Thanks for the reply, Ray. Below are my reponses to your questions. > 1. Do you see the problem with both Web connections -AND- pop >downloads?
Yes. > 2. As regards the Web problems, where in the connection process do they > occur? (That is, what message does the browser display down at the bottom > when it is not connecting? In particular, is DNS resolving or not?) DNS is not resolving but that's because we can't connect to the servers (we can't connect to anything beyond the external NIC in the router). When we can connect, DNS resolves fine. I use the same DNS servers at home and don't run into any problems with DNS resolution, so I think their DNS servers are quite stable. > 3. How do you provide DNS resolution to the clients? Using dnscache and the ISPs DNS servers. > 4. During the failure times, if you log into the LEAF router, can you ping > some host on the LAN? Yes > the gateway IP address? Yes > all nameserver IP addresses? No external addresses. > an Internet site by FQN? No. > an Internet site by IP address? No. Basically, we can't ping anything external, including the ISPs gateway or DNS servers. The ISP claims that the cable modem has been up for over two weeks and he was running constant pings today and said there was 1% packet loss. However, we can't ping their gateway - at least not from and internal machine - I'll have to check if I can ping it from the router. > (For any NOs, how do the pings fail?) "Request timed out" > 5. During the failure times, are the clients connecting to the LEAF router? > (Can they ping it?) Yes. Both NICs in the LEAF router can be pinged but nothing beyond that. > While there really isn't enough information in your description to tell > where the problem is, the first place I'd look is at DNS, to see if > whatever nameserver the clients use (or the forwarder if you run a local > resolver that uses, say, the ISP's DNS server as forwarder) is > periodically failing to respond. This doesn't appear to be the case since we can't ping beyond the second NIC, even by IP address. > BTW, the list you posted of the changes you made to settings is surely > incomplete. If you use a static external address, then you will have >needed > to enter both its netmask (probably) and the router's external gateway > address (certainly) as well. Yes, sorry if I was vague. I meant the IP information for eth0 and eth1, not just the IP address. For eth0, I have the address, masklen, broadcast and gateway. For eth1, I have the address, masklen, and broadcast. > You probably had to do something to make the > on-router DNS server work too. Might you have entered yet other things > that > you left off your list? I have the ISPs DNS IP addresses in resolv.conf (as well as the internal address of the router). In the dnscache settings, I have the "LRP box internal IP" set to the internal address. > The ISP's arp-table suggestion is almost surely nonsense; don't waste time > on it. Thanks, I'll ignore their comments about this. Please let me know if you need any additional information. -sr > At 05:22 PM 9/20/02 -0700, sr wrote: > >Hi, > > > >I'm having some problems with a machine running Bering 1.0-rc2 with > >Shorewall 1.2.13 (running from a hard drive) and I'm not sure how to tell if > >it's hardware or software related. My ISP claims that our cable modem has > >been up for over two weeks and are saying they're not the problem. For > >the first month we had the connection, we didn't have any problems. Then the > >ISP changed their network around and we've had problems ever since. The > >latest problems started about a month ago - several times throughout the > >day, the clients will be unable to connect to the Internet. After about 5 > >minutes, they are able to reconnect again without any changes being made. > >There are only about 15 users and they only surf the web and pop their > >email - there are no massive downloads or any other intensive traffic going > >on. Since our ISP is insisting that it's not a problem on their end I'd > >like to examine everything on our end. > > > >The machine is a 200MHz Pentium with 64MB of RAM and two 3com 3c905 NICs. > >I didn't make any modifications to the Shorewall 2-interface settings. The > >only setting changes I made were in the Network configuration menu for: > >1) Interfaces - set eth0 to the static address given by our ISP and eth1 to > >the internal address of our firewall. > >2) hosts - added the internal IP address and name of the router > >3) hostname - changed the hostname to match hosts > >4) resolv.conf - added 2 nameserver lines: one pointing to the internal IP > >address and one pointing to our ISP's DNS server > > > >I also modified the modules in the Packages configuration menu to include > >just the 3c59x modules. > > > >I'm going to replace the network cards with a couple of Intel PRO/100 cards. > >If that doesn't fix the problem, what log files can I check for potential > >problems, e.g., what log file do I check for errors with the network cards? > >My ISP told me to check my ARP tables for excessive entries. Is that a > >possibility? Also, if I want to upgrade some of the packages, e.g., > >Shorewall, what's the easiest way to do it and still preserve my settings? > > > > > -- > -------------------------------------------"Never tell me the odds!"-------- > Ray Olszewski -- Han Solo > Palo Alto, California, USA [EMAIL PROTECTED] > -------------------------------------------------------------------------- ----- > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
