Topic: After new server & gateway install: bandwidth fully used

[haj]

Hello,

I have done a brand new fresh sme install in server & gateway mode behind an ADSL modem in router mode providing a "double firewall" (the router's and the sme's)

Install worked fine, but after configuration, no way to connect to internet or very very slowly...

- Tried an iptraf and noticed upload bandwidth was fully used.

- Tried tcpdump on local interface but it seems no local workstation was uploading.

- Tried a networks restart (using the Sxxnetwork file in /etc/rc7.d). After network has restarted, workstaion could access internet at normal speed but for a few minutes only, then , I get full upload bandwith used again...

- Went back to original configuration (ADSL router and no server  ) and things are working as they should: fast internet. That make me think again no local network worksation was using that bandwith.

I had no way to wait more to see, if after a while, SME will stop uploading because guys here have to work...

My questions are:
- can SME be the one that was uploading?
- What could it be uploading after a fresh install???

Best regards

[CharlieBrady]

My questions are:
- can SME be the one that was uploading?
- What could it be uploading after a fresh install???

Your best way to answer those questions is to actually look at the traffic. iptraf should be telling you what type of traffic is being sent, not just that all your bandwidth is utilised. And you can use tcpdump to view or capture traffic on your WAN interface (-i eth1, probably).

This command will quickly show you if there are TCP connections:

 netstat -t -n | sed /127.0.0.1/d

[troykd]

Try putting your ADSL Modem/router in bridge mode and let SME take care of the router and firewall duties.

[mike_mattos]

If the combo router/firewall is in default  configuration, is it not blocking all the  ports the SME server needs?  

I've used two routers in tandem,  one serves 192.x.x.x and the other serves 10.x.x.x  to allow different groups to share a connection, with no delays, so I doubt that the problem is anything other than blocked ports.

Also, what are the email ports used, is your ISP allowing a mail server?

[CharlieBrady]

I have done a brand new fresh sme install in server & gateway mode behind an ADSL modem in router mode providing a "double firewall" (the router's and the sme's)

There is pretty much zero security value in having two firewalls. If there is a security flaw in SME server, it will be accessible by one of the protocols you need to allow through the "outside" firewall in order for your server to work correctly.

I agree with other posters that you should use the modem in bridge mode.

[haj]

Hello,

Thanks all for your help. Putting the modem in bridge mode is the configuration I prefer but  the configuration guys don't want here, if SME's down, pluging back the router to the hub is a quick and simple rescue workaround.

I haven't had a moment to test SME again since today because guys here can't work without internet (web agency) but I had time today and I have just tested it again (lunch time...)

So I pluged back the SME to the network using the same configuration and I quite immediatly noticed a bandwith of 3/4 kbytes/s  (up)

I looked again to tcpdump output for eth1 and noticed many lines looking like DNS resolution. So I went in the SME configuration and set up the Adsl router's IP as DNS server and thing are now working.

I suspect there is a port to open in the router so that SME has a DNS server can work without using all bandwidth. If that is the case it should be included in the SME documentation.
Please can someone confirm me that so I can raise a bug for it to be added to the SME doc?

Best regards

[haj]

There is pretty much zero security value in having two firewalls. If there is a security flaw in SME server, it will be accessible by one of the protocols you need to allow through the "outside" firewall in order for your server to work correctly.

Hello Charlie,

I was wondering why use SME in server and gateway when having an ADSL router? (less noise, less power consumption)

Best regards