Hello Lynn, Thanks for your reply; I'm not going to go into a lot of detail in this reply, as there is another follow-up message already on the list that gives a lot more detail about the problem.
best, Jim James Wiggs Email: [EMAIL PROTECTED] ICBM: 97 30 18 W, 42 52 27 N On Thu, 21 Nov 2002, guitarlynn wrote: > On Wednesday 20 November 2002 22:00, James K. Wiggs wrote: > > > All of this suggests that the problem is in iptables or in > > Shorewall, but I can find no discussion of this problem in web > > searches or DejaNews. I have done little to this Bering configuration > > beyond configuring the static stuff in the networking setup. I did > > install ntpdate and opened up port 123 as a result. I've got the box > > acting as a DHCP server for the internal network and have opened up > > 67 & 68 internally for that. Ports 80, 25, and 22 are being > > forwarded to internal machines for web, email, and SSH access. Oh, > > yes: the dnscache package has been configured and the appropriate > > ports opened up internally and externally for that. The box is doing > > NAT for the entire internal network, of course. I can upload the > > iptables/shorewall setup if necessary, but this really is a fairly > > vanilla setup. > > > > Can anyone suggest what could be causing this problem? Is it a > > known problem with Bering or Shorewall? The net connection is > > slowing down so badly now that I have to cut this short. > > OK, so with basically everything was running correctly on Eigerstein/ > Dachstein until you changed service. Now with a new service, Bering/ > Dachstein only run poorly when the 2nd interface is brought up. > > Both of these statements indicate that your new service/configuration > is a possible point of problem (ie... Dachstein works/doesn't work). > You are really the only person I know of that is reporting any problem > like this, so I seriously doubl that it is iptables or Shorewall (short > some configuration error that lacks any information to help with). > > Things go bad when the 2nd interface goes up, so have you tried > using the same NIC's that you used in the previous good firewall? > This could indicate a shared IRQ/IO or PCI bus slot(s)... try changing > slots to keep the cards apart from each other. Maybe the NIC module > you are using is flaky or simply not the correct one (it happens). > You seem to be running quite a few services that you have configured, > dnscache mis-configured can cause all the problems that you have > indicated. Since the same behavior appears on two completely different physical machines with different NICs (a 486/66 w/2 SMC Ultra cards, and an AMD K6 w/a 3C905 and an FA311) I think we can probably rule out these causes. Of course, the same problem appears with both Dachstein and with Bering RC4, which appears to rule out a software cause. The Dachstein image on the 486/66 had been running nonstop for over a year with no problems; previously, the same hardware had been running an Eigerstein image for about a year, also with no problems. It had been running almost a month and a half after the switch from residential to commercial RoadRunner, *also* with no problems. We quite literally woke up one morning, about two weeks ago, with a dog-slow network connection after having done *nothing* to the configuration of the router or any of the internal machines. The switchover to Bering was done as part of the ongoing efforts to get the network going again. Again, this information is mainly a repeat of what is in the follow-up note I sent to the list earlier this morning. > Maybe something up there will help find the problem, but you have > not given us much in the way of useful information to guess with. > There are around a thousand possible problems that can cause > the problem you having, so I would suggest posting the information > in the SR FAQ linked below and probably your Shorewall/dnscache > configuration as well. The /proc/irq and io information wouldn't hurt > either. Hopefully the more detailed descriptions in my follow-up will shed some more light on this mystery. > I hope this helps! > -- > > ~Lynn Avants > aka Guitarlynn > > guitarlynn at users.sourceforge.net > http://leaf.sourceforge.net > > If linux isn't the answer, you've probably got the wrong question! > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
