Hello, I've done a search but cannot find a detailed solution.

My network is approximately 20 Windows XP Pro clients, one Win 98 "test box", a Mandrake 9.2 desktop and my Linux (Mandrake MultiNetwork Firewall) server (kernel 2.4.18-8). My clients are plugged into a switch, then plugged into eth0, and eth1 goes to a ADSL modem to the Internet. so all internet connection goes through the server.

The server is a router, firewall (iptables), gateway, proxy (squid), filter (squidGuard). The Internet connection is "connect on demand." It works fine but many times gets extremely slow and sometimes stops altogether.

My ISP (Bell) says that we are only using about 40% of our bandwidth. My users complain about speed and frequently get "the page cannot be displayed" errors in Internet Explorer.

If the Internet stops completely, I can get it back up by doing a hard reset of the modem, then rebooting the server (adsl-stop and adsl-start do not bring the connection back). This works anywhere from a few hours to a week.

If it's really slow, I can usually increase speed by messing with /etc/resolv.conf - my ISP uses dynamic IP's for its DNS servers, so I've "found" some static ones to use that seem to work quite well. I don't know how to set up dynamic DNS from Linux...

I don't know what the problem could be.. sometimes killing the proxy (squid) works, other times not; sometimes messing wtih DNS works, sometimes not... my ISP insists that our line is perfect and we aren't even using half our available bandwidth. My speed tests today said my Linux desktop was between 7 Kbps and 32 Kbps (www.numion.com/yourspeed) but sometimes i can get up to 400 Kbps.

I'd like to use a software like Ethereal or something to figure out what's going on, but I don't know how to use it, and I'm not sure if that's what I need.

Any ideas??

avatar; recalling something read (reference) the speediest is the slowest
device in system. from all those (20) which is slowest, which will be as fast as
all will be able to send & recieve. workaround is place all devices with the same speed to attain maximum.

Speed of the network is in no way affected by the other clients. Speed is dependant upon the client and devices between that client and the Internet.

The issues are probably DNS related... I agree with that.

How do your clients get DNS? How does your router get DNS? Are you running a DNS server internally on your network? You say you are running squid, have you statically assigned your clients to use it as a proxy or are you using it as a transparent proxy?

If you have to physically reset your modem to get the connection back, does your modem do the PPPoE for you, or do you have to have your router/firewall device do that?

Thanks!

MrKnisely

you may want to check the following
Hardware :
bad network device :

bad network NIC in your Linux router ( check by running bandwidth test of your ISP
by using your linux box. If you get good results then your Internet side NIC card is probably
ok.

Next test your bandwidth from the lan side; Run a speed test from a workstation . If you get good results then probably your switch, and LAN side NIC
are ok . If not check switch, and NICs

Check all cables to make sure they are in specs for the network your are running, and not draped over anything that places RFI/EMI on the cables . If you can ,do not mix cat3 and cat5 cabling. If you do make sure they pass for rated speed. You can run a speed test by downloading a file via internet exploder from a web server on your lan. It will give you stats
on the bandwidth your lan can handle after the download . If you are still getting slow connections check ALL
cable connections esp those running from the DSL modem to the Linux router and the router to the switch.

For the software side make sure of the following

1) your proxy server (if you are running one ) can access a STABLE DNS server to parse
DNS requests

workstation and server can do the same .

2) Your proxy server is configured properly (memory cache usage, HD usage .etc ) Squid is notorious for dying mysteriously if it does not have the resources to run. Sometimes it will die and
not restart.


3) that iptables or whatever firewall you are running is stable and you have enable the correct
rules (this is a general caveat)

Thank you for all the excellent replies.

Today, the speed was great. Last week, it was poor.

Extra info: the workstations are mostly public terminals, so when the clients complain about the Internet or if it's not working, I have to fix it as soon as possible. Sometimes I had to do some rather messy workarounds.

charon79m:
The clients have set the DNS to the router/server 192.168.1.1 - some clients were not able to connect to the Internet one day, so I manually put in the ISP or an Internet DNS server. The router (server) uses /etc/resolv.conf to get its DNS server addresses. (Which I sometimes have to mess about with).
Squid is set up as a transparent proxy server, and I also run squidGuard to block inappropriate content, so I know that squid hasn't died since squidGuard continuously works. Also sometimes I check it to make sure it's running OK. So far it has never died.
I don't know about the PPPoE... I use the ADSL-start command in the Linux computer's startup.The Internet interface is ppp0, if that helps...

pcdocms:
I will try your suggestions; by speed test, do you mean the one at www.numion.com/yourspeed?

