Re: [expert] network goes dead
On Wed, 20 Nov 2002 10:44:26 -0500 Mark Weaver <[EMAIL PROTECTED]> wrote: > Pierre Fortin wrote: > > On Wed, 20 Nov 2002 08:04:34 -0500 (EST) daRcmaTTeR > > <[EMAIL PROTECTED]> wrote: > > > > > >> On Tue, 19 Nov 2002, Pierre Fortin wrote: > >> > >> > >>> On Tue, 19 Nov 2002 13:29:43 -0500 Mark Weaver > >>> <[EMAIL PROTECTED]> wrote: > >>> > >>> > Hi List, > > has anyone else noticed the network connectivity in Mandrake > 9.0 goes dead periodically? It's very annoying and it seems to > be linked to Shorewall firewall system. > > Mark > >>> > >>> Any chance you're experiencing the ssh "pause"... I use ssh > >>> extensively and experience pauses ONLY when modem connected > >>> (never when LAN connected) to the server. It doesn't affect all > >>> sessions; I can continue to work on another session while one or > >>> more are stalled... I rarely connect between 2 modem connected > >>> machines; but it's on my list to watch for that possible > >>> scenario... > >>> > >>> Pierre > >> > >> Hi Pierre, > >> > >> No. This is happening at work on the LAN. I don't use 9 on my > >> server at home. "it" and my old machine don't get along at all very > >> well. the network troubles with that machine running 9.0 are > >> terrible. The interruptions are across the spectrum from web server > >> to ssh. > >> > > > > > > In that case, some more details might help... during the outage of > > course :^) The usual: ifconfig, route -n, ... > > > > Is the problem on a "schedule" (at specific times or rate)? > > > > Anything else happening at the time? Other symptoms/anomolies? Other > > users affected? > > > > Cheers, Pierre > > nothing discernable, which makes it rather a pain to track. One thing > i've noticed is that if I restart the network service, OR just restart > the shorewall service the problem clears up. the shorewall service > restart may, or may not be related. In the short time I was able to get > 9.0 running on my home server I noticed the same behavior for a time. > > As far as I've noticed there doesn't appear to be any regular interval. > the events seem to be random. Other then losing connectivity for a time, > > and it does clear (unclog) after a time, things return to normal. > > here's the information from the ifconfig and route -n output: > > eth0 Link encap:Ethernet HWaddr 00:60:97:B9:59:E3 >inet addr:205.216.60.162 Bcast:205.216.60.255 > Mask:255.255.255.0 >UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >RX packets:4836553 errors:0 dropped:0 overruns:0 frame:0 >TX packets:417172 errors:0 dropped:0 overruns:0 carrier:0 >collisions:0 txqueuelen:100 >RX bytes:488489887 (465.8 Mb) TX bytes:357181688 (340.6 Mb) >Interrupt:14 Base address:0xec80 > > eth1 Link encap:Ethernet HWaddr 00:60:08:2E:15:CF >inet addr:205.216.60.39 Bcast:205.216.60.255 >Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 >Metric:1 RX packets:4953429 errors:0 dropped:0 overruns:0 >frame:0 TX packets:257085 errors:0 dropped:0 overruns:0 >carrier:0 collisions:0 txqueuelen:100 >RX bytes:509489013 (485.8 Mb) TX bytes:193906058 (184.9 Mb) >Interrupt:9 Base address:0xe8c0 > > loLink encap:Local Loopback >inet addr:127.0.0.1 Mask:255.0.0.0 >UP LOOPBACK RUNNING MTU:16436 Metric:1 >RX packets:99456 errors:0 dropped:0 overruns:0 frame:0 >TX packets:99456 errors:0 dropped:0 overruns:0 carrier:0 >collisions:0 txqueuelen:0 >RX bytes:15233458 (14.5 Mb) TX bytes:15233458 (14.5 Mb) > > [root@download root]# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric RefUse > Iface > 205.216.60.00.0.0.0 255.255.255.0 U 0 00 > eth1 205.216.60.00.0.0.0 255.255.255.0 U 0 0 > 0 eth1 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 > lo 0.0.0.0 205.216.60.10.0.0.0 UG0 0 > 0 eth0 OUCH!!! TWO interfaces on the same subnet! Are you really sure what your network is doing? Just a peek at the route table shows two subnets (same) on eth1 while the default route is out eth0... Since you're apparently not routing between eth0 & eth1 (bridging?), try shutting down one interface... my guess is that your problems will not occur unless you bring it back online... If you have ethereal, try sniffing all interfaces... the RX packets/bytes on the interfaces is almost identical; but eth0 seems to carry more TX traffic (about 2:1)... sounds like some subtle pathing problems may be biting you... HTH, Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
On Wednesday 20 November 2002 09:45 am, Mark Weaver wrote: > >Jack and Melissa McSwain wrote: >> > > BTW has anyone noticed a dramatic increase in hack attempts in the last 2 > > to 3 weeks? Port scans show all the ports are stealth, and I have no > > servers running or installed, but they still manage to find the box. > > Win98 with norton personal firewall seems to be a little more stealth. > > Also Shorewall is set to drop instead of reject packets. On Tuesday 19 November 2002 12:29 pm, Mark Weaver wrote: > > What adjustments to shorewall did you make? > I started with the example scripts from the shorewall homepage, /etc/shorewall/common.def was either missing or empty on stock install there are 9 ip-tables rules in it for various things. In interfaces I added norfc1918,routefilter,noping,routefilter,dropunclean,logunclean I didnt have any of these before. The file rfc1918 was not present before (came from examples on shorewall) In Shorewall.conf I turned off IP forwarding, turned on route filtering, turned off forward ping, and NEWNOTSYN=NO Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
