LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Internet Connection 20 minute cut-off (http://www.linuxquestions.org/questions/slackware-14/internet-connection-20-minute-cut-off-283019/)

linmith 01-27-2005 04:37 PM

Internet Connection 20 minute cut-off
 
My dial up internet connection never seems to last longer than 20 minutes.

It doesn't disconnect, but data stops being transferred back and forth, usually after about 20 minutes, and I end up having to manually disconnect. My modem is a crappy generic USB winmodem, but the drivers I found for it seem to work quite well, apart from this problem.

It's not so bad for general browsing, but it means that I can't download big files or use IRC for any decent length of time.

My ISP is OK as well, since it works perfectly with windows. And I don't think it is a permissions thing either since I can dial in as a normal user.

I'm using KPPP to dial up, by the way.

Help...? :)

win32sux 01-28-2005 12:07 PM

just a thought: it might have something to do with your firewall... take a look at your firewall log to see if something weird is happening at the moment you loose contact...

linmith 01-29-2005 07:08 AM

Thanks for that reply, that firewall point makes sense.

Sorry to ask such a silly question, but what firewall does slackware use, and where might I find it's log?

win32sux 01-29-2005 07:52 AM

slackware uses linux's standard firewall - iptables (netfilter)...

on slackware the iptables script is (by defacto standard) placed in /etc/rc.d/rc.firewall... however, one is expected to put the iptables script there on one's own (and make it executable), and there isn't one set by default...

when you DO have a firewall script executed, and set to log some packets, the logging will occur by default in this file:

/var/log/syslog

here's a simple iptables script (for single interface setup) you can use to log dropped input packets in case you don't have any firewall script right now:

Code:

#!/bin/sh

IPT="/usr/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT

/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

that script will drop and log all input packets which are not related to any connection you have established yourself from your machine... just save the script as /etc/rc.d/rc.firewall and it will be run when you reboot... remember you'll need to make the file executable with a "chmod 755"... you can also execute it manually if you don't wanna reboot...

once the firewall script is running and you are close to the 20 minute mark, open a terminal, become root, and do a:

tail /var/log/syslog

the "tail" command will give you a "real-time" view of the dropped packets that are getting logged by the firewall... all you gotta do is look and see what's the last ones to get dropped before you loose contact (if any) and post them here... if you wanna look at ALL the dropped packets just do a:

cat /var/log/syslog | grep "INPUT DROP"

here's the script above, but with explanations (comments) in case you are wondering what the lines mean:
Code:

#!/bin/sh

# THE LOCATION OF YOUR IPTABLES COMMAND:
IPT="/usr/sbin/iptables"

# LET'S DISABLE FORWARDING CUZ THIS ISN'T A ROUTER:
echo "0" > /proc/sys/net/ipv4/ip_forward

# LET'S SET THE INPUT CHAIN'S DEFAULT POLICY TO DROP:
$IPT -P INPUT DROP

# LET'S ALLOW ALL OUTPUT:
$IPT -P OUTPUT ACCEPT

# LET'S LOAD THE MODULES NEEDED TO MAKE FTP AND IRC WORK WITH CONNTRACK:
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

# LET'S ALLOW ALL INPUT COMING FROM OURSELVES:
$IPT -A INPUT -i lo -j ACCEPT

# LET'S ALLOW ALL INPUT PACKETS BELONGING TO CONNECTIONS
# WHICH WE ESTABLISHED OURSELVES:
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# LET'S LOG ANY OTHER INPUT PACKETS BEFORE THEY GET DROPPED BY THE
# INPUT CHAIN'S DEFAULT POLICY OF "DROP" WHICH WE HAVE SET ABOVE:
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

this is a good link to info about iptables in case you wanna read-up on it:

http://www.linuxguruz.com/iptables/

also, because it's possible the issue might not be your firewall after all, it would be helpful if you would post your modem's brand and model, as well as the URL to the driver you are using and a brief description of how you installed it...

good luck...

linmith 01-29-2005 09:49 AM

OK, thanks. I'm trying it just now, I'll let you know what results I get.

win32sux 01-29-2005 09:54 AM

roger that

linmith 01-29-2005 10:37 AM

Well, it's been 45 minutes and I still have the connection! Not that I'm complaining of course, it's just a little strange that it should be so variable.

