LinuxQuestions.org - Troubleshooting A Gateway Server

Background:
For some time now, we have been having internet connectivity problems in our small office. We are a part of a Complex that hosts small businesses, and they provide us with internet connectivity as a part of the package. The net based work is at the core of our business, as it is with a second company in the Complex. We always have internet connection problems, as does the other company. But the Complex management doesnt believe there is a problem with the net connection because no one else complains. But the rest of the companies use the net for email, and thats about it. So they wont have any problems to the extent that we do. We spend our day using ssh, webdav, bittorrent, wgetting stuff, doing sftp uploads and playing the occasional game of WoW :D. The rest of companies use the net to check their Hotmail and Yahoo account, and have never heard of Gmail.

Problem:
This place is one big Windows shop. When we complain, they blame the problem on Linux of course. We have frequent, but intermittent issues with slow connections, down connections and the like, to the point where we wish we had dial-up instead. They provide us with 3 ports and 4 static IP addresses on our own subnet (standard for each company in the Complex). We have one Linux box that we use as a router and feed all the other machines net connectivity from it over a switch. Configs at the end of this post. We have always started with troubleshooting that box. We have ran Debian on it, tried Smoothwall, switched out the network cards and even switched out the box and OS entirely. Its now a PowerPC box (Mac Performa 6400) running Ubuntu Warty. In all cases, the problems have persisted so we have abandoned the hardware/config theory. But we are still willing to concider it as we now want to be thorough.

What we want to do now:
We have two goals right now:

1. Double check to make sure our configs are correct and not the source of our woes

2. Provide solid proof that their is a problem with the net connection here by providing logs from a thorough analysis.

Goal 1:
To accomplish goal one, I have posted the relevant configs on our gateway/router box below. Please peruse this and let me know if you see any possible confilicts that may have been overlooked.

Goal 2:
For our second goal, I need suggestions on a network analysis/testing utility that we can setup to run tests and produce a report on netowork performance. Preferably one that provides a summary or trace of network performance over a few days.

Machine role
Router, gateway between internal and external network
DHCP Server
Serves between 8 - 10 machines daily

Hardware
Macintosh Performa 6400
56MB RAM
200MHz PowerPC 603e
2 PCI Network Cards

Relevant Software
Ubuntu Warty, server install with no GUI
Kernel version 2.6.8.1-3-powerpc
DHCP Server 2.0pl5

DHCP Config

Code:

subnet 192.168.0.0 netmask 255.255.255.0{

        range 192.168.0.10 192.168.0.254;



        default-lease-time 86400;

        max-lease-time 31536000;



        option routers 192.168.0.1;



        option ip-forwarding off;



        option broadcast-address 192.168.0.255;

        option subnet-mask 255.255.255.0;



        option domain-name "alteroo.lan";



        option domain-name-servers 192.168.0.1;



}

Network card configs

Code:

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).



# The loopback network interface

auto lo

iface lo inet loopback

address 127.0.0.1

netmask 255.0.0.0

broadcast 127.255.255.255

network 127.0.0.0



# The primary network interface

auto eth0

iface eth0 inet static

address 192.168.0.1

netmask 255.255.255.0

broadcast 192.168.0.255



#external intefrace

auto eth1

iface eth1 inet static

address 192.168.255.181

netmask 255.255.255.248

broadcast 192.168.255.183

gateway 192.168.255.177

Routing table

Code:

Kernel IP routing table

Destination    Gateway        Genmask        Flags Metric Ref    Use Iface

192.168.255.176 0.0.0.0        255.255.255.248 U    0      0        0 eth1

192.168.0.0    0.0.0.0        255.255.255.0  U    0      0        0 eth0

0.0.0.0        192.168.255.177 0.0.0.0        UG    0      0        0 eth1

Networking options
powermac@powermac:~ $ cat /etc/network/options
ip_forward=yes
spoofprotect=yes
syncookies=no

iptables config

Code:

Chain INPUT (policy ACCEPT)

target    prot opt source              destination        

ACCEPT    all  --  anywhere            anywhere            

ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED 

ACCEPT    all  --  anywhere            anywhere            state NEW 



Chain FORWARD (policy ACCEPT)

target    prot opt source              destination        

ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED 

ACCEPT    all  --  anywhere            anywhere            

REJECT    all  --  anywhere            anywhere            reject-with icmp-port-unreachable 



Chain OUTPUT (policy ACCEPT)

target    prot opt source              destination

Startup script

Code:

#!/bin/sh

#

# $Id: routing.init.d,v 0.0.0.2 2005/06/03 22:11:54 peloy Exp $

#



# Defaults

ETH_EXT="eth1"



# Reads config file (will override defaults above)



case "$1"

        in

        start ) echo -n "Setting up Routing "

                echo 1 > /proc/sys/net/ipv4/ip_forward



                sleep 2



                if iptables --table nat -A POSTROUTING -o $ETH_EXT -j SNAT --to 192.168.255.181;  then

                        echo "routing started"

                else

                        echo "routing failed Restart manually"

                fi

                ;;

        stop )  echo -n "Stopping Routing"

                echo 0 > /proc/sys/net/ipv4/ip_forward

                iptables -D POSTROUTING 1

                ;;

        restart | force-reload ) sleep 2

                echo "Error in arguements"

                ;;

        * )    echo "Usage: /etc/init.d/routing {start|stop}"

                exit 1 

                ;;

esac



exit 0

ifconfig dump

Code:

eth0      Link encap:Ethernet  HWaddr 00:C0:95:F8:7E:7A  

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::2c0:95ff:fef8:7e7a/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1256624 errors:1 dropped:0 overruns:0 frame:0

          TX packets:1213083 errors:19 dropped:0 overruns:0 carrier:10

          collisions:169981 txqueuelen:1000 

          RX bytes:432102836 (412.0 MiB)  TX bytes:885944264 (844.9 MiB)

          Interrupt:23 Base address:0x800 



eth1      Link encap:Ethernet  HWaddr 00:08:A1:82:62:FC  

          inet addr:192.168.255.181  Bcast:192.168.255.183  Mask:255.255.255.248

          inet6 addr: fe80::208:a1ff:fe82:62fc/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1262706 errors:3 dropped:0 overruns:0 frame:4

          TX packets:68 errors:1258487 dropped:0 overruns:4 carrier:1258487

          collisions:0 txqueuelen:1000 

          RX bytes:892632682 (851.2 MiB)  TX bytes:5836 (5.6 KiB)

          Interrupt:25 Base address:0x400 



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:447 errors:0 dropped:0 overruns:0 frame:0

          TX packets:447 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:61228 (59.7 KiB)  TX bytes:61228 (59.7 KiB)

Let me know if there is any other relevant info that is needed that I may have missed. I'm trying to be as thorough as possible.