On Wednesday 20 November 2002 22:00, James K. Wiggs wrote: > All of this suggests that the problem is in iptables or in > Shorewall, but I can find no discussion of this problem in web > searches or DejaNews. I have done little to this Bering configuration > beyond configuring the static stuff in the networking setup. I did > install ntpdate and opened up port 123 as a result. I've got the box > acting as a DHCP server for the internal network and have opened up > 67 & 68 internally for that. Ports 80, 25, and 22 are being > forwarded to internal machines for web, email, and SSH access. Oh, > yes: the dnscache package has been configured and the appropriate > ports opened up internally and externally for that. The box is doing > NAT for the entire internal network, of course. I can upload the > iptables/shorewall setup if necessary, but this really is a fairly > vanilla setup. > > Can anyone suggest what could be causing this problem? Is it a > known problem with Bering or Shorewall? The net connection is > slowing down so badly now that I have to cut this short.
OK, so with basically everything was running correctly on Eigerstein/ Dachstein until you changed service. Now with a new service, Bering/ Dachstein only run poorly when the 2nd interface is brought up. Both of these statements indicate that your new service/configuration is a possible point of problem (ie... Dachstein works/doesn't work). You are really the only person I know of that is reporting any problem like this, so I seriously doubl that it is iptables or Shorewall (short some configuration error that lacks any information to help with). Things go bad when the 2nd interface goes up, so have you tried using the same NIC's that you used in the previous good firewall? This could indicate a shared IRQ/IO or PCI bus slot(s)... try changing slots to keep the cards apart from each other. Maybe the NIC module you are using is flaky or simply not the correct one (it happens). You seem to be running quite a few services that you have configured, dnscache mis-configured can cause all the problems that you have indicated. Maybe something up there will help find the problem, but you have not given us much in the way of useful information to guess with. There are around a thousand possible problems that can cause the problem you having, so I would suggest posting the information in the SR FAQ linked below and probably your Shorewall/dnscache configuration as well. The /proc/irq and io information wouldn't hurt either. I hope this helps! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
