This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Astaro install, spotty internet connectivity

Hey, everybody.  I'm a first-time Astar installee, and I'm having some problems with the product.  I'll describe my problem first, then inundate you with specs and data [:)]

After my install, I set up my interfaces, set up my NAT/masquerading, and set up a basic packet filter rule.  I can ping web sites both by IP and by name all day long, no problem.  I can also receive mail, no problem.  Browsing web sites, however, is problematic.  About half of the web sites I visit fail to ever show anything in my browser window (although I can ping them fine).  The other half VEERY SLOOOOWLY resolve the page's text and empty image placeholders, then eventually just time out.

(Fortunately, for some reason, the Astaro site is working perfectly.  Go figure.)

I can plug one of my client computers directly into the Internet and get super-fast normal browsing, so I think the problem behavior is in the Astaro box.

Hardware:
Intel P3/500MHz
256MB RAM
ETH0 & ETH1: Netgear FA311 (DP83815 controller)

Network goes Internet (Earthlink cable) -> Astaro box -> Linksys BEFSR81 with all router functionality/DHCP/everything disabled (just acting as a switch) -> computers

Eth0: 10.10.10.1 / 255.255.255.0, Gateway: 10.10.10.1
Eth1: 24.238.168.11 / 255.255.252.0, Gateway: 24.238.168.1

My Network = 10.10.10.0/24

Masq:
My Network -> All / All   MASQ__External

Packet rule:
My Network / Any / Any / Allow

Any help would be appreciated--other than this, I love the product!

This thread was automatically locked due to age.

Parents

0 pokrface over 22 years ago

More information:

I appear to have no inbound bandwidth--that appears to be the reason why web pages resolve to text and tables very quickly, but images timeout.  Some quick-n-dirty testing shows that I'm getting less than 1KB/sec of download bandwidth.

Plugging my computer directly into the cable modem and physically bypassing the Astaro box yields normal speeds.

Interestingly, upload bandwidth doesn't appear to be affected.  I can FTP a file to an Internet site at ~60KB/sec (which is normal for my cable modem connection), but my download bandwidth is all wonked up.

Interesting.  Weird, but interesting.

edit -- This is with 2048 specified in the external ethernet bandwidth options.
Cancel
Vote Up 0 Vote Down

Cancel
0 cyclops over 22 years ago in reply to pokrface

pokrface,

sounds like a mtu problem. The following link describes the problem and offers a solution.

http://www.cisco.com/warp/public/794/router_mtu.html

Hope that does the trick
cyclops

Have to add that you it shouldn't be nescessary to change any interface parameter on Astaro itself.
Cancel
Vote Up 0 Vote Down

Cancel
0 pokrface over 22 years ago in reply to pokrface

Engaging the web proxy (transparent or normal) results in slightly improved performance.  I can actually see most web pages, instead of most web pages just timing out.  However, images still mostly time out and web performance is still slow--like, worse than 56k modem slow.  I can't give any numbers, because speed tests (like the one at DSLReports) just time out and give up.

edit--Ooooh, the DSLReports speed test actually DID complete!  It looks like my upload bandwidth is 340KBps, and my download bandwith is 9bps.  Yeah, that's right, nine BITS per second.

I can type faster than that.  [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 22 years ago in reply to pokrface

Try taking the router/swith out altogether just for testing if you can.

Have you tried downloading something using an FTP client and seen what speed you are getting on the download ?

Possibly try a different NIC ?
Cancel
Vote Up 0 Vote Down

Cancel
0 pokrface over 22 years ago in reply to Simon Shaw

I can't take the router/switch out of the equation because I don't have another hub handy, nor do I have a crossover cable. I can borrow a hub from work tomorrow for testing, though.

FTP yields the same results as HTTP--full upload bandwidth, nearly nonexistant download bandwidth.

