LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-12-2006, 09:23 AM   #1
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,385

Rep: Reputation: 52
Networking question


Hi folks,

My FC3 workstation is connected 1o 1.5Mb broadband via ADSL modem to telephone line and with dynamic IP allotted on connection.

I have been suffering on slow Internet browsing for a week on acount of dead primary nameserver which was found later. Each time after connecting ISP server a set of nameservers was allotted, namely the primary and secondary nameservers. They were seldomly changed, almost the same set each time on connection. The ISP disputed my finding saying the primary nameserver was alive pinged on his Windows PC. Finally the ISP changed another new set of nameservers. But the new primary nameserver assigned still died.

New set of nameservers;
# cat /etc/resolv.conf
nameserver 203.123.77.196 (Primary)
nameserver 202.123.77.213 (Secondary)


The history of ping and traceroute are as follows;

ping command
============
1)
Tested on FC3
# ping -c 3 202.123.77.196
Code:
PING 202.123.77.196 (202.123.77.196) 56(84) bytes of data.
From 202.123.95.82 icmp_seq=0 Time to live exceeded
From 202.123.95.82 icmp_seq=1 Time to live exceeded
From 202.123.95.82 icmp_seq=2 Time to live exceeded

--- 202.123.77.196 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2002ms, pipe 2
It indicated 100% packet loss.


2)
Tested on WinME
C:\WINDOWS>ping -n 3 202.123.77.196
Code:
Pinging 202.123.77.196 with 32 bytes of data:

Reply from 202.123.95.82: TTL expired in transit.
Reply from 202.123.95.82: TTL expired in transit.
Reply from 202.123.95.82: TTL expired in transit.

Ping statistics for 202.123.77.196:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% l
Approximate round trip times in milli-seconds:
From the abve it indicates 0% packet loss. Now I'm not surprised why the ISP claimed no problem on the nameservers pinged on his Windows PC. Windows allowed the feedback from another nameserver getting through and indicating 0% packet loss. I suppose this was the security problem. If I'm wrong please correct me. Tks.


3)
Tested on FC3
# ping -c 3 202.123.77.213
Code:
PING 202.123.77.213 (202.123.77.213) 56(84) bytes of data.
64 bytes from 202.123.77.213: icmp_seq=0 ttl=252 time=37.3 ms
64 bytes from 202.123.77.213: icmp_seq=1 ttl=252 time=18.7 ms
64 bytes from 202.123.77.213: icmp_seq=2 ttl=252 time=18.9 ms

--- 202.123.77.213 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 18.729/25.001/37.335/8.723 ms, pipe 2
No packet loss found.



