Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently rebuilt our firewall, it has an Intel MB which uses the eepro100 driver for eth0 and I have a DLink quad ethernet using the sundance driver.
I am using iptables of Fedora Core 1.
I have been finding that after running for an undetermined period of time, traffic across eth0 stops. Nothing is logged to indicate a problem it just doesn't go anymore. eth1-4 still work fine.
Rebooting the firewall box restores service.
I have searched for similiar scenarios but unfortunately it is difficult to know what question to ask. I am suspecting a problem with IPTABLES.
To solve this problem we will have to determine what is working and what is not.
When your box stop working, what is and is not working then?
Can you ping your eth0 from that machine?
What does ifconfig say? Is eth0 up and having an IP?
How does your routing table look? route
Is IPv4 forwarding still active? cat /proc/sys/net/ipv4/ip_forward (should return 1)
Nothing on the 192.168.1/24 can ping the interface and from the firewall box, I can't ping any of the others but the 192.168.1/24 machines can still ping each other. As far as I can see that pretty well nails the problem as being on the firewall.
eth0 has its IP 192.168.1.254 and is up.
ip_forwarding is set and is working fine between the other 4 interfaces.
the routing tables look fine. I forgot to include in my original post that I am running quagga ( zebra and bgpd ) but dont think it is relevant.
I came across a post that sounded a bit similiar and the solution for that person was to turn off all of the iptables rules and then turn them on again i.e. service iptables restart. I haven't tried this yet as the failure takes a while to occur, 3 weeks between the last two occurances.
You are correct, at this time I don't really know what is broken. It could be a problem with the eepro100 driver and this Manboard, it could be an iptables issue, it could be something else entirely :-(
What kind of error do you encounter when the eth0 stop working?
You still have link on the NIC?
Are the firewall rules the same when the machine is working as it is when it's not?
Make printout of your iptables settings when it's working and compare. Pay special attention to the INPUT and OUTPUT chains.
From the firewall box cant you ping any interface or host? What so ever.
If not I would bet on the firewall blocking something in the INPUT or OUTPUT chain. These chain aren't traversed for forwarded packets, host to host on your DLink card.
No error is reported by the kernel or anything else that I can find.
Electrically, the link is still up. The led on the NIC socket is on.
No changes have been made to the iptables rules. I have a pretty stable rule set, it is a little messy because of the topology but other than this mysterious problem it works fine. I have checked the rules and I am not using INPUT or OUTPUT only FORWARD and POSTROUTING in the nat table.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.