LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   linux router keeps dropping connections. (http://www.linuxquestions.org/questions/linux-networking-3/linux-router-keeps-dropping-connections-635867/)

exodist 04-16-2008 09:49 PM

linux router keeps dropping connections.
 
I have a linux router I setup the other day, my brother is getting his internet through it now. However every so often (timing is somewhat random, between 1 and 10 minutes) every connection he has is dropped. Everything from a download to a game to instant messenger, then he can reconnect within seconds.

He has tried this on 2 different computers, so it is not a problem on his end. I have also noticed some ftp transfers stall and resume every few minutes.

The configuration:

Server:
Core2Quad
4gb ram
~3tb storage in 2 raid5's
5 network cards (explained below)
gentoo custom build.
Kernel: 2.6.23

Internet connections:
1) 6mb/384kb Cable Dynamic ip w/ a router that assigns a private network IP.
2) 1.5mb/768k DSL static ip

Network connections:
2 ethernet cards bonded to internal network experiencing the issue
1 ethernet card separate internal network not yet connected.

The Routing:
Both internet connections are routing to both internal networks in a weighted round robin config IE the dsl is 1/3 the speed of the cable so 3 out of 4 connections use cable, 4'rth uses DSL

The internal network has up and down speeds limited through 'tc'

Internal network gets dns (dnsmasq), dhcp(bind), and routing(iptables) through the bonded ethernet. It works fine except for the random disconnects every couple minutes.

Here is my script that runs on startup:
Code:

        #Make sure we do not already have a default route to mess w/ us.
        /sbin/route del default

        #Variables to avoid typos
        CABLE="eth1"
        CABLE_IP="192.168.100.2"
        CABLE_MASK="255.255.255.0"
        CABLE_NET="192.168.100.0/24"
        CABLE_ROUTE="192.168.100.1"
        CABLE_TABLE="4"
        CABLE_DEFUP="2mbit burst 15k"
        DSL="eth2"
        DSL_IP="71.39.157.170"
        DSL_MASK="255.255.255.248"
        DSL_NET="71.39.157.168/29"
        DSL_ROUTE="71.39.157.174"
        DSL_TABLE="3"
        DSL_DEFUP="2mbit burst 15k"
        LOCAL="bond0"
        LOCAL_SLAVEA="eth0"
        LOCAL_SLAVEB="eth3"
        LOCAL_IP="192.168.0.1"
        LOCAL_MASK="255.255.255.0"
        LOCAL_NET="192.168.0.0/24"
        LOCAL_TABLE="2"
        LOCAL_UPLIM="128kbit burst 15k"
        LOCAL_DNLIM="3mbit burst 15k"
        LOCAL_CLASS="20"
        LOCAL_MARK="7"
        LOCAL_NETLIM="1024mbit"
        WIFI="eth4"
        WIFI_IP="192.168.1.1"
        WIFI_MASK="255.255.255.0"
        WIFI_NET="192.168.1.0/24"
        WIFI_UPLIM="64kbit burst 15k"
        WIFI_DNLIM="128kbit burst 15k"
        WIFI_CLASS="10"
        WIFI_MARK="6"
        INET_MARK="9"

        #Configure the bonded internal network that most systems will connect to.
        /sbin/ifconfig ${LOCAL} ${LOCAL_IP} netmask ${LOCAL_MASK}
        /sbin/ip route add ${LOCAL_NET} dev ${LOCAL} src ${LOCAL_IP} table ${LOCAL_TABLE}
        /sbin/ip rule add from ${LOCAL_IP} table ${LOCAL_TABLE}
        #Add both devices to the bond.
        /sbin/ifenslave ${LOCAL} ${LOCAL_SLAVEA}
        /sbin/ifenslave ${LOCAL} ${LOCAL_SLAVEB}

        #Configure the other internal network that will be used for a wifi hot spot
        /sbin/ifconfig ${WIFI} ${WIFI_IP} netmask ${WIFI_MASK}

        #Configure the DSL connection
        /sbin/ifconfig ${DSL} ${DSL_IP} netmask ${DSL_MASK}
        /sbin/ip route add ${DSL_NET} dev ${DSL} src ${DSL_IP} table ${DSL_TABLE}
        /sbin/ip route add default via ${DSL_ROUTE} table ${DSL_TABLE}
        /sbin/ip rule add from ${DSL_IP} table ${DSL_TABLE}

