[SLE] Masquerading and DHCP in 6.3
I have looked throug a few months of list archives to see if this problem was discussed and though I find quite a few messages on masquerading and/or dhcp, I did not see any discussion of the problem that I have. After installation of 6.3, I tried to get masquerading to work but had to go to the SuSE support database. There was an article stating that I needed to use the new firewals package. I installed this but that was not enough. Only because someone had posted to this group earlier did I find that the firewals package was bad and required upgrade. This got masquerading working but I found that the masquerading dies after several hours or a day. Rebooting does not recover it. At the end of the reboot, there is a firewall error message stating that the eth0 interface is defective. I discovered that if I edit rc.config to make START_FW="no", reboot, the network will function again and I can then make START_FW="yes" and reboot to get the firewall/masquerading to work again. This only works for a few more hours and then the same problem. Any ideas of what is happening? Damon Register -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I use ipchains and it is solid beyond belief. I don't think you need to reboot as much. "SuSEconfig" will reinitialize changes to rc.config and "init 1" and "init 2" will toggle the network down and up after changes. here's some links for you: http://www.rustcorp.com/linux/ipchains/HOWTO.html http://www.bb-zone.com/FWHowTo/ At 05:21 PM 3/5/00 -0500, you wrote:
I have looked throug a few months of list archives to see if this problem was discussed and though I find quite a few messages on masquerading and/or dhcp, I did not see any discussion of the problem that I have.
After installation of 6.3, I tried to get masquerading to work but had to go to the SuSE support database. There was an article stating that I needed to use the new firewals package. I installed this but that was not enough. Only because someone had posted to this group earlier did I find that the firewals package was bad and required upgrade. This got masquerading working but I found that the masquerading dies after several hours or a day. Rebooting does not recover it. At the end of the reboot, there is a firewall error message stating that the eth0 interface is defective. I discovered that if I edit rc.config to make START_FW="no", reboot, the network will function again and I can then make START_FW="yes" and reboot to get the firewall/masquerading to work again. This only works for a few more hours and then the same problem.
Any ideas of what is happening?
Damon Register
_____________________________________________________ Daniel Woodard daniel.woodard@extricate.com design@mindspring.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Daniel Woodard wrote:
I use ipchains and it is solid beyond belief.
I don't think you need to reboot as much. "SuSEconfig" will reinitialize changes to rc.config and "init 1" and "init 2" will toggle the network down and up after changes.
here's some links for you:
http://www.rustcorp.com/linux/ipchains/HOWTO.html http://www.bb-zone.com/FWHowTo/
At 05:21 PM 3/5/00 -0500, you wrote:
I have looked throug a few months of list archives to see if this problem was discussed and though I find quite a few messages on masquerading and/or dhcp, I did not see any discussion of the problem that I have.
After installation of 6.3, I tried to get masquerading to work but had to go to the SuSE support database. There was an article stating that I needed to use the new firewals package. I installed this but that was not enough. Only because someone had posted to this group earlier did I find that the firewals package was bad and required upgrade. This got masquerading working but I found that the masquerading dies after several hours or a day. Rebooting does not recover it. At the end of the reboot, there is a firewall error message stating that the eth0 interface is defective. I discovered that if I edit rc.config to make START_FW="no", reboot, the network will function again and I can then make START_FW="yes" and reboot to get the firewall/masquerading to work again. This only works for a few more hours and then the same problem.
Any ideas of what is happening?
Could your ISP be changing your IP address every 10 hours? This would probably cause your firewall to fall over... Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Chris Reeves wrote:
Daniel Woodard wrote:
I use ipchains and it is solid beyond belief.
Was my question unclear? I did not mention ipchains. Yes, I know that ipchains is used in masquerading and firewalling.
http://www.rustcorp.com/linux/ipchains/HOWTO.html http://www.bb-zone.com/FWHowTo/ I am aware of these already and that is not what I need.
Could your ISP be changing your IP address every 10 hours? This would probably cause your firewall to fall over... Thanks Chris for your answer. It seems to be more on topic. It is possible that they are doing that but I am not really sure. I checked the address yesterday and today after recovering from another failure but the address is the same. Can the ISP force a renewal but the new address might be the same? If so, would this cause the firewall to die as you mention? My Bellsouth ADSL connection is VERY unreliable and dies quite often. Perhaps this forces the address renewal?