traceroute
==========

1)
Tested on FC3
# traceroute 202.123.77.196
Code:
traceroute to 202.123.77.196 (202.123.77.196), 30 hops max, 38 byte packets
 1  203.88.164.1 (203.88.164.1)  34.436 ms  18.725 ms  17.194 ms
 2  202-123-94-73.ihenderson.com (202.123.94.73)  31.701 ms  17.349 ms  17.180 ms
 3  202-123-94-51.ihenderson.com (202.123.94.51)  33.842 ms  16.773 ms  17.193 ms
 4  202-123-95-82.ihenderson.com (202.123.95.82)  29.837 ms  17.027 ms  17.181 ms
 5  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  33.179 ms  16.775 ms  17.461 ms
 6  202-123-95-82.ihenderson.com (202.123.95.82)  28.888 ms  23.199 ms  17.346 ms
 7  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  32.042 ms  18.007 ms  17.933 ms
 8  202-123-95-82.ihenderson.com (202.123.95.82)  34.393 ms  18.015 ms  16.936 ms
 9  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  25.559 ms  17.237 ms  17.462 ms
10  202-123-95-82.ihenderson.com (202.123.95.82)  37.132 ms  18.018 ms  17.452 ms
11  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  38.051 ms  17.523 ms  17.176 ms
12  202-123-95-82.ihenderson.com (202.123.95.82)  36.670 ms  17.502 ms  17.194 ms
13  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  35.245 ms  17.743 ms  17.465 ms
14  202-123-95-82.ihenderson.com (202.123.95.82)  33.834 ms  17.497 ms  17.192 ms
15  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  31.714 ms  17.290 ms  17.175 ms
16  202-123-95-82.ihenderson.com (202.123.95.82)  29.592 ms  17.966 ms  17.934 ms
17  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  36.741 ms  19.286 ms  17.399 ms
18  202-123-95-82.ihenderson.com (202.123.95.82)  33.879 ms  17.482 ms  17.181 ms
19  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  30.061 ms  17.550 ms  17.451 ms
20  202-123-95-82.ihenderson.com (202.123.95.82)  33.983 ms  17.933 ms  17.698 ms
21  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  27.707 ms  17.477 ms  16.965 ms
22  202-123-95-82.ihenderson.com (202.123.95.82)  32.793 ms  17.480 ms  17.446 ms
23  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  36.703 ms  17.719 ms  17.952 ms
24  202-123-95-82.ihenderson.com (202.123.95.82)  30.638 ms  17.701 ms  18.198 ms
25  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  34.904 ms  18.215 ms  18.188 ms
26  202-123-95-82.ihenderson.com (202.123.95.82)  29.862 ms  17.978 ms  16.940 ms
27  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  23.821 ms  17.564 ms  18.855 ms
28  202-123-95-82.ihenderson.com (202.123.95.82)  36.947 ms  17.711 ms  17.946 ms
29  hdc-coreB-fe110.ihenderson.com (202.123.95.81)  30.599 ms  17.972 ms  18.178 ms
30  202-123-95-82.ihenderson.com (202.123.95.82)  34.263 ms  17.716 ms  17.940 ms
found jumping between routers. If my suppose is WRONG, please correct me.


2)
Tested on server on Internet, run by "traceroute.org"
Code:
Version: v1.0 Date: 22-Jan-2002
Tracing route to 202-123-77-196.ihenderson.com [202.123.77.196]
over a maximum of 30 hops:
  1   <10 ms   <10 ms   <10 ms  202.85.152.2 
  2   <10 ms   <10 ms   <10 ms  ge1-2-cosw0907.hk01.iadvantage.net [202.85.129.50] 
  3    57 ms   235 ms   223 ms  henderson-rge.hkix.net [202.40.161.105] 
  4     2 ms     2 ms     2 ms  202-123-94-91.ihenderson.com [202.123.94.91] 
  5     2 ms     2 ms     2 ms  202-123-94-51.ihenderson.com [202.123.94.51] 
  6     2 ms     2 ms     2 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
  7     2 ms     2 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
  8     2 ms     2 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
  9     2 ms     3 ms     2 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 10     2 ms     2 ms     2 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 11     3 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 12     2 ms     2 ms     2 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 13     2 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 14     3 ms     3 ms     2 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 15     3 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 16     3 ms     2 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 17     2 ms     3 ms     2 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 18     2 ms     2 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 19     3 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 20     3 ms     2 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 21     3 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 22     3 ms     3 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 23     4 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 24     3 ms     3 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 25     3 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 26     3 ms     3 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 27     4 ms     5 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 28     4 ms     3 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
 29     3 ms     3 ms     3 ms  hdc-coreb-fe110.ihenderson.com [202.123.95.81] 
 30     3 ms     3 ms     3 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
Trace complete.

HTTP/1.1 502 Gateway Error
Server: Microsoft-IIS/5.0
Date: Thu, 09 Feb 2006 05:51:23 GMT
Connection: close
Content-Length: 186
Content-Type: text/html
It indicates gateway error


3)
Tesed on FC3
# traceroute 202.123.77.213
Code:
traceroute to 202.123.77.213 (202.123.77.213), 30 hops max, 38 byte packets
 1  203.88.164.1 (203.88.164.1)  27.979 ms  16.987 ms  16.785 ms
 2  202-123-94-67.ihenderson.com (202.123.94.67)  27.374 ms  17.286 ms  17.442 ms
 3  202-123-95-82.ihenderson.com (202.123.95.82)  27.671 ms  17.258 ms  17.430 ms
 4  202-123-77-222.ihenderson.com (202.123.77.222)  28.253 ms  18.010 ms  17.931 ms
 5  ns02.ihenderson.com (202.123.77.213)  28.815 ms  18.266 ms  17.677 ms
Exited automatically.