        #Configure the cable connection
        /sbin/ifconfig ${CABLE} ${CABLE_IP} netmask ${CABLE_MASK}
        /sbin/ip route add ${CABLE_NET} dev ${CABLE} src ${CABLE_IP} table ${CABLE_TABLE}
        /sbin/ip route add default via ${CABLE_ROUTE} table ${CABLE_TABLE}
        /sbin/ip rule add from ${CABLE_IP} table ${CABLE_TABLE}

        #Round robin the 2 internet connections w/ wight
        /sbin/ip route add default scope global nexthop via ${DSL_ROUTE} dev ${DSL} weight 1\
                                                nexthop via ${CABLE_ROUTE} dev ${CABLE} weight 3

        #Allow the entire system to access the internal network
        /sbin/ip route add ${LOCAL_NET} dev ${LOCAL} src 0.0.0.0

        #Create resolv.conf and populate it.
        echo "nameserver ${CABLE_ROUTE}" > /etc/resolv.conf
        echo "nameserver ${DSL_ROUTE}" >> /etc/resolv.conf

        #Limit the speed of traffic from the server to the WIFI hot spot
        /sbin/tc qdisc add dev ${WIFI} root handle 1: htb default 1
        /sbin/tc class add dev ${WIFI} parent 1: classid 1:1 htb rate ${WIFI_DNLIM}

        #Limit the speed of the traffic from the server to the internal network
        /sbin/tc qdisc add dev ${LOCAL} root handle 2: htb default 1
        #Set the limit for connections to the server's services very high
        /sbin/tc class add dev ${LOCAL} parent 2: classid 2:1 htb rate ${LOCAL_NETLIM}
        #Set the internet download limit to something reasonable
        /sbin/tc class add dev ${LOCAL} parent 2: classid 2:10 htb rate ${LOCAL_DNLIM}
        #Make sure internet traffic is directed to the currect limit. 
        /sbin/tc filter add dev ${LOCAL} protocol ip parent 3:0 prio 1 handle ${INET_MARK} fw flowid 3:10

    #Limit the speed at which the server routes data from the internal networks to the internet.

        #Limit the dsl w/ a catch all default
        /sbin/tc qdisc add dev ${DSL} root handle 3: htb default 1
        /sbin/tc class add dev ${DSL} parent 3: classid 3:1 htb rate ${DSL_DEFUP}
        #Limits for both internal networks are set here
        /sbin/tc class add dev ${DSL} parent 3:1 classid 3:${WIFI_CLASS} htb rate ${WIFI_UPLIM}
        /sbin/tc class add dev ${DSL} parent 3:1 classid 3:${LOCAL_CLASS} htb rate ${LOCAL_UPLIM}
        #Make sure we direct packets to the correct limits.
        /sbin/tc filter add dev ${DSL} protocol ip parent 3:0 prio 1 handle ${WIFI_MARK} fw flowid 3:${WIFI_CLASS}
        /sbin/tc filter add dev ${DSL} protocol ip parent 3:0 prio 1 handle ${LOCAL_MARK} fw flowid 3:${LOCAL_CLASS}

        #Limit the cable connection w/ a catch all default
        /sbin/tc qdisc add dev ${CABLE} root handle 4: htb default 1
        /sbin/tc class add dev ${CABLE} parent 4: classid 4:1 htb rate ${CABLE_DEFUP}
        #Limits for both internal networks are set here
        /sbin/tc class add dev ${CABLE} parent 4:1 classid 4:${WIFI_CLASS} htb rate ${WIFI_UPLIM}
        /sbin/tc class add dev ${CABLE} parent 4:1 classid 4:${LOCAL_CLASS} htb rate ${LOCAL_UPLIM}
        #Make sure we direct packets to the correct limits.
        /sbin/tc filter add dev ${CABLE} protocol ip parent 4:0 prio 1 handle ${WIFI_MARK} fw flowid 4:${WIFI_CLASS}
        /sbin/tc filter add dev ${CABLE} protocol ip parent 4:0 prio 1 handle ${LOCAL_MARK} fw flowid 4:${LOCAL_CLASS}