Pierre Fortin wrote: > On Wed, 20 Nov 2002 08:04:34 -0500 (EST) daRcmaTTeR > <[EMAIL PROTECTED]> wrote: > > >> On Tue, 19 Nov 2002, Pierre Fortin wrote: >> >> >>> On Tue, 19 Nov 2002 13:29:43 -0500 Mark Weaver >>> <[EMAIL PROTECTED]> wrote: >>> >>> Hi List, has anyone else noticed the network connectivity in Mandrake 9.0 goes dead periodically? It's very annoying and it seems to be linked to Shorewall firewall system. Mark >>> >>> Any chance you're experiencing the ssh "pause"... I use ssh >>> extensively and experience pauses ONLY when modem connected >>> (never when LAN connected) to the server. It doesn't affect all >>> sessions; I can continue to work on another session while one or >>> more are stalled... I rarely connect between 2 modem connected >>> machines; but it's on my list to watch for that possible >>> scenario... >>> >>> Pierre >> >> Hi Pierre, >> >> No. This is happening at work on the LAN. I don't use 9 on my >> server at home. "it" and my old machine don't get along at all very >> well. the network troubles with that machine running 9.0 are >> terrible. The interruptions are across the spectrum from web server >> to ssh. >> > > > In that case, some more details might help... during the outage of > course :^) The usual: ifconfig, route -n, ... > > Is the problem on a "schedule" (at specific times or rate)? > > Anything else happening at the time? Other symptoms/anomolies? Other > users affected? > > Cheers, Pierre nothing discernable, which makes it rather a pain to track. One thing i've noticed is that if I restart the network service, OR just restart the shorewall service the problem clears up. the shorewall service restart may, or may not be related. In the short time I was able to get 9.0 running on my home server I noticed the same behavior for a time. As far as I've noticed there doesn't appear to be any regular interval. the events seem to be random. Other then losing connectivity for a time, and it does clear (unclog) after a time, things return to normal. here's the information from the ifconfig and route -n output: eth0 Link encap:Ethernet HWaddr 00:60:97:B9:59:E3 inet addr:205.216.60.162 Bcast:205.216.60.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4836553 errors:0 dropped:0 overruns:0 frame:0 TX packets:417172 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:488489887 (465.8 Mb) TX bytes:357181688 (340.6 Mb) Interrupt:14 Base address:0xec80 eth1 Link encap:Ethernet HWaddr 00:60:08:2E:15:CF inet addr:205.216.60.39 Bcast:205.216.60.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4953429 errors:0 dropped:0 overruns:0 frame:0 TX packets:257085 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:509489013 (485.8 Mb) TX bytes:193906058 (184.9 Mb) Interrupt:9 Base address:0xe8c0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:99456 errors:0 dropped:0 overruns:0 frame:0 TX packets:99456 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:15233458 (14.5 Mb) TX bytes:15233458 (14.5 Mb) [root@download root]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 205.216.60.00.0.0.0 255.255.255.0 U 0 00 eth1 205.216.60.00.0.0.0 255.255.255.0 U 0 00 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 205.216.60.10.0.0.0 UG0 00 eth0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
On Wed, 20 Nov 2002 08:04:34 -0500 (EST) daRcmaTTeR <[EMAIL PROTECTED]> wrote: > On Tue, 19 Nov 2002, Pierre Fortin wrote: > > > On Tue, 19 Nov 2002 13:29:43 -0500 Mark Weaver > > <[EMAIL PROTECTED]> wrote: > > > > > Hi List, > > > > > > has anyone else noticed the network connectivity in Mandrake 9.0 > > > goes dead periodically? It's very annoying and it seems to be linked > > > to Shorewall firewall system. > > > > > > Mark > > > > Any chance you're experiencing the ssh "pause"... I use ssh > > extensively and experience pauses ONLY when modem connected (never > > when LAN connected) to the server. It doesn't affect all sessions; I > > can continue to work on another session while one or more are > > stalled... I rarely connect between 2 modem connected machines; but > > it's on my list to watch for that possible scenario... > > > > Pierre > > Hi Pierre, > > No. This is happening at work on the LAN. I don't use 9 on my server at > home. "it" and my old machine don't get along at all very well. the > network troubles with that machine running 9.0 are terrible. The > interruptions are across the spectrum from web server to ssh. > In that case, some more details might help... during the outage of course :^) The usual: ifconfig, route -n, ... Is the problem on a "schedule" (at specific times or rate)? Anything else happening at the time? Other symptoms/anomolies? Other users affected? Cheers, Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
