What NIC driver are you using? I had the same behavior when I moved from Dachstein to Bering. The DS driver appeared to work, but would randomly drop the connection. Probably not recompiled for the Bering's kernel/compiler.
Harry Kitt lbilyeu wrote: > swfla.rr.com == aka == timewarner/roadrunner cable > I'm using the default setup on the Bering_1.0rc3 floppy1680 image > ---except I went ahead and removed norfc1918 from > /etc/shorewall/interfaces' eth0 > > Initially the users connected behind the firewall are able to use > services, then after a random amount of time the internet dissapears. > The internal network can still reach weblet on the firewall, but all > requests NAT to the internet fail. > > From the firewall/Bering box itself, pump -s says I still have valid > lease, but it sure doesn't act like it. > > If I issue shorewall stop, svi networking stop, power cycle the modem, > svi networking start, shorewall start, svi networking restart; the > connection to the internet at large is restored. It doesn't appear to > be a physical ISP failure, because I can do this immediately after the > disconnect. I can also reboot bering & powercycle the modem and get > immediate connection. The disconnect appears after a random amount of > time, sometimes a few minutes, sometimes after more that 12 hours. > > eth0 is outside - connected to the rr cablemodem > eth1 is inside - connected to hub > eth2 is unused > > what follows are via the firewall/bering box console. > > uname============================================================= > Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown > > ip addr show ======================================================= > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:00:c5:04:db:e8 brd ff:ff:ff:ff:ff:ff > inet 65.34.117.132/23 brd 255.255.255.255 scope global eth0 > 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:40:f6:f4:e5:d4 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 > 5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 100 > link/ether 00:40:33:90:fc:3a brd ff:ff:ff:ff:ff:ff > > ip route show ====================================================== > 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 > 65.34.116.0/23 dev eth0 proto kernel scope link src 65.34.117.132 > default via 65.34.116.1 dev eth0 > > pump -s============================================================= > Device eth0 > IP: 65.34.117.132 > Netmask: 255.255.254.0 > Broadcast: 255.255.255.255 > Network: 65.34.116.0 > Boot server 65.32.2.175 > Next server 0.0.0.0 > Gateway: 65.34.116.1 > Hostname: firewall > Domain: swfla.rr.com > Nameservers: 65.32.1.70 65.32.2.130 > Renewal time: Sat Aug 10 05:29:08 2002 > Expiration time: Sat Aug 10 06:59:08 2002 > > netstat -nr--------------------------------------------------------- > netstat: not found > > traceroute: not found > > > ping a FQN that will normally respond---------------------------- > never responds, have to kill process. > I am not getting info back from the nameserver. > > > All pings that follow are to numerical addresses x.x.x.x > see pump -s section above for appropriate address numbers > These ping(s) will succeed when firewall is first booted. > > ping one, then the other nameserver--------------------------------- > never responds, have to kill process. 100% packet loss > > ping gateway--------------------------------------------------------- > never responds, have to kill process. 100% packet loss > > ping bootserver/DHCPserver------------------------------------------ > never responds, have to kill process. 100% packet loss > > ping address outside ISP that normally responds--------------------- > never responds, have to kill process. 100% packet loss > > iptables -nvL======================================================= > Chain INPUT (policy DROP 2 packets, 144 bytes) > pkts bytes target prot opt in out source > destination > 560 52190 ACCEPT ah -- lo * 0.0.0.0/0 > 0.0.0.0/0 > 565 160K eth0_in ah -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 373 24430 eth1_in ah -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 common ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG ah -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' > 0 0 reject ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 7434 5349K eth0_fwd ah -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 6112 758K eth1_fwd ah -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 common ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG ah -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' > 0 0 reject ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 560 52190 ACCEPT ah -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DROP icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 57 5857 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 udp dpts:67:68 > 1199 75914 fw2net ah -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > 373 34139 all2all ah -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > 0 0 common ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG ah -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' > 0 0 reject ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain all2all (3 references) > pkts bytes target prot opt in out source > destination > 355 32969 ACCEPT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 18 1170 common ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG ah -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' > 0 0 reject ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain common (5 references) > pkts bytes target prot opt in out source > destination > 0 0 icmpdef icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 > 45 2340 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:0x10/0x10 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:0x04/0x04 > 10 780 REJECT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpts:137:139 reject-with icmp-port-unreachable > 0 0 REJECT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:445 reject-with icmp-port-unreachable > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:135 > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:1900 > 0 0 DROP ah -- * * 0.0.0.0/0 > 255.255.255.255 > 0 0 DROP ah -- * * 0.0.0.0/0 > 224.0.0.0/4 > 1 60 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:113 > 18 1170 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:53 state NEW > 0 0 DROP ah -- * * 0.0.0.0/0 > 255.255.255.255 > 0 0 DROP ah -- * * 0.0.0.0/0 > 192.168.1.255 > > Chain eth0_fwd (1 references) > pkts bytes target prot opt in out source > destination > 7434 5349K net2all ah -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth0_in (1 references) > pkts bytes target prot opt in out source > destination > 90 31036 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpts:67:68 > 9 756 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 8 > 466 128K net2all ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth1_fwd (1 references) > pkts bytes target prot opt in out source > destination > 6112 758K loc2net ah -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth1_in (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 8 > 373 24430 loc2fw ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain fw2net (1 references) > pkts bytes target prot opt in out source > destination > 46 1840 ACCEPT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW tcp dpt:53 > 1153 74074 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW udp dpt:53 > 0 0 all2all ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain icmpdef (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 0 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 4 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 3 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 11 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 12 > > Chain loc2fw (1 references) > pkts bytes target prot opt in out source > destination > 363 23769 ACCEPT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW tcp dpt:22 > 10 661 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW udp dpt:53 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW tcp dpt:80 > 0 0 all2all ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain loc2net (1 references) > pkts bytes target prot opt in out source > destination > 5393 715K ACCEPT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 719 43140 ACCEPT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain net2all (2 references) > pkts bytes target prot opt in out source > destination > 7841 5474K ACCEPT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 59 3324 common ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > 3 144 LOG ah -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' > 3 144 DROP ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain reject (6 references) > pkts bytes target prot opt in out source > destination > 1 60 REJECT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with tcp-reset > 0 0 REJECT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-port-unreachable > > Chain shorewall (0 references) > pkts bytes target prot opt in out source > destination > > > iptables -t nat -vnL================================================ > Chain PREROUTING (policy ACCEPT 775 packets, 55690 bytes) > pkts bytes target prot opt in out source > destination > > Chain POSTROUTING (policy ACCEPT 1167 packets, 75255 bytes) > pkts bytes target prot opt in out source > destination > 664 39840 MASQUERADE ah -- * eth0 192.168.1.0/24 > 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT 1184 packets, 76385 bytes) > pkts bytes target prot opt in out source > destination > > /var/log/messages=================================================== > Aug 9 18:59:38 firewall root: Shorewall Started > Aug 9 19:20:00 firewall kernel: Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:00:c5:04:db:e8:00:04:9b:ec:78:8c:08:00 SRC=206.103.207.130 > DST=65.34.117.132 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=17815 DF > PROTO=TCP SPT=4426 DPT=80 WINDOW=8760 RES=0x00 SYN URGP=0 > Aug 9 19:20:03 firewall kernel: Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:00:c5:04:db:e8:00:04:9b:ec:78:8c:08:00 SRC=206.103.207.130 > DST=65.34.117.132 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=17896 DF > PROTO=TCP SPT=4426 DPT=80 WINDOW=8760 RES=0x00 SYN URGP=0 > Aug 9 19:20:09 firewall kernel: Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:00:c5:04:db:e8:00:04:9b:ec:78:8c:08:00 SRC=206.103.207.130 > DST=65.34.117.132 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=18047 DF > PROTO=TCP SPT=4426 DPT=80 WINDOW=8760 RES=0x00 SYN URGP=0 > > date================================================================ > Fri Aug 9 20:38:46 EDT 2002 > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