        #Clear existing iptables settings if any
        iptables -F
        iptables -t nat -F

        iptables -P INPUT ACCEPT
        iptables -P OUTPUT ACCEPT
        iptables -P FORWARD DROP
        #Then we lock our services so they only work from the LAN
        iptables -I INPUT 1 -i ${LOCAL} -j ACCEPT
        iptables -I INPUT 1 -i ${WIFI} -j ACCEPT
        iptables -I INPUT 1 -i lo -j ACCEPT
        iptables -A INPUT -p UDP --dport bootps -i ! ${LOCAL} -j REJECT
        iptables -A INPUT -p UDP --dport bootps -i ! ${WIFI} -j REJECT
        iptables -A INPUT -p UDP --dport domain -i ! ${LOCAL} -j REJECT
        iptables -A INPUT -p UDP --dport domain -i ! ${WIFI} -j REJECT

        #Open some ports to the internet, this is a server afterall.
        for i in '80' '8080' '20' '21' '22' '24' '25' '37' '110' '113' '118' '123' '156' '194' '220' '389' '443' '465' '531' '989' '990' '9
93' '995'; do
                iptables -A INPUT -p TCP --dport ${i} -i ${CABLE} -j ACCEPT
                iptables -A INPUT -p TCP --dport ${i} -i ${DSL} -j ACCEPT
                iptables -A INPUT -p TCP --dport ${i} -i ${LOCAL} -j ACCEPT
        done

        #Drop TCP / UDP packets to privileged ports
        iptables -A INPUT -p TCP -i ! ${WIFI} -d 0/0 --dport 0:1023 -j DROP
        iptables -A INPUT -p UDP -i ! ${WIFI} -d 0/0 --dport 0:1023 -j DROP

        #add the rules for NAT

        #Internal networks
        iptables -I FORWARD -i ${WIFI} -d 192.168.1.0/255.255.255.0 -j DROP
        iptables -A FORWARD -i ${WIFI} -s 192.168.1.0/255.255.255.0 -j ACCEPT
        iptables -I FORWARD -i ${LOCAL} -d 192.168.0.0/255.255.255.0 -j DROP
        iptables -A FORWARD -i ${LOCAL} -s 192.168.0.0/255.255.255.0 -j ACCEPT

        #Internet connections
        iptables -A FORWARD -i ${DSL} -d 192.168.0.0/255.255.255.0 -j ACCEPT
        iptables -A FORWARD -i ${CABLE} -d 192.168.0.0/255.255.255.0 -j ACCEPT
        iptables -A FORWARD -i ${DSL} -d 192.168.1.0/255.255.255.0 -j ACCEPT
        iptables -A FORWARD -i ${CABLE} -d 192.168.1.0/255.255.255.0 -j ACCEPT

        #Too lazy to go into details, some of which I do not know
        iptables -t nat -A POSTROUTING -o ${DSL} -j SNAT --to-source ${DSL_IP}
        iptables -t nat -A POSTROUTING -o ${CABLE} -j SNAT --to-source ${CABLE_IP}

        #Mark packets from the internal networks so we know where they came form when
        #directing to the limiters
        iptables -A PREROUTING -t mangle -i ${WIFI} -j MARK --set-mark ${WIFI_MARK}
        iptables -A PREROUTING -t mangle -i ${LOCAL} -j MARK --set-mark ${LOCAL_MARK}

        #MArk packets from the internet.
        iptables -A PREROUTING -t mangle -i ${DSL} -j MARK --set-mark ${INET_MARK}
        iptables -A PREROUTING -t mangle -i ${CABLE} -j MARK --set-mark ${INET_MARK}

        #Tell the kernel that ip forwarding is OK
        echo 1 > /proc/sys/net/ipv4/ip_forward
        for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

I have tried bonding w/ both round robin and xor options to the bonding module, my brother said the xor made it worse, but I do not think that is provable.

My next step is to stop bonding and use only 1 card for the internal network.

If that fails I will try directly connecting the cable modem to the server so traffic does not have to go through an additional NAT.

Tomorrow I am having my cable connection upgraded to have 5 static ip's anyway, so if the last one is the problem it won't be for long.

aus9 04-25-2008 12:29 AM

since no one has replied...and I am no expert....I was wondering about your brothers max lease time?

and so found this
http://www.linuxquestions.org/questi...66#post3077166

which led to this
http://www.thekelleys.org.uk/dnsmasq/doc.html

but you may prefer back to this?
http://tldp.org/HOWTO/DHCP/x369.html


All times are GMT -5. The time now is 09:38 AM.