On Tue, 19 Nov 2002, Pierre Fortin wrote: > On Tue, 19 Nov 2002 13:29:43 -0500 Mark Weaver > <[EMAIL PROTECTED]> wrote: > > > Hi List, > > > > has anyone else noticed the network connectivity in Mandrake 9.0 goes > > dead periodically? It's very annoying and it seems to be linked to > > Shorewall firewall system. > > > > Mark > > Any chance you're experiencing the ssh "pause"... I use ssh extensively > and experience pauses ONLY when modem connected (never when LAN connected) > to the server. It doesn't affect all sessions; I can continue to work on > another session while one or more are stalled... I rarely connect between > 2 modem connected machines; but it's on my list to watch for that possible > scenario... > > Pierre Hi Pierre, No. This is happening at work on the LAN. I don't use 9 on my server at home. "it" and my old machine don't get along at all very well. the network troubles with that machine running 9.0 are terrible. The interruptions are across the spectrum from web server to ssh. -- daRmaTTeR Reg. Linux User #186492 "Stupidity has no moral high ground...it can't see that high!" Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
I have had this sort of problem in the past, with mdk7.2 up to 8.2. There was never anything I could find to explain what was going on. It didn't seem to be related to any firewall, although I have never used shorewall. For me, the conditions that caused it were: 33k modem connection; heavy local CPU load. With a faster modem connection, it never happened. And, since I changed ISP, I always get a faster connection, so it's not a problem any more. Brian. From: Mark Weaver <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: Expert List <[EMAIL PROTECTED]> Subject: [expert] network goes dead Date: Tue, 19 Nov 2002 13:29:43 -0500 Hi List, has anyone else noticed the network connectivity in Mandrake 9.0 goes dead periodically? It's very annoying and it seems to be linked to Shorewall firewall system. Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
On Tuesday 19 November 2002 12:29 pm, Mark Weaver wrote: > Hi List, > > has anyone else noticed the network connectivity in Mandrake 9.0 goes > dead periodically? It's very annoying and it seems to be linked to > Shorewall firewall system. > > Mark It has happened to me recently, but it looked like it was directly related to hack attempts. IFDOWN and IFUP would not restore ETH0 , only reboot would fix it. Sometimes they managed to lock the whole system up. After re-configuring shorewall, none of thier attempts have bothered the machine. BTW has anyone noticed a dramatic increase in hack attempts in the last 2 to 3 weeks? Port scans show all the ports are stealth, and I have no servers running or installed, but they still manage to find the box. Win98 with norton personal firewall seems to be a little more stealth. Also Shorewall is set to drop instead of reject packets. Jack Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
On Tue, 19 Nov 2002 13:29:43 -0500 Mark Weaver <[EMAIL PROTECTED]> wrote: > Hi List, > > has anyone else noticed the network connectivity in Mandrake 9.0 goes > dead periodically? It's very annoying and it seems to be linked to > Shorewall firewall system. > > Mark Any chance you're experiencing the ssh "pause"... I use ssh extensively and experience pauses ONLY when modem connected (never when LAN connected) to the server. It doesn't affect all sessions; I can continue to work on another session while one or more are stalled... I rarely connect between 2 modem connected machines; but it's on my list to watch for that possible scenario... Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
Jack Coates wrote: On Tue, 2002-11-19 at 10:29, Mark Weaver wrote: Hi List, has anyone else noticed the network connectivity in Mandrake 9.0 goes dead periodically? It's very annoying and it seems to be linked to Shorewall firewall system. Nope, just you :-) It's probably not shorewall, as shorewall's policy doesn't change on the fly -- if it's preventing you from doing something, it will always prevent you from doing that thing. You could always verify that with a quick /sbin/service shorewall stop. Intermittent network has a lot of possibilities, and the best way to troubleshoot is to walk up the OSI stack -- first check the physical (very important with wireless, so look at signal strength and noise-to-signal ratio), then look for framing errors in ifconfig's output, then look at higher level functions. You might also look through syslog for error messages from your NIC driver. Hi Jack, Good ideas...thanks. I'll check into that. Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] network goes dead
On Tue, 2002-11-19 at 10:29, Mark Weaver wrote: > Hi List, > > has anyone else noticed the network connectivity in Mandrake 9.0 goes > dead periodically? It's very annoying and it seems to be linked to > Shorewall firewall system. > Nope, just you :-) It's probably not shorewall, as shorewall's policy doesn't change on the fly -- if it's preventing you from doing something, it will always prevent you from doing that thing. You could always verify that with a quick /sbin/service shorewall stop. Intermittent network has a lot of possibilities, and the best way to troubleshoot is to walk up the OSI stack -- first check the physical (very important with wireless, so look at signal strength and noise-to-signal ratio), then look for framing errors in ifconfig's output, then look at higher level functions. You might also look through syslog for error messages from your NIC driver. > Mark > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