Thanks
A.

You might want to try some other speed sites


www.dslreports.com

www.testmyspeed.com

Some more thing to try

check for spyware and P2P software (e.g. virtual bouncer , gator, kazaa are not running

on your public network. You may need to check the services that running are on your workstation
s
and server. Turn off all program on server and workstations you dont need.


Hope this helps

pcdoc

Wow.

It seems today, according to dslreports.com, that I have a 2.2 Mbit download and 585K upload speed. I will also test on a slow day.

Would this be because sometimes the DNS servers are slower than others? Would clients wait on DNS lookups?

avatar; U got it. fraid so, mfg to sell products boast on speed from there test labs data not with real-time speeds. not
only that but has to do with other devices interfaced with any communications will become resulting accurate speed preformance.

Today slow again. Many clients stopped. It seems to hang on the DNS lookups (my browser says "Resolving host..") Windows clients say "Page cannot be displayed". I can connect better by using the IP address in the browser. Pings return about 20=25% of packets.

I fixed the problem by rebooting modem, then server - twice each. Now the Internet seems fine again.

PCdocms wanted me to check my cable connections. This seems very logical however, would a bad cable possibly cause this intermittent problem?

Here's another (involved) question. Right now I have static DNS servers in my /etc/resolv.conf. This is probably contributing to my problem. I would like to get the DNS servers via DHCP from my ISP. How can I do this?

Well, right now, i am running a Gentoo box as a router. I am also using Bell Sympatico DSL. I have eth1 using DSL and eth0 for the computers on my network. I have it all tied togther with a cheap hub (not a router). For my clients, it's as easy as eth0=dhcp in /etc/conf.d/net and for the Sympatico part, i am letting the Sympatico end assign me my IP and the DNS settings. I have entered the DNS primary and secondary addresses in adsl-setup (other than just putting server) but whether i did that or not, either way, it was the same speed and stability. As for your question, if you put "server" as the option for DNS servers during the adsl-setup, that should do the dhcp automatically from Sympatico. Hoped that helped a bit. Other than that, i would suggest changing the Mandrake router to a Gentoo router. Why? Because i like Gentoo. Period. No special reason (other than the numerous ways you can configure and see what is happening behind the scenes).

avatar; it may but not likely(cable) but worth trying better/new cable. if it does
make difference then that may have been the problem. but if not its within config(w/linux). recheck them all.

Just a thought: How about setting up caching DNS on the gateway system and configuring your clients to use that (instead of the internet based DNS servers). If you're running 20 machines on a DSL connection, it seems to me that you should have at least 1 static IP address too - at the very least, the IPS's DNS servers have to have static IP addresses - you can't FDQN a nameserver without one. This also makes me wonder if you have more than 1 device on your network trying to do DHCP. Do you have any WAN hubs, routers or switches that are doing this? If so, I think you'd be better off setting them to "Access Point Mode" and doing DHCP from the Linux box. That will also allow you to do coherent iptables rules based on what network a device is on.

Something else, do you need to use squid? I notice you're using iptables already, if you're not needing to log where your clients are going, you should take a look at the IP Masquerading HOWTO - you can find it here -> http://www.ecst.csuchico.edu/~dranch...ux.html#ipmasq (for some reason tldp.org has been intermittent at best lately)

Also, if these client machines are being used by the public (or anyone who is not responsible for them) I would suggest you at the very least install and use Spybot Search & Destroy and Ad-Aware on each of the clients. Plus, if you're using iptables anyway, you might want to think about only allowing the client machines to get out on ports 80 and 443 (HTTP and HTTPS) or whatever other ports they actually need to have open. If one (or more) of them have a virus it could very well be the cause of your speed woes.

If you configure your system as above, your clients should get configured with no proxy server (The NAT is transparent). In Internet Explorer under Tools>Internet Options>Connections>LAN Settings everything should be unchecked.

One last suggestion: If you're running X on the gateway, get etherape (http://etherape.sourceforge.net, I guess - but I'm really not sure about that URL). It will allow you to see in real time the traffic that's going across your network. It doesn't do logging (at least, not that I've found), but it's great for troubleshooting.

The huge results you got for download are most likely the result of your cache server. To get true results you might want to clear your cache and try again.

Cheers,

MrKnisely