Sorry I dragged you through that initial review. It's clear from your replies that you've worked on this more than I realized from reading your first message.
Still, I am having trouble understanding what you wrote. It *appears* that you are saying that when an outage occurs, you *can* ping the ISP's gateway from the LEAF router, but you *cannot* ping it from a LAN client. I get that from this combination of responses: > > 4. During the failure times, if you log into the LEAF router, can you ping >[...] > > the gateway IP address? >Yes ... and ... >Basically, we can't ping anything external, including the ISPs gateway or >DNS servers. The ISP claims that the cable modem has been up for over two >weeks and he was running constant pings today and said there was 1% packet >loss. However, we can't ping their gateway - at least not from and internal >machine - I'll have to check if I can ping it from the router. Now I may still be minunderstanding you ... but this part is important to get exactly right. Specifically, during an outage, can the router itself ping the ISP's gateway? If is can, but the LAN clients cannot, then the problem lies somewhere in the interaction between the LAN clients and the LEAF router. Where? Well, the fact that the clients do not lose contect with the router itself (or, I presume, one another) rules out a lot of possibilities on the LAN side (including failure of the eth1 interface). If the ISP can regularly ping the router's external interface, that rules out any problems at that end (including failure of the eth0 interface). Almost the only thing in between these two interfaces is the Linux kernel itself -- most directly its iptables ruleset, as configured by Shorewall. I'm no Shorewall expert, so I'll leave it to Tom to suggest any possibilities here. All I can think to suggest is that you examine your logs (in /var/log/) for any kernel messages from iptables. OTOH, if I have misunderstood you and the router *cannot* ping the ISP's gateway at these times, then we need to understand why your ISP thinks it *can* ping you. On that score ... if we are talking about close-by pings, the 1% packet loss the ISP reports seeing is quite a lot. A system with negligible packet loss normally, and 3 5-minute outages during a day, would *average* 1% packet loss over the day. So I hope the ISP was doing a more exact test than this summary conveys. (I mention this concern because I have way too much experience with ISP sloppiness to trust ambiguous replies from ISPs.) More to the point, what is he pinging? Your external IP address (the one on the LEAF router)? If so, is his experience consistent with yours -- that is, if he pings you, and no other traffic is running, do the RX and TX packet count increase on the external interface? Or does the ISP ping some address on the interface it provides (the cable modem itself)? If that device has an IP address, can the router ping it? Even more to the point, where is the ISP pinging *from*? Get the IP address of the machine the ISP is using to do the ping test, then see if you can ping *it* (from the router) next time you have a failure. If you can, then the problem lies in the ISP"s gateway machine, specifically its connection to the network your LEAF router is on. At 07:23 PM 9/20/02 -0700, sr wrote: >Thanks for the reply, Ray. Below are my reponses to your questions. [details deleted] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
