Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: funkusmunkus on August 20, 2004, 02:26:07 AM
-
Hi all,
I have been using sme 5.6 u6 for some time, I thought it was time to move on to 6.
so I did a new install, but we lost our internet connection, and when I logged onto the router that's placed in front of the server, I listed the processes and there were 256 outgoing requests to different websites, to port 53, I thought a local machine had a virus and was conducting a DDOS attack, so I checked them all, and no joy, so to get everything running as quickly as possible I reinstalled 5.6 and the outgoing requests stopped, so I concluded it was server 6 that was sending the requests to port 53, or at least that was the best answer I could come up with.
Now I did install a few rpms but can't remember which I installed exactly, and I want to give 6 or 6.0.1 a go again, now it could have been my fault but I was hoping someone could shed some light on the subject.
thanx in advance
R. A.
-
Port 53 is DNS.
-
I know 53 is DNS but the router only handles so many requests, we were not able to connect to anything external of our own network.
there were seriusly 256 port 53 entries on the router, and the ip addresses were changing.
for the whole time.
-
Ok - so you know port 53 is DNS. I am guessing that the name server addresses where the ones in /etc/dnsroots.global.
Perhaps adding your service providers DNS server in the admin menu might resolve the problem.
The current dnsroots.global is slightly incorrect.
-
I'll have a look at that, i'm reinstalling 6.0.1 this weekend so if i have the same problem you'll see me here agian ;-)
I'm still trying to understand what was going on, the dns reqeusts were only there when other computers were on, over the weekend there were hardly any worth mentioning, then monday comes and back up to 256 at any one given second, and as i said i reinstalled 5.6 and they stopped, i didn't change any client machine configs, it must have been a contrib or something else i did wrong.
i guess i was hoping someone would tell me they had the same problem and tell me what it is.
anyway i'll document everything this time.
Cheers
R.A.
-
same problem back again :idea:
here's an example of what the nat list on the router looks like:
1 17 10.0.0.2:34557 x.x.x.x:38784 128.9.0.107:53 1 20 10
2 17 10.0.0.2:19999 x.x.x.x:38789 192.48.79.30:53 1 20 10
3 17 10.0.0.2:26172 x.x.x.x:38790 192.31.80.34:53 1 20 10
4 17 10.0.0.2:32145 x.x.x.x:38797 192.48.79.30:53 1 20 10
5 17 10.0.0.2:8198 x.x.x.x:38796 192.58.128.30:53 1 20 10
6 17 10.0.0.2:31339 x.x.x.x:38799 192.43.172.30:53 1 20 10
7 17 10.0.0.2:48047 x.x.x.x:38798 192.112.36.4:53 1 20 10
8 17 10.0.0.2:38771 x.x.x.x:38800 207.126.96.162:53 1 20 10
9 6 10.0.0.2:1111 x.x.x.x:36746 216.155.193.133:5050 1 60 1
10 17 10.0.0.2:20773 x.x.x.x:38823 192.36.148.17:53 1 20 10
11 17 10.0.0.2:52626 x.x.x.x:38825 192.41.162.30:53 1 20 10
12 17 10.0.0.2:19712 x.x.x.x:38824 192.58.128.30:53 1 20 10
13 17 10.0.0.2:14335 x.x.x.x:38827 192.5.5.241:53 1 20 10
14 17 10.0.0.2:35500 x.x.x.x:38826 192.48.79.30:53 1 20 10
15 17 10.0.0.2:61336 x.x.x.x:38829 192.35.51.30:53 1 20 10
16 17 10.0.0.2:6773 x.x.x.x:38828 128.63.2.53:53 1 20 10
Some of the addresses are as mentioned in the dnsroot.global but most aren't, and this is a clean vanila install of sme 6.0
so what are my options?
-
OK we lost internet access again because there were too many udp's going out, i had to restart the server so we have some internet access, I love e-smith but it's letting me down at the moment
-
I am very confused, the udp packets seem to have died down at the moment, only 5 or so going out.
I take it the sme server is doing what it's ment to, but I'm not sure what that is.
-
What is your hardware spec, CPU, RAM Internet connection ? SME v6 needs more of all of those.
-
Hi Ray,
Well it's a pretty good machine, it's running on dual 1G,s with a Gig of RAM, and 2 20G raid HDD's
so i don't think it's a hardware problem.
there must be a reason the server is sernding out UDP's but the router doesn't seem to handle the number of them even if they are really small, which is what they are, seeing as it hasen't increased the daily usage, acording to the ISP.
so i've gone back to 5.6 :cry: seeing as every 10 min's we'd loose our internet connection.
i was really looking forward to giving 6.0 a good try.
-
What does your Server Manager/Review Configuration panel show ?
-
Hi,
Did you enter your service providers DNS server when running thru the initial setup screens.
When I run iptraf and monitor traffic - I get single requests when browsing. If I remove the DNS server entry - I get a flood of DNS requests to multiple addreses.
-
Sorry about the delay in getting back (due to health reasons)
Ray this is how I normally configure the server:
Networking Parameters
Server Mode servergateway
Local IP address / subnet mask 192.168.0.1/255.255.255.0
External IP address / subnet mask 10.0.0.2/255.255.255.0
Gateway 10.0.0.138
Additional local networks No additional networks defined
DHCP server disabled
Server names
DNS server 192.168.0.1
Web server www.domainname
Proxy server proxy.domainname:3128
FTP server ftp.domainname
SMTP, POP, and IMAP mail servers mail.domainname
So the DNS server is it's self, I think you got it right duncan, it's because i didn't enter the ISP's DNS server.
I might give 6.0 another go soon :P
but i'll install it at home first and make sure i know that it won't happen again at work.
Cheers for all your help