4)
Tested on server on Internet, run by "traceroute.org"
Code:
Version: v1.0 Date: 22-Jan-2002 Copyright: Sum.com.hk
Tracing route to ns02.ihenderson.com [202.123.77.213]
over a maximum of 30 hops:
  1   <10 ms     1 ms   <10 ms  202.85.152.2 
  2   <10 ms   <10 ms   <10 ms  ge1-2-cosw0907.hk01.iadvantage.net [202.85.129.50] 
  3     2 ms     2 ms     2 ms  henderson-rge.hkix.net [202.40.161.105] 
  4     2 ms     2 ms     2 ms  202-123-94-91.ihenderson.com [202.123.94.91] 
  5     3 ms     2 ms     2 ms  202-123-94-51.ihenderson.com [202.123.94.51] 
  6     3 ms     2 ms     2 ms  202-123-95-82.ihenderson.com [202.123.95.82] 
  7     2 ms     4 ms     3 ms  202-123-77-218.ihenderson.com [202.123.77.218] 
  8     3 ms     2 ms     2 ms  ns02.ihenderson.com [202.123.77.213] 

Trace complete.
No error indicated.


Now each time after booting up the PC I have to revert the order of nameservers on /etc/resolv.conf. Since they are seldomly changed. Can I run them as static IP. If YES, please advise which file shall I edit to effect the change, not running them as dynamic IP. Tks.

Furthermore please help me to understand what are the possible causes on ISP server with this mistake generated. TIA

B.R.
satimis
 
Old 02-12-2006, 12:31 PM   #2
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
WOW!
According to what you posted, your ISP network is REALLY wrong. Routers playing tennis with packets isn't really making your network reliable. You better call them before to do the same about the second DNS server
The cause is probably a bunch of idiots managing the server farm. Assuming this happen on windoze as well (the 0% packet lost means nothing, as you get "Expired TTL" as well. Windoze just doesn't count expired TTL as "lost" packets), I can't see how they couldn't be the problem. They are probably forwarding (NATing) you from one box to another, but wrongly forward you back to the first box and goes on... broken firewalling for sure.


About fixes... You can't use static ips, as your provider probably charge an extra for static ips. However, they probably don't have hundred of DNS servers, settings few one by hand in /etc/resolv.conf (and making sure ADSL doesn't change them when it starts) should do quite the trick.
If you use ADSL, I assume you are using PPPoE. PPPoE usually load the DNS list from your provider, but it's really easy to avoid this behavior if you don't want this to happen.
Look in /etc/ppp/pppoe.conf (it's there on my box, but the name of the .conf may be different/in a different place on your).

Here is what I use here. I have a local DNS server (notice the 192.168.0.1) but settings this with a list of distant server should work as well. The "PEERDNS" and "USEPEERDNS" set to no is important if you don't want PPPoE to consider the DNS server lists it gets from your provider.

Code:
...
# DNS type: SERVER=obtain from server; SPECIFY=use DNS1 and DNS2;
# NOCHANGE=do not adjust.
DNSTYPE=NOCHANGE

# Obtain DNS server addresses from the peer (recent versions of pppd only)
# In old config files, this used to be called USEPEERDNS.  Changed to
# PEERDNS for better Red Hat compatibility
USEPEERDNS=no
PEERDNS=no

DNS1=192.168.0.1
DNS2=
...
 
Old 02-12-2006, 07:24 PM   #3
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,385

Original Poster
Rep: Reputation: 52
Hi Half_Elf,

Tks for your advice.

