On 7/11/22 11:30, Ram Ramesh wrote:
Experts,
I have a firewall machine built recently and it runs debian bullseye
(v11). It has two ethernet interfaces - one internal ($intf) and one
external ($extf). My external port runs dhclient to get its IP address
and internal port runs dnsmasq to provide DNS service to
internal/protected hosts. Usual iptables rules are established to
prevent attack/entry into internal net from external net and allow
proper internet access to internal net hosts.
I had this system working fine (on an older machine) since debian
5.0.7. I have not upgraded that machine as it is working fine. However
that hardware is too old (10+ years) and I wanted to replace it with
something more modern running latest OS and that is why I built the
above machine.
My old machine does not seem have avahi-daemon. So, it runs fine.
However, my new machine has this daemon running which notices that
$extif does not have much activity and disables it after some timeout
idle time. I initially thought my firewall rules are suspect and was
banging my head for a while adding extra rules for
DHCPDISCOVER/REQUEST etc thinking that those are blocked. Today I
noticed that my $extif is vanishing and /var/log/daemon.log shows some
avahi-daemon messages about that interface being disabled/withdrawn or
some such thing.
As a next step, I want to tell avahi-daemon that it should not work on
that interface as it is not meant to be fooled around. Do I use
deny-interface $extif or allow-interface $intif only? Which is proper?
Will doing one of these solve my problem of $extif vanishing from
ifconfig?
If you think there is something else that I can do that is better,
please let me know that too.
Much appreciate any help.
Please let me know if you need anything else that will help to resolve
this problem.
Regards
Ramesh
It appears that this is not an issue with avahi-daemon. My $extif is
through usb NIC and that seem to go down due to some sort of powersave
autosuspend. Currently I am running ping -i 60 <ext_gw> and that keeps
the net up and $extif has not vanished for a day.
I did some googling on how to disable autosuspend, but answers were
quite confusing. Do you know a simple way to disable autopowerdown of
just this usb NIC? May be there is something that I can do with ethtool?
Regards
Ramesh