> Still, I am having trouble understanding what you wrote. It *appears* that > you are saying that when an outage occurs, you *can* ping the ISP's gateway > from the LEAF router, but you *cannot* ping it from a LAN client. I get > that from this combination of responses: <snip> > Now I may still be minunderstanding you ... but this part is important to > get exactly right. Specifically, during an outage, can the router itself > ping the ISP's gateway?
Sorry, my response was sloppy on that point. When the connection is down, the internal clients can ping the router's internal IP (the "internal" gateway - eth1) but cannot ping the ISP's gateway (the internal clients can also ping the external NIC - eth0). I don't think the router can ping the ISP's gateway either, but I'll double-check on Monday (I have SSH disabled so I don't have remote access). > If is can, but the LAN clients cannot, then the problem lies somewhere in > the interaction between the LAN clients and the LEAF router. Where? Well, > the fact that the clients do not lose contect with the router itself (or, I > presume, one another) rules out a lot of possibilities on the LAN side > (including failure of the eth1 interface). If the ISP can regularly ping > the router's external interface, that rules out any problems at that end > (including failure of the eth0 interface). >From my understanding of what the ISP was doing, they were pinging the cable modem rather than the external interface (eth0). I'll double check this with them on Monday. > Almost the only thing in between these two interfaces is the Linux kernel > itself -- most directly its iptables ruleset, as configured by Shorewall. > I'm no Shorewall expert, so I'll leave it to Tom to suggest any > possibilities here. All I can think to suggest is that you examine your > logs (in /var/log/) for any kernel messages from iptables. Thanks, I'll check the log files on Monday too. > OTOH, if I have misunderstood you and the router *cannot* ping the ISP's > gateway at these times, then we need to understand why your ISP thinks it > *can* ping you. On that score ... if we are talking about close-by pings, > the 1% packet loss the ISP reports seeing is quite a lot. A system with > negligible packet loss normally, and 3 5-minute outages during a day, would > *average* 1% packet loss over the day. So I hope the ISP was doing a more > exact test than this summary conveys. (I mention this concern because I > have way too much experience with ISP sloppiness to trust ambiguous replies > from ISPs.) Agreed. He said he had been pinging all day and averaged 1% loss. > More to the point, what is he pinging? Your external IP address (the one on > the LEAF router)? If so, is his experience consistent with yours -- that > is, if he pings you, and no other traffic is running, do the RX and TX > packet count increase on the external interface? Or does the ISP ping some > address on the interface it provides (the cable modem itself)? If that > device has an IP address, can the router ping it? These are all great questions. I wish I had SSH enabled so I could check, but I'll have to wait until Monday. Regarding the RX and TX packet counts: Forgive my ignorance with regard to LEAF, but how do I do this? With Red Hat, I use ifconfig, but that's not on my LEAF disk. The only thing close I could find was ifupdown. Can that be used? I also use ifconfig in Red Hat to check for errors on the network interfaces and would like to be able to do that with LEAF, if possible. > Even more to the point, where is the ISP pinging *from*? Get the IP address > of the machine the ISP is using to do the ping test, then see if you can > ping *it* (from the router) next time you have a failure. If you can, then > the problem lies in the ISP"s gateway machine, specifically its connection > to the network your LEAF router is on. Will do. Thanks for the great suggestions and pointing me in the right direction. I'll update you on Monday. -sr > At 07:23 PM 9/20/02 -0700, sr wrote: > >Thanks for the reply, Ray. Below are my reponses to your questions. > [details deleted] > > > -- > -------------------------------------------"Never tell me the odds!"-------- > Ray Olszewski -- Han Solo > Palo Alto, California, USA [EMAIL PROTECTED] > -------------------------------------------------------------------------- ----- > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