Damon Register -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Damon Register wrote:
After installation of 6.3, I tried to get masquerading to work but had to go to the SuSE support database. There was an article stating that I needed to use the new firewals package. I installed this but that was not enough. Only because someone had posted to this group earlier did I find that the firewals package was bad and required upgrade. This got masquerading working but I found that the masquerading dies after several hours or a day. Rebooting does not recover it. At the end of the reboot, there is a firewall error message stating that the eth0 interface is defective. I discovered that if I edit rc.config to make START_FW="no", reboot, the network will function again and I can then make START_FW="yes" and reboot to get the firewall/masquerading to work again. This only works for a few more hours and then the same problem.
http://www.rustcorp.com/linux/ipchains/HOWTO.html http://www.bb-zone.com/FWHowTo/
I am aware of these already and that is not what I need.
Could your ISP be changing your IP address every 10 hours? This would probably cause your firewall to fall over...
Thanks Chris for your answer. It seems to be more on topic. It is possible that they are doing that but I am not really sure. I checked the address yesterday and today after recovering from another failure but the address is the same. Can the ISP force a renewal but the new address might be the same? If so, would this cause the firewall to die as you mention? My Bellsouth ADSL connection is VERY unreliable and dies quite often. Perhaps this forces the address renewal?
When you get the IP address, the ISP usually gives a time until you must renew the address. In my case this is around 1800s, although it does give me the same IP all the time. This shouldn't cause the firewall any problems as the IP doesn't change.
From what you've said, it doesn't look like this is the problem, sorry :(
Does this firewall failure correspond at all to your ADSL connection failing? Hope you're getting somewhere, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Chris Reeves writes:
Damon Register wrote:
After installation of 6.3, I tried to get masquerading to work but had to go to the SuSE support database. There was an article stating that I needed to use the new firewals package. I installed this but that was not enough. Only because someone had posted to this group earlier did I find that the firewals package was bad and required upgrade. This got masquerading working but I found that the masquerading dies after several hours or a day. Rebooting does not recover it. At the end of the reboot, there is a firewall error message stating that the eth0 interface is defective. I discovered that if I edit rc.config to make START_FW="no", reboot, the network will function again and I can then make START_FW="yes" and reboot to get the firewall/masquerading to work again. This only works for a few more hours and then the same problem.
http://www.rustcorp.com/linux/ipchains/HOWTO.html http://www.bb-zone.com/FWHowTo/
I am aware of these already and that is not what I need.
Could your ISP be changing your IP address every 10 hours? This would probably cause your firewall to fall over...
Thanks Chris for your answer. It seems to be more on topic. It is possible that they are doing that but I am not really sure. I checked the address yesterday and today after recovering from another failure but the address is the same. Can the ISP force a renewal but the new address might be the same? If so, would this cause the firewall to die as you mention? My Bellsouth ADSL connection is VERY unreliable and dies quite often. Perhaps this forces the address renewal?
I have Bellsouth ADSL, and I had some reservations about it at first, but it turns out to be better than most. I had a problem exactly as you describe. I would get increasingly poor performance for about 4-10 hours on average, finally it would get to the point where it would not even push data through the ADSL modem. Somebody had suggested that I change from kernel-2.2.10 to >= 2.2.13. I do not know what the problem was, I wish I do, but it fixed it. I can guess it was some sort of timing skew problem. As for ADSL being unreliable, I have noticed that Bellsouth's nameservers are very congested, and I would experience hours of outage. I simply setup a caching only namserver and this problem is fixed as well. If none of these help, then contact your ADSL provider and have them check your connection. The installer for ours did a crappy job of syncing with the POP. The Bellsouth technician fixed us right up, but their customer support is real crappy. Call'em up and tell them you have a problem with ADSL, they don't know what it is, but they won't admit it unless you confront them. Believe me I know. jlm -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
chris.reeves@iname.com
-
design@mindspring.com
-
dregiste@bellsouth.net
-
jlm@compgen.com