Quote:
If you use ADSL, I assume you are using PPPoE. PPPoE usually load the DNS list from your provider, but it's really easy to avoid this behavior if you don't want this to happen.
Look in /etc/ppp/pppoe.conf (it's there on my box, but the name of the .conf may be different/in a different place on your).
# find / -name pppoe.conf
Code:
/usr/share/doc/rp-pppoe-3.5/configs/pppoe.conf
I could not find pppoe.conf running on FC3 box.

I can copied /usr/share/doc/rp-pppoe-3.5/configs/pppoe.conf on /etc/ppp/ and edit the same for my use. But I'm not sure whether it is the right place keeping it on FC3 box.

# ls -al /etc/ppp/
Code:
total 144
drwxr-xr-x   3 root root  4096 Oct  3 09:38 .
drwxr-xr-x  83 root root 12288 Feb 13 08:36 ..
-rw-------   1 root root   321 Oct 18 15:18 chap-secrets
-rw-r--r--   1 root root  1042 Sep  5 22:13 firewall-masq
-rw-r--r--   1 root root   913 Sep  5 22:13 firewall-standalone
-rw-r--r--   1 root root     0 Oct  5  2004 ioptions
-rwxr-xr-x   1 root root   353 Oct 17  2004 ip-down
-rwxr-xr-x   1 root root  3362 Jun  2  2003 ip-down.ipv6to4
-rwxr-xr-x   1 root root   403 Oct 17  2004 ip-up
-rwxr-xr-x   1 root root  6594 Jun  2  2003 ip-up.ipv6to4
-rwxr-xr-x   1 root root   797 Nov 12  2002 ipv6-down
-rwxr-xr-x   1 root root   785 Nov 12  2002 ipv6-up
-rw-r--r--   1 root root     5 Nov  2  2004 options
-rw-------   1 root root   320 Oct 18 15:18 pap-secrets
drwxr-xr-x   3 root root  4096 Mar 31  2005 peers
-rw-r--r--   1 root root   104 Sep  5 22:13 pppoe-server-options
-rw-r--r--   1 root root    53 Aug 21 18:55 resolv.conf
# cat /usr/share/doc/rp-pppoe-3.5/configs/pppoe.conf
Code:
***********************************************************************
#
# pppoe.conf
#
# Configuration file for rp-pppoe.  Edit as appropriate and install in
# /etc/ppp/pppoe.conf
#
# NOTE: This file is used by the adsl-start, adsl-stop, adsl-connect and
#       adsl-status shell scripts.  It is *not* used in any way by the
#       "pppoe" executable.
#
# Copyright (C) 2000 Roaring Penguin Software Inc.
#
# This file may be distributed under the terms of the GNU General
# Public License.
#
# LIC: GPL
# $Id: pppoe.conf,v 1.10 2002/04/09 17:28:38 dfs Exp $
#***********************************************************************

# When you configure a variable, DO NOT leave spaces around the "=" sign.

# Ethernet card connected to ADSL modem
ETH=eth1

# ADSL user name.  You may have to supply "@provider.com"  Sympatico
# users in Canada do need to include "@sympatico.ca"
# Sympatico uses PAP authentication.  Make sure /etc/ppp/pap-secrets
# contains the right username/password combination.
# For Magma, use xxyyzz@magma.ca
USER=bxxxnxnx@sympatico.ca

# Bring link up on demand?  Default is to leave link up all the time.
# If you want the link to come up on demand, set DEMAND to a number indicating
# the idle time after which the link is brought down.
DEMAND=no
#DEMAND=300

# DNS type: SERVER=obtain from server; SPECIFY=use DNS1 and DNS2;
# NOCHANGE=do not adjust.
DNSTYPE=SERVER

# Obtain DNS server addresses from the peer (recent versions of pppd only)
# In old config files, this used to be called USEPEERDNS.  Changed to
# PEERDNS for better Red Hat compatibility
PEERDNS=yes