Anyway, /var/log/syslog | grep "INPUT DROP" produced A LOT of information, 300+ lines, so I don't think I'll be posting it. But here is the tail /var/log/syslog information:

Code:

bash-2.05b# tail /var/log/syslog
Jan 29 16:23:50 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=207.44.158.97 DST=62.69.53.237 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=57085 DF PROTO=TCP SPT=39323 DPT=7198 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0
Jan 29 16:23:50 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=207.44.158.97 DST=62.69.53.237 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=37176 DF PROTO=TCP SPT=40499 DPT=6826 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0
Jan 29 16:24:54 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=62.69.54.90 DST=62.69.53.237 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=46657 DF PROTO=TCP SPT=3136 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Jan 29 16:31:07 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=62.147.7.97 DST=62.69.53.237 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=31154 DF PROTO=TCP SPT=2012 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=1
Jan 29 16:31:11 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=62.147.7.97 DST=62.69.53.237 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=31512 DF PROTO=TCP SPT=2012 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0
Jan 29 16:32:03 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=62.69.125.197 DST=62.69.53.237 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=65515 DF PROTO=TCP SPT=2231 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 29 16:32:06 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=62.69.125.197 DST=62.69.53.237 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=500 DF PROTO=TCP SPT=2231 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 29 16:32:09 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=62.150.176.13 DST=62.69.53.237 LEN=28 TOS=0x00 PREC=0x00 TTL=110 ID=34902 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=58199
Jan 29 16:33:23 darkstar bonobo-activation-server (robert-1712): iid OAFIID:BrokenNoType:20000808 has a NULL type
Jan 29 16:33:23 darkstar bonobo-activation-server (robert-1712): invalid character '#' in iid 'OAFIID:This#!!%$iid%^$%_|~!OAFIID_ContainsBadChars'

I can post a section of /var/log/syslog | grep "INPUT DROP" if you'd like, but I'm not sure which parts to post since there was so much.

win32sux 01-29-2005 10:58 AM

it's cool, you don't need to post everything... basically the most important parts are the packets dropped right before the connection is lost...

let's keep it under observation for a little while to see how things go...

i might have a theory in case the problem has disappeared by using the firewall script... but let's wait and see how things go first...

meanwhile, please post the output of this (the whole thing) right after a fresh startup:

Code:

ps aux

linmith 01-29-2005 11:34 AM

Here you go:

Code:

sh-2.05b$ ps aux
USER      PID %CPU %MEM  VSZ  RSS TTY      STAT START  TIME COMMAND
root        1  5.4  0.0  480  240 ?        S    17:29  0:04 init [3]
root        2  0.0  0.0    0    0 ?        S    17:29  0:00 [keventd]
root        3  0.0  0.0    0    0 ?        SN  17:29  0:00 [ksoftirqd_CPU0]
root        4  0.0  0.0    0    0 ?        S    17:29  0:00 [kswapd]
root        5  0.0  0.0    0    0 ?        S    17:29  0:00 [bdflush]
root        6  0.0  0.0    0    0 ?        S    17:29  0:00 [kupdated]
root        10  0.0  0.0    0    0 ?        S<  17:29  0:00 [mdrecoveryd]
root        11  0.0  0.0    0    0 ?        S    17:29  0:00 [kreiserfsd]
root        61  0.0  0.1  1404  592 ?        Ss  17:29  0:00 /usr/sbin/syslogd
root        64  0.0  0.0  1344  448 ?        Ss  17:29  0:00 /usr/sbin/klogd -
root      145  0.0  0.0    0    0 ?        S    17:29  0:00 [knodemgrd_0]
root      181  0.0  0.0    0    0 ?        S    17:29  0:00 [khubd]
root      1298  0.0  0.1  1376  520 ?        Ss  17:30  0:00 /usr/sbin/inetd
root      1301  0.0  0.2  3140 1408 ?        Ss  17:30  0:00 /usr/sbin/sshd
root      1312  0.0  0.0  1456  512 ?        S    17:30  0:00 /usr/sbin/crond -
daemon    1314  0.0  0.1  1464  616 ?        Ss  17:30  0:00 /usr/sbin/atd -b
root      1317  0.0  0.3  4884 2056 ?        Ss  17:30  0:00 sendmail: accepti
smmsp    1320  0.0  0.3  4788 1940 ?        Ss  17:30  0:00 sendmail: Queue r
root      1333  0.0  0.0  1384  452 ?        Ss  17:30  0:00 /usr/sbin/gpm -m
robert    1335  0.1  0.2  2656 1536 tty1    Ss  17:30  0:00 -sh
root      1336  0.0  0.0  1336  468 tty2    Ss+  17:30  0:00 /sbin/agetty 3840
root      1337  0.0  0.0  1336  468 tty3    Ss+  17:30  0:00 /sbin/agetty 3840
root      1338  0.0  0.0  1336  468 tty4    Ss+  17:30  0:00 /sbin/agetty 3840
root      1339  0.0  0.0  1336  468 tty5    Ss+  17:30  0:00 /sbin/agetty 3840
root      1340  0.0  0.0  1336  468 tty6    Ss+  17:30  0:00 /sbin/agetty 3840
robert    1352  0.0  0.2  2376 1208 tty1    S+  17:30  0:00 /bin/sh /usr/X11R
robert    1364  0.0  0.1  2156  628 tty1    S+  17:30  0:00 xinit /home/rober
root      1365  5.8  4.8 159688 24996 ?      S    17:30  0:00 X :0
robert    1369  1.0  0.5  5180 3024 tty1    S    17:30  0:00 /usr/X11R6/bin/fl
robert    1384  6.8  2.0 21928 10540 ?      Rs  17:30  0:00 gnome-terminal
robert    1386  6.2  0.6  5088 3416 ?        S    17:30  0:00 /usr/libexec/gcon
robert    1388  1.2  0.5  5328 2848 ?        Ss  17:30  0:00 /usr/libexec/bono
robert    1389  0.0  0.1  1976  632 ?        S    17:30  0:00 gnome-pty-helper
robert    1390  0.5  0.2  2616 1456 pts/0    Ss  17:30  0:00 sh
robert    1391  0.0  2.0 21928 10540 ?      S    17:30  0:00 gnome-terminal
robert    1392  0.0  2.0 21928 10540 ?      S    17:30  0:00 gnome-terminal
robert    1393  0.0  0.1  2280  792 pts/0    R+  17:31  0:00 ps aux


