Topic: SME 6 Issue

[funkusmunkus]

Hi all,

I have been using sme 5.6 u6 for some time, I thought it was time to move on to 6.
so I did a new install, but we lost our internet connection, and when I logged onto the router that's placed in front of the server, I listed the processes and there were 256 outgoing requests to different websites, to port 53, I thought a local machine had a virus and was conducting a DDOS attack, so I checked them all, and no joy, so to get everything running as quickly as possible I reinstalled 5.6 and the outgoing requests stopped, so I concluded it was server 6 that was sending  the requests to port 53, or at least that was the best answer I could come up with.
Now I did install a few rpms but can't remember which I installed exactly, and I want to give 6 or 6.0.1 a go again, now it could have been my fault but I was hoping someone could shed some light on the subject.
thanx in advance
R. A.

[duncan]

Port 53 is DNS.

[funkusmunkus]

I know 53 is DNS but the router only handles so many requests, we were not able to connect to anything external of our own network.
there were seriusly 256 port 53 entries on the router, and the ip addresses were changing.
for the whole time.

[duncan]

Ok - so you know port 53 is DNS. I am guessing that the name server addresses where the ones in /etc/dnsroots.global.

Perhaps adding your service providers DNS server in the admin menu might resolve the problem.

The current dnsroots.global is slightly incorrect.

[funkusmunkus]

I'll have a look at that, i'm reinstalling 6.0.1 this weekend so if i have the same problem you'll see me here agian  
I'm still trying to understand what was going on, the dns reqeusts were only there when other computers were on, over the weekend there were hardly any worth mentioning, then monday comes and back up to 256 at any one given second, and as i said i reinstalled 5.6 and they stopped, i didn't change any client machine configs, it must have been a contrib or something else i did wrong.
i guess i was hoping someone would tell me they had the same problem and tell me what it is.
anyway i'll document everything this time.
Cheers
R.A.

[funkusmunkus]

same problem back again  

here's an example of what the nat list on the router looks like:
1  17        10.0.0.2:34557  x.x.x.x:38784     128.9.0.107:53    1     20    10
   2  17        10.0.0.2:19999  x.x.x.x:38789    192.48.79.30:53    1     20    10
   3  17        10.0.0.2:26172  x.x.x.x:38790    192.31.80.34:53    1     20    10
   4  17        10.0.0.2:32145  x.x.x.x:38797    192.48.79.30:53    1     20    10
   5  17        10.0.0.2:8198   x.x.x.x:38796   192.58.128.30:53    1     20    10
   6  17        10.0.0.2:31339  x.x.x.x:38799   192.43.172.30:53    1     20    10
   7  17        10.0.0.2:48047  x.x.x.x:38798    192.112.36.4:53    1     20    10
   8  17        10.0.0.2:38771  x.x.x.x:38800  207.126.96.162:53    1     20    10
   9   6        10.0.0.2:1111   x.x.x.x:36746 216.155.193.133:5050  1     60    1
  10  17        10.0.0.2:20773  x.x.x.x:38823   192.36.148.17:53    1     20    10
  11  17        10.0.0.2:52626  x.x.x.x:38825   192.41.162.30:53    1     20    10
  12  17        10.0.0.2:19712  x.x.x.x:38824   192.58.128.30:53    1     20    10
  13  17        10.0.0.2:14335  x.x.x.x:38827     192.5.5.241:53    1     20    10
  14  17        10.0.0.2:35500  x.x.x.x:38826    192.48.79.30:53    1     20    10
  15  17        10.0.0.2:61336  x.x.x.x:38829    192.35.51.30:53    1     20    10
  16  17        10.0.0.2:6773   x.x.x.x:38828     128.63.2.53:53    1     20    10

Some of the addresses are as mentioned in the dnsroot.global but most aren't, and this is a clean vanila install of sme 6.0
so what are my options?

[funkusmunkus]

OK we lost internet access again because there were too many udp's going out, i had to restart the server so we have some internet access, I love e-smith but it's letting me down at the moment

[funkusmunkus]

I am very confused, the udp packets seem to have died down at the moment, only 5 or so going out.
I take it the sme server is doing what it's ment to, but I'm not sure what that is.

[raem]

What is your hardware spec, CPU, RAM Internet connection ? SME v6 needs more of all of those.

[funkusmunkus]

Hi Ray,
Well it's a pretty good machine, it's running on dual  1G,s with a Gig of RAM, and 2 20G raid HDD's
so i don't think it's a hardware problem.
there must be a reason the server is sernding out UDP's but the router doesn't seem to handle the number of them even if they are really small, which is what they are, seeing as it hasen't increased the daily usage, acording to the ISP.

so i've gone back to 5.6  seeing as every 10 min's we'd loose our internet connection.
i was really looking forward to giving 6.0 a good try.

[raem]

What does your Server Manager/Review Configuration panel show ?

[duncan]

Hi,

Did you enter your service providers DNS server when running thru the initial setup screens.

When I run iptraf and monitor traffic - I get single requests when browsing. If I remove the DNS server entry - I get a flood of DNS requests to multiple addreses.

[funkusmunkus]

Sorry about the delay in getting back (due to health reasons)
Ray this is how I normally configure the server:

Networking Parameters
Server Mode   servergateway
Local IP address / subnet mask   192.168.0.1/255.255.255.0
External IP address / subnet mask   10.0.0.2/255.255.255.0
Gateway   10.0.0.138
Additional local networks   No additional networks defined
DHCP server   disabled
Server names
DNS server   192.168.0.1
Web server   www.domainname
Proxy server   proxy.domainname:3128
FTP server   ftp.domainname
SMTP, POP, and IMAP mail servers   mail.domainname


So the DNS server is it's self, I think you got it right duncan, it's because i didn't enter the ISP's DNS server.

I might give 6.0 another go soon
but i'll install it at home first and make sure i know that it won't happen again at work.

Cheers for all your help