DNS1=
DNS2=

# Make the PPPoE connection your default route.  Set to
# DEFAULTROUTE=no if you don't want this.
DEFAULTROUTE=yes

### ONLY TOUCH THE FOLLOWING SETTINGS IF YOU'RE AN EXPERT

# How long adsl-start waits for a new PPP interface to appear before
# concluding something went wrong.  If you use 0, then adsl-start
# exits immediately with a successful status and does not wait for the
# link to come up.  Time is in seconds.
#
# WARNING WARNING WARNING:
#
# If you are using rp-pppoe on a physically-inaccessible host, set
# CONNECT_TIMEOUT to 0.  This makes SURE that the machine keeps trying
# to connect forever after adsl-start is called.  Otherwise, it will
# give out after CONNECT_TIMEOUT seconds and will not attempt to
# connect again, making it impossible to reach.
CONNECT_TIMEOUT=30

# How often in seconds adsl-start polls to check if link is up
CONNECT_POLL=2

# Specific desired AC Name
ACNAME=

# Specific desired service name
SERVICENAME=

# Character to echo at each poll.  Use PING="" if you don't want
# anything echoed
PING="."

# File where the adsl-connect script writes its process-ID.
# Three files are actually used:
#   $PIDFILE       contains PID of adsl-connect script
#   $PIDFILE.pppoe contains PID of pppoe process
#   $PIDFILE.pppd  contains PID of pppd process
CF_BASE=`basename $CONFIG`
PIDFILE="/var/run/$CF_BASE-adsl.pid"

# Do you want to use synchronous PPP?  "yes" or "no".  "yes" is much
# easier on CPU usage, but may not work for you.  It is safer to use
# "no", but you may want to experiment with "yes".  "yes" is generally
# safe on Linux machines with the n_hdlc line discipline; unsafe on others.
SYNCHRONOUS=no

# Do you want to clamp the MSS?  Here's how to decide:
# - If you have only a SINGLE computer connected to the ADSL modem, choose
#   "no".
# - If you have a computer acting as a gateway for a LAN, choose "1412".
#   The setting of 1412 is safe for either setup, but uses slightly more
#   CPU power.
CLAMPMSS=1412
#CLAMPMSS=no

# LCP echo interval and failure count.
LCP_INTERVAL=20
LCP_FAILURE=3

# PPPOE_TIMEOUT should be about 4*LCP_INTERVAL
PPPOE_TIMEOUT=80

# Firewalling: One of NONE, STANDALONE or MASQUERADE
FIREWALL=NONE

# Linux kernel-mode plugin for pppd.  If you want to try the kernel-mode
# plugin, use LINUX_PLUGIN=/etc/ppp/plugins/rp-pppoe.so
LINUX_PLUGIN=

# Any extra arguments to pass to pppoe.  Normally, use a blank string
# like this:
PPPOE_EXTRA=""

# Rumour has it that "Citizen's Communications" with a 3Com
# HomeConnect ADSL Modem DualLink requires these extra options:
# PPPOE_EXTRA="-f 3c12:3c13 -S ISP"

# Any extra arguments to pass to pppd.  Normally, use a blank string
# like this:
PPPD_EXTRA=""


########## DON'T CHANGE BELOW UNLESS YOU KNOW WHAT YOU ARE DOING
# If you wish to COMPLETELY overrride the pppd invocation:
# Example:
# OVERRIDE_PPPD_COMMAND="pppd call dsl"

# If you want adsl-connect to exit when connection drops:
# RETRY_ON_FAILURE=no

Do I need to make any change on the existing /etc/ppp/pap-secret ???

TIA

B.R.
satimis
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
networking,question... JT13 Linux - Networking 4 06-27-2005 07:15 AM
networking question wozzle Linux - Networking 5 10-28-2004 08:42 AM
Networking question Rekna Linux - Networking 1 06-16-2004 10:59 PM
Networking Question ProtoformX Linux - Networking 2 03-17-2004 01:41 PM
networking question wslyhbb Linux - Networking 5 12-14-2003 11:30 AM


All times are GMT -5. The time now is 09:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration