Topic: Network problems

[Piet De Jong]

The setup:
1 SME Server 6.0B3 with all patches ( pre 11/13/2003 ) applied.
Running in Server and Gateway mode.

Squid Proxy RPMS from e-smith are installed to control user-access. Currently disabled access control.
Port forwarding RPM installed but NOT used.

Two network cards, one for the internal network ( 192.168.0.200 /255.255.255.0 )
one for the connection directly to an ADSL router IP 10.0.0.1 NIC = 10.0.0.2 ).

Everything was working fine. Then we changed the ip address of the internal network card.

Since then we seem to have problems accessing the internet, I can  ping the router ( which is configured as the default gateway ) fine.

I can sometimes issue the command
dig www.google.com
and it immediately returns.

I can sometimes run traceroute -n
which sometimes works but most of the time it only gets to the address of the router ( 1st hop ) after which I get *'s ( timeouts ? )
after which I issue another dig www.google.com and it then time's out.

I did switch the server from server-and gateway - private to server and gateway mode.

I suspected the ADSL failing, but when I connect a Windows PC, I can connect to the internet fine and browsing and name resolution is fine.

I have reinstalled all the patches rpm -Uvh *.rpm, signal-event post-upgrade, signal-event reboot, unfortuantely to no avail.

With my limited knowledge of iptables I suspect that that's where the problem lies. Perhaps due to reconfigurations something went wrong.

At one stage I only suspected tinydns and changed the contents of /etc/dnsroot.globals to only have the IP of the local ISP. Restarted the DNS but also to no avail.

Any ideas ? I am considering doing a re-install.

Piet

[Michiel]

Just a thought: try 'route' ans see if the output is what you'd expect it to be.

[Piet De Jong]

Route output:
4 lines:
First line with external network, ( 10.0.0.0), then internal ( 192.168.0.0 ) then loopback (127.0.0.0 ) and the last line indicating the default gateway, which is pointing to 10.0.0.1 which is the POTS adsl router.

[Nigel]

This may be similar to my problem in this thread
http://forums.contribs.org/index.php?topic=19038.msg75259#msg75259

as I changed my internal ip when I made the machine live. Rebooting after the latest upgrade may have triggered the problem for me. I still haven't found anything to investigate. Have you made any progress?

[Nigel]

This may be similar to my problem in this thread
http://forums.contribs.org/index.php?topic=19038.msg75259#msg75259

as I changed my internal ip when I made the machine live. Rebooting after the latest upgrade may have triggered the problem for me. I still haven't found anything to investigate. Have you made any progress?

[piet de jong]

No unfortunately not.

I suspect something with iptables, I will also try and change the IP back to 100.

Has anyone reported this as a bug perhaps ?
Also contribs.org announced new patches which where made available last week. Might be worth a try.

Piet

[Nigel]

it seemed to be the post update reboot that triggered my problem. My system is back to normal now and I still don't quite know what the problem was.

[Piet De Jong]

Changing the ip back did not work however I did find  a possible problem with iptables.

When I run iptables status in the /etc/init.d directory then it takes a long time before it finally outputs all the lines.

I loaded up a second box, exactly the same config as the first box.
When I run iptables status on the ok-box I get all output imm. no hangs.

When I compare the output of the faulty box with the ok box I noticed that in certain locations the ip of my external nic was used instead of the ip of the external router. Which was not the case on the OK box. Once I changed the external IP on the second box I had the same problems. Slow output of iptables status.

I will fwd the outputs to bugs and see if they can help me on this subject.

Piet

[Charlie Brady]

Piet De Jong wrote:

> When I run iptables status in the /etc/init.d directory then
> it takes a long time before it finally outputs all the lines.

That's an indication that DNS resolution is not working. Use the "-n" option to iptables and you'll see a list immediately.

Fix the DNS resolution problem (by configuring the server correctly, either in servergateway mode with a working external link, or in serveronly mode with the correct gateway IP configured) and your problems will disappear.

You mention the use of an external router. You are probably better off without it.

Charlie

[piet De Jong]

That doesnt explain why the ip's would be different in the output of iptables?

[Piet De Jong]

Yes quite right its the DNS, the router sometimes seems to block I guess, when I do a netstat -n I get a few pages of connections esthablished to port 53 on different IPs. I have no idea why.

I have solved the problem as follows:
I have entered the IP address of the ISP DNS on the router. ( the router supports this )

Next I copied the /etc/e-smith/templates/var/service/dnscache/root/service/@ to

/etc/e-smith/templates-custom/var/service/dns-cache/root/servers/@

open the file and removed all ips. Only entered one IP which is the router ip.

then run
/sbin/e-smith/expand-template /var/service/dns-cache/root/servers/@


and now everything is happy.

Ps: I seem to only have this problem with this router, when using an XP box as router in between it works continuesly