The place to start is with a more systematic examination of the
connectivity failures.
You describe the problem as clients being "unable to connect to the
Internet. After about 5 minutes, they are able to reconnect again without
any changes being made." You also say the users "only surf the web and pop
their email". So ...
1. Do you see the problem with both Web connections -AND- pop downloads?
2. As regards the Web problems, where in the connection process do they
occur? (That is, what message does the browser display down at the bottom
when it is not connecting? In particular, is DNS resolving or not?)
3. How do you provide DNS resolution to the clients?
4. During the failure times, if you log into the LEAF router, can you ping
some host on the LAN?
the gateway IP address?
all nameserver IP addresses?
an Internet site by FQN?
an Internet site by IP address?
(and, if the problems affect mail downloads too ...)
the POP server by FQN?
the POP server by IP address?
(For any NOs, how do the pings fail?)
5. During the failure times, are the clients connecting to the LEAF router?
(Can they ping it?)
While there really isn't enough information in your description to tell
where the problem is, the first place I'd look is at DNS, to see if
whatever nameserver the clients use (or the forwarder if you run a local
resolver that uses, say, the ISP's DNS server as forwarder) is periodically
failing to respond. Mind you, this is just a guess ... based partly on your
description of the problem, partly on your saying it started when "the ISP
changed their network around".
BTW, the list you posted of the changes you made to settings is surely
incomplete. If you use a static external address, then you will have needed
to enter both its netmask (probably) and the router's external gateway
address (certainly) as well. You probably had to do something to make the
on-router DNS server work too. Might you have entered yet other things that
you left off your list?
The ISP's arp-table suggestion is almost surely nonsense; don't waste time
on it.
At 05:22 PM 9/20/02 -0700, sr wrote:
>Hi,
>
>I'm having some problems with a machine running Bering 1.0-rc2 with
>Shorewall 1.2.13 (running from a hard drive) and I'm not sure how to tell if
>it's hardware or software related. My ISP claims that our cable modem has
>been up for over two weeks and are saying they're not the problem. For
>the first month we had the connection, we didn't have any problems. Then the
>ISP changed their network around and we've had problems ever since. The
>latest problems started about a month ago - several times throughout the
>day, the clients will be unable to connect to the Internet. After about 5
>minutes, they are able to reconnect again without any changes being made.
>There are only about 15 users and they only surf the web and pop their
>email - there are no massive downloads or any other intensive traffic going
>on. Since our ISP is insisting that it's not a problem on their end I'd
>like to examine everything on our end.
>
>The machine is a 200MHz Pentium with 64MB of RAM and two 3com 3c905 NICs.
>I didn't make any modifications to the Shorewall 2-interface settings. The
>only setting changes I made were in the Network configuration menu for:
>1) Interfaces - set eth0 to the static address given by our ISP and eth1 to
>the internal address of our firewall.
>2) hosts - added the internal IP address and name of the router
>3) hostname - changed the hostname to match hosts
>4) resolv.conf - added 2 nameserver lines: one pointing to the internal IP
>address and one pointing to our ISP's DNS server
>
>I also modified the modules in the Packages configuration menu to include
>just the 3c59x modules.
>
>I'm going to replace the network cards with a couple of Intel PRO/100 cards.
>If that doesn't fix the problem, what log files can I check for potential
>problems, e.g., what log file do I check for errors with the network cards?
>My ISP told me to check my ARP tables for excessive entries. Is that a
>possibility? Also, if I want to upgrade some of the packages, e.g.,
>Shorewall, what's the easiest way to do it and still preserve my settings?
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
