The one that has POE.
Any ideas.
0 -
Here the problem is the "flood" on my Firewall from Fingbox trying to use Google's DNS...
Searching for a solution I decided to read the Fing's Privacy Policy... What a deception...
At least they are sincere.... LoL0 -
I’m facing this issue now. I recently upgraded my PiHole, then this forced me to update from Stretch to Bullseye.
Then my network would go down every few hours. Completely rebuilt from the ground up. Now my Fingbox refreshes every hour.
Anyone get anything figured out?
0 -
There is a setting on the Fingbox, if you go to your Fingbox network, click on the top right on the Fingbox icon. You will find a bunch of settings, see if Slower network discovery is on or off. if its on, turn it off and see if this helps. In the early days of Fingbox's, this was a way to solve a number of seemingly strange issues.Thats Daphnee, she's a good dog...0
Categories
- 5.8K All Categories
- 2.8K Ask about Connected Technology
- How To...
- 1.1K Devices & Security
- 1.6K Network Troubleshooting & Connectivity
- 114 General Discussion, Weird & Wonderful
- 45 Network Infrastructure
- 5.4K Ask about Fing
- 548 Fing Account Change Request
- 1.1K Fing Desktop
- 1.4K Fing App
- 1.7K Fingbox
- 534 Announcements, Beta Testing & Release Notes
- 160 Community Updates
- 29 Getting started
- 13 Community User Guides