win32sux 01-29-2005 11:39 AM

cool, i'll take a look at the processes in a little bit...

oh, and by the way, in my post above when i mentioned "tail" i forgot to post the "-f" option...

using "tail" on it's own will output the last 10 lines and exit, but doing a "tail -f" is what will give you the "real-time" output... the "-f" stands for follow... sorry 'bout that...

tail -f /var/log/syslog

linmith 01-29-2005 12:19 PM

Well, I just lost the connection after about 6 minutes, and here's what the tail -f /var/log/syslog had to say:

Code:

Jan 29 18:14:11 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=66.93.164.72 DST=62.69.52.122 LEN=28 TOS=0x00 PREC=0x00 TTL=242 ID=55851 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=24722

win32sux 01-29-2005 12:37 PM

Quote:

Originally posted by linmith
Well, I just lost the connection after about 6 minutes, and here's what the tail -f /var/log/syslog had to say:

Code:

Jan 29 18:14:11 darkstar kernel: INPUT DROP: IN=ppp0 OUT= MAC= SRC=66.93.164.72 DST=62.69.52.122 LEN=28 TOS=0x00 PREC=0x00 TTL=242 ID=55851 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=24722

if that happened right before the connection was lost then we might have something here...

that's a "ping" which was blocked by your firewall...

maybe your ISP does "ping probes", killing connections for hosts that don't send an echo reply...

add a rule allowing pings and then re-run the script... here you go (the rule is in bold):

Code:

#!/bin/sh

IPT="/usr/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT

/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 8 -m state --state NEW -j ACCEPT
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

that will let your machine be pinged...

now we can wait and see if that did the trick...

my fingers are crossed...

=)

win32sux 01-29-2005 12:59 PM

as for the processes you are running:

these are the ones which should be deactivated unless you really need them:

Quote:

Originally posted by linmith
root 1298 0.0 0.1 1376 520 ? Ss 17:30 0:00 /usr/sbin/inetd
root 1301 0.0 0.2 3140 1408 ? Ss 17:30 0:00 /usr/sbin/sshd
root 1317 0.0 0.3 4884 2056 ? Ss 17:30 0:00 sendmail: accepti
smmsp 1320 0.0 0.3 4788 1940 ? Ss 17:30 0:00 sendmail: Queue r

basically it's just inetd, sendmail, and sshd...

you can stop them from getting auto-started by using pkgtool... just run pkgtool (as root), go into "Setup", select "Services" and hit okay... then remove the Xs from the boxes for rc.sshd, rc.sendmail, and rc.inetd and then okay and okay and exit... now the processes shouldn't get started when you reboot...

PS: i also suggest deactivating gpm if you don't use it... i don't think there's an entry for it in the "services" section of pkgtool, but you can disable it by making the rc.gpm file non-exectable with this command:
Code:

chmod 644 /etc/rc.d/rc.gpm

linmith 01-29-2005 01:47 PM

I don't think that new script worked, I was being disconnected after only a few minutes while I was using it. One thing I've noticed since then, is that incomming traffic seems to stop before outgoing. I've been keeping an eye on my gkrellm monitor and it seems that data is still being transferred out of my computer even after I can't recieve any more. I don't know what that means for me though.

Phew...this is getting a bit tedious, I'm sorry to keep bothering you with the same old story, but thanks for your help so far.

linmith 01-29-2005 02:44 PM

I just noticed something else in the tail -f /var/log/syslog readout. Something called a 'fifo underrun' happens when I am disconnected. I have no idea what that means, does it mean anything to you? Or anyone else?

Code:

Jan 29 20:42:46 darkstar kernel: st7554: fifo underrun!
Jan 29 20:43:17 darkstar last message repeated 15411 times

Those times are near enough exactly when it stoped transferring data.


All times are GMT -5. The time now is 09:31 AM.