I don't have any other NICs to test with, though I can try to scrounge something from a buddy. Should I put new NICs in the firewall and re-install, or in my PC instead?
Cancel
Vote Up 0 Vote Down

Cancel
0 cyclops over 22 years ago in reply to pokrface

pokrface,

packets from the internal network can be read at the external interface, this means that the internal network is also physically connected to the external.
However this cannot work so you have to dissolve this loop. Best way to eliminate this error would be to use a crossover cable to the modem/router or whatever.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel
0 pokrface over 22 years ago in reply to cyclops

Cyclops,

I'm not sure I understand. Do you mean that I should connect my cable modem to my external NIC with a crossover cable, or that I should connect my internal NIC to my switch with a crossover cable, or that I should connect my internal NIC directly to a test computer with a crossover cable?

Currently, I have my cable modem connected to my external NIC with a regular cable, and then my internal NIC connected to my switch (not to an uplink port, but to a regular port) with a regular cable, and then my internal network computers also connected to the switch. Is this incorrect?
Cancel
Vote Up 0 Vote Down

Cancel
0 pokrface over 22 years ago in reply to pokrface

I've borrowed a crossover cable from work and have connected my test PC directly to my Astarobox's internal NIC, thus eliminating the Linksys router/switch from the picture, and there has been no change in the problem behavior.
Cancel
Vote Up 0 Vote Down

Cancel
0 celtic6969 over 22 years ago in reply to pokrface
[ QUOTE ]
Cyclops,

I have a pair of kernel logs files; one for today and one for yesterday (I guess that makes sense, since I set everything up yesterday!)

Both log files have a LOT of entries that look like this:

Code:

Aug 23 20:46:38 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00
SRC=10.55.128.1 DST=255.255.255.255 LEN=346 TOS=0x00 PREC=0x00 TTL=255 ID=25745
PROTO=UDP SPT=67 DPT=68 LEN=326

I have an entry like that occuring roughly every three seconds, all day long.  A tracert to anywhere goes from my box to my Astaro box to 10.55.128.1 and then out onto the public internet, so I'm assuming that the 10.55 box is a piece of equipment belonging to my internet provider.  I'm on cable, so it's not a DSLAM or anything like that, but it's gotta be some kind of cable-modem equivalent.

Today's logs have much the same thing in them.  I do have a few instances of "SPOOF" showing up this morning and this morning only; specifically, entries that look like this:

Code:

Aug 24 10:47:23 (none) kernel: IP-SPOOFING Drop: IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:08:c7[:D]b:a4[:D]4:08:00
SRC=24.238.170.230 DST=239.255.255.250 LEN=161 TOS=0x00 PREC=0x00 TTL=1 ID=16 PROTO=UDP
SPT=3011 DPT=1900 LEN=141

What should I do to correct my network/address setup?

I believe I do have multiple gateways assigned--I check that under Network -> Interfaces, correct?  If so, my External NIC has the gateway assigned by the cable modem company through DHCP, and my internal NIC has the Astarobox's address as the gateway.

However, I just changed that from static/192.168.1.1 to None, and it does not appear to have affected my internet performance.

[/ QUOTE ]

The first kernel message refers to bootp / dhcp requests and the second is some type of multicast application - if that means anything to you.

I would try checking layer1 and 2  first ... run "ifconfig -a" and check the following:  make sure that you aren't running any errors on the NIC cards , check the MTU is set correctly , and make sure you aren't running collisions if the NICS are "supposed" to be running full-duplex (if they are hdx then collisions are normal).

Allow traceroute through the firewall (using WebAdmin) , then run a tracert -d www.google.com and make sure there is no Layer3 / routing loop. You can also check the reponse / turnaround time at each hop.

If the Layer1-2-3 all appear OK , I would check the Proxy settings on ASL ... try using transparent ... enable / disable caching ... enable / disable Java blocking ect. Also make sure that you don't have a proxy set in IE / Netscape (if you are using transparent proxy in ASL)

Hope that helps.
Cancel
Vote Up 0 Vote Down

Cancel
0 pokrface over 22 years ago in reply to celtic6969
I would try checking layer1 and 2 first ... run "ifconfig -a" and check the following: make sure that you aren't running any errors on the NIC cards , check the MTU is set correctly , and make sure you aren't running collisions if the NICS are "supposed" to be running full-duplex (if they are hdx then collisions are normal).

I don't speak *nix too well, but I'm currently downloading Putty so that I can ssh into the box directly and try ifconfig.  Mozilla reports that the 348KB download will be done in four hours.  I should probably plug the cable modem directly into my computer and stop torturing myself, but it's so mind-blowing to see download times the likes of which I've not run into since my BBS days... [:)]

The NICs should be full duplex...at least, I haven't messed with any configuration options to change whatever Astaro auto-configured.

A tracert from my test box to google yields the following...
Code:

Tracing route to www.google.com [216.239.33.99]
over a maximum of 30 hops:

  1

...which looks kosher to me.

I am already using transparent proxy, since it seems to help a little bit with the web (it makes most pages at least start to download, instead of most pages timing out).  Fiddling with cache and java options produce no changes in the problem behavior.
Cancel
Vote Up 0 Vote Down

Cancel
0 celtic6969 over 22 years ago in reply to pokrface

Try posting your interface stats .... Goto : WebAdmin --> Reporing --> Network.
Cancel
Vote Up 0 Vote Down

Cancel

0 pokrface over 22 years ago in reply to celtic6969

Interface stats:

Code:


Total concurrent connections - Overview of the day
Maximum: 285 Average: 16 Current: 4

External - Network traffic - Overview of the day
Max  In:  	91720 Bits/s  	   	Avg  In:  	64136 Bits/s  	   	Cur  In:  	64920 Bits/s
Max Out:  	16120 Bits/s  	   	Avg Out:  	648 Bits/s  	   	Cur Out:  	128 Bits/s

Internal - Network traffic - Overview of the day
Max  In:  	19560 Bits/s  	   	Avg  In:  	760 Bits/s  	   	Cur  In:  	88 Bits/s
Max Out:  	307496 Bits/s 	  	Avg Out:  	8208 Bits/s 	  	Cur Out:  	88 Bits/s


System Interfaces
eth0      Link encap:Ethernet  HWaddr 00:09:5B:1F:2B:91  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1360  Metric:1
          RX packets:12487 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18582 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:11 Base address:0x7000 

eth1      Link encap:Ethernet  HWaddr 00:09:5B:1F:2A:A9  
          inet addr:24.238.168.11  Bcast:255.255.255.255  Mask:255.255.252.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1360  Metric:1
          RX packets:2030158 errors:1355 dropped:0 overruns:0 frame:2710
          TX packets:7910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:10 Base address:0x9000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5481 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5481 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 

ARP table
 	

Address			HWtype	HWaddress	    Flags Mask		  Iface
192.168.1.110          	ether   00:08:C7[[:D]]B:A4[[:D]]4   C                     eth0
24.238.171.118         	ether   00:03:6C:4A:C4:70   C                     eth1
24.238.168.1           	ether   00:03:6C:4A:C4:54   C                     eth1


Local network connections
 	

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:15723         0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:12345         0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      
tcp        0      0 192.168.1.1:8080        192.168.1.110:2288      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2289      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2353      TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2354      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34099         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34100         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34132         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34101         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34133         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2357      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34102         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34134         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2358      TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34103         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34135         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34104         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2361      ESTABLISHED 
tcp        0      0 192.168.1.1:443         192.168.1.110:2372      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34106         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2362      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34107         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2363      TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34108         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2364      ESTABLISHED 
tcp        0      0 24.238.168.11:34127     128.242.218.125:80      ESTABLISHED 
tcp        0      0 24.238.168.11:34126     128.242.218.125:80      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34109         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2365      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2333      TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34110         TIME_WAIT   
tcp        0      0 127.0.0.1:34105         127.0.0.1:15723         TIME_WAIT   
tcp        0      0 24.238.168.11:34090     66.35.250.110:80        ESTABLISHED 
tcp        0      0 24.238.168.11:34079     66.35.250.110:80        ESTABLISHED 
tcp        0      0 24.238.168.11:34078     66.35.250.110:80        ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34111         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2367      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2368      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2336      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34112         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2337      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34113         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2370      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34114         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2306      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2371      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34115         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34116         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34117         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34118         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34119         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2344      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34120         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34121         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2346      TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2347      TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2349      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2317      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2286      ESTABLISHED 
tcp        0      0 127.0.0.1:34129         127.0.0.1:443           TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2318      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2287      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2351      ESTABLISHED 
udp        0      0 0.0.0.0:514             0.0.0.0:*                           
udp        0      0 0.0.0.0:32773           0.0.0.0:*                           
udp        0      0 0.0.0.0:32774           0.0.0.0:*                           
udp        0      0 0.0.0.0:161             0.0.0.0:*                           
udp        0      0 127.0.0.1:53            0.0.0.0:*                           
udp        0      0 0.0.0.0:67              0.0.0.0:*                           
udp        0      0 0.0.0.0:68              0.0.0.0:*                           
udp        0      0 127.0.0.1:3401          0.0.0.0:*                           
raw        0      0 0.0.0.0:1               0.0.0.0:*               7

There are probably a lot of 8080 connections locally because I'm running The Proxomitron on my local computer. However, I've already tried removing it and its presence or absence appears to have no affect on the problem at hand.

Reply

0 pokrface over 22 years ago in reply to celtic6969

Interface stats:

Code:


Total concurrent connections - Overview of the day
Maximum: 285 Average: 16 Current: 4

External - Network traffic - Overview of the day
Max  In:  	91720 Bits/s  	   	Avg  In:  	64136 Bits/s  	   	Cur  In:  	64920 Bits/s
Max Out:  	16120 Bits/s  	   	Avg Out:  	648 Bits/s  	   	Cur Out:  	128 Bits/s

Internal - Network traffic - Overview of the day
Max  In:  	19560 Bits/s  	   	Avg  In:  	760 Bits/s  	   	Cur  In:  	88 Bits/s
Max Out:  	307496 Bits/s 	  	Avg Out:  	8208 Bits/s 	  	Cur Out:  	88 Bits/s


System Interfaces
eth0      Link encap:Ethernet  HWaddr 00:09:5B:1F:2B:91  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1360  Metric:1
          RX packets:12487 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18582 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:11 Base address:0x7000 

eth1      Link encap:Ethernet  HWaddr 00:09:5B:1F:2A:A9  
          inet addr:24.238.168.11  Bcast:255.255.255.255  Mask:255.255.252.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1360  Metric:1
          RX packets:2030158 errors:1355 dropped:0 overruns:0 frame:2710
          TX packets:7910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:10 Base address:0x9000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5481 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5481 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 

ARP table
 	

Address			HWtype	HWaddress	    Flags Mask		  Iface
192.168.1.110          	ether   00:08:C7[[:D]]B:A4[[:D]]4   C                     eth0
24.238.171.118         	ether   00:03:6C:4A:C4:70   C                     eth1
24.238.168.1           	ether   00:03:6C:4A:C4:54   C                     eth1


Local network connections
 	

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:15723         0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:12345         0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      
tcp        0      0 192.168.1.1:8080        192.168.1.110:2288      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2289      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2353      TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2354      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34099         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34100         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34132         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34101         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34133         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2357      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34102         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34134         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2358      TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34103         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34135         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34104         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2361      ESTABLISHED 
tcp        0      0 192.168.1.1:443         192.168.1.110:2372      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34106         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2362      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34107         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2363      TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34108         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2364      ESTABLISHED 
tcp        0      0 24.238.168.11:34127     128.242.218.125:80      ESTABLISHED 
tcp        0      0 24.238.168.11:34126     128.242.218.125:80      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34109         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2365      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2333      TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34110         TIME_WAIT   
tcp        0      0 127.0.0.1:34105         127.0.0.1:15723         TIME_WAIT   
tcp        0      0 24.238.168.11:34090     66.35.250.110:80        ESTABLISHED 
tcp        0      0 24.238.168.11:34079     66.35.250.110:80        ESTABLISHED 
tcp        0      0 24.238.168.11:34078     66.35.250.110:80        ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34111         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2367      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2368      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2336      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34112         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2337      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34113         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2370      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34114         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2306      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2371      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34115         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34116         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34117         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34118         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34119         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2344      ESTABLISHED 
tcp        0      0 127.0.0.1:12345         127.0.0.1:34120         TIME_WAIT   
tcp        0      0 127.0.0.1:12345         127.0.0.1:34121         TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2346      TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2347      TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2349      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2317      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2286      ESTABLISHED 
tcp        0      0 127.0.0.1:34129         127.0.0.1:443           TIME_WAIT   
tcp        0      0 192.168.1.1:8080        192.168.1.110:2318      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2287      ESTABLISHED 
tcp        0      0 192.168.1.1:8080        192.168.1.110:2351      ESTABLISHED 
udp        0      0 0.0.0.0:514             0.0.0.0:*                           
udp        0      0 0.0.0.0:32773           0.0.0.0:*                           
udp        0      0 0.0.0.0:32774           0.0.0.0:*                           
udp        0      0 0.0.0.0:161             0.0.0.0:*                           
udp        0      0 127.0.0.1:53            0.0.0.0:*                           
udp        0      0 0.0.0.0:67              0.0.0.0:*                           
udp        0      0 0.0.0.0:68              0.0.0.0:*                           
udp        0      0 127.0.0.1:3401          0.0.0.0:*                           
raw        0      0 0.0.0.0:1               0.0.0.0:*               7

Children

0 celtic6969 over 22 years ago in reply to pokrface

Noticed some errors on your eth0 interface (are you sure your cable is not half-duplex ?)... please
1. ssh into your ASL box and post the following output:
netstat -i
netstat -s
more /proc/net/dev

2. While opening an http page or doing an ftp download , issue to the following command (and post output):
tail -15 /var/log/kernel

3. Test that your MTU is not set too high by using the following command on a Windows box on the inside network:

C:\>ping www.google.com -l 1360 -f -w 20000

Pinging www.google.com [216.239.51.99] with 1360 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

You shouldn't get the message above "Packet needs to be fragmented but DF set."

4. Check the ASL processor and Memory utilization on the WebAdmin --> Reports page to make sure they aren't being exhausted.

Regards
Cancel
Vote Up 0 Vote Down

Cancel

0 pokrface over 22 years ago in reply to celtic6969

netstat -i shows:
Code:


Kernel Interface table

Iface   MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg

eth0   1500   0     3062      0      0      0     3702      0      0      0 BRU

eth1   1492   0  6462128    587      0      0     5167      0      0      0 BNRU

lo    16436   0    13422      0      0      0    13422      0      0      0 LRU

netstat -s shows:
Code:


Ip:

    33231 total packets received

    1137 forwarded

    0 incoming packets discarded

    19452 incoming packets delivered

    21110 requests sent out

    2 outgoing packets dropped

Icmp:

    2389 ICMP messages received

    0 input ICMP message failed.

    ICMP input histogram:

        destination unreachable: 11

        timeout in transit: 1

        echo requests: 2373

        echo replies: 1

        timestamp request: 1

        address mask request: 1

    2419 ICMP messages sent

    0 ICMP messages failed

    ICMP output histogram:

        destination unreachable: 39

        time exceeded: 6

        echo replies: 2373

        timestamp replies: 1

Tcp:

    1301 active connections openings

    890 passive connection openings

    0 failed connection attempts

    0 connection resets received

    21 connections established

    12184 segments received

    13224 segments send out

    112 segments retransmited

    0 bad segments received.

    508 resets sent

Udp:

    5455 packets received

    10 packets to unknown port received.

    0 packet receive errors

    5535 packets sent

error parsing /proc/net/snmp: Success

I'm not sure what to post from the output of more /proc/net/dev, since it first failed to run. I punched in "cd.."--hey, it works in DOS!--and then tried agai, and it generated quite a long output. Here you go:
Code:


login as: loginuser

Sent username "loginuser"

loginuser@192.168.1.1's password:





Astaro Security Linux

(C) Copyrights by Astaro and by others 2000-2003.                               



loginuser@router:/home/login > netstat -i

Kernel Interface table

Iface   MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg

eth0   1500   0     3062      0      0      0     3702      0      0      0 BRU

eth1   1492   0  6462128    587      0      0     5167      0      0      0 BNRU

lo    16436   0    13422      0      0      0    13422      0      0      0 LRU

loginuser@router:/home/login > netstat -s

Ip:

    33231 total packets received

    1137 forwarded

    0 incoming packets discarded

    19452 incoming packets delivered

    21110 requests sent out

    2 outgoing packets dropped

Icmp:

    2389 ICMP messages received

    0 input ICMP message failed.

    ICMP input histogram:

        destination unreachable: 11

        timeout in transit: 1

        echo requests: 2373

        echo replies: 1

        timestamp request: 1

        address mask request: 1

    2419 ICMP messages sent

    0 ICMP messages failed

    ICMP output histogram:

        destination unreachable: 39

        time exceeded: 6

        echo replies: 2373

        timestamp replies: 1

Tcp:

    1301 active connections openings

    890 passive connection openings

    0 failed connection attempts

    0 connection resets received

    21 connections established

    12184 segments received

    13224 segments send out

    112 segments retransmited

    0 bad segments received.

    508 resets sent

Udp:

    5455 packets received

    10 packets to unknown port received.

    0 packet receive errors

    5535 packets sent

error parsing /proc/net/snmp: Success

loginuser@router:/home/login > more proc/net/dev

proc/net/dev: No such file or directory

loginuser@router:/home/login > loginuser@router:/home/login > netstat -i

bash: loginuser@router:/home/login: No such file or directory

loginuser@router:/home/login > Kernel Interface table

bash: Kernel: command not found

loginuser@router:/home/login > Iface   MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg

bash: Iface: command not found

loginuser@router:/home/login > eth0   1500   0     3062      0      0      0     3702      0      0      0 BRU

bash: eth0: command not found

loginuser@router:/home/login > eth1   1492   0  6462128    587      0      0     5167      0      0      0 BNRU

bash: eth1: command not found

loginuser@router:/home/login > lo    16436   0    13422      0      0      0    13422      0      0      0 LRU

Inter-|   Receive                                                |  Transmit

 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packe

ts errs drop fifo colls carrier compressed

    lo: 1061685   13472    0    0    0     0          0         0  1061685   134

72    0    0    0     0       0          0

  eth0:  492143    3497    0    0    0     0          0         0  2923112    40

54    0    0    0     0       0          0

  eth1:394831063 6491708  603    0    0  1206          0         0   551702    5

230    0    0    0     0       0          0

~

~

~

~

~

~

~

~

~

~

~

~

~

~

/proc/net/dev line 1/5 (END)

The tail command yields outputs the following:
Code:


router:/var/log # tail -15 /var/log/kernel

Aug 26 11:59:31 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=349 TOS=0x00 PREC=0x00 TTL=255 ID=20220 PROTO=UDP SPT=67 DPT=68 LEN=329

Aug 26 11:59:32 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20228 PROTO=UDP SPT=67 DPT=68 LEN=330

Aug 26 11:59:32 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20233 PROTO=UDP SPT=67 DPT=68 LEN=330

Aug 26 11:59:45 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20257 PROTO=UDP SPT=67 DPT=68 LEN=330

Aug 26 11:59:45 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20261 PROTO=UDP SPT=67 DPT=68 LEN=330

Aug 26 11:59:47 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=349 TOS=0x00 PREC=0x00 TTL=255 ID=20268 PROTO=UDP SPT=67 DPT=68 LEN=329

Aug 26 12:00:36 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=20364 PROTO=UDP SPT=67 DPT=68 LEN=308

Aug 26 12:00:37 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=20373 PROTO=UDP SPT=67 DPT=68 LEN=308

Aug 26 12:00:40 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=20383 PROTO=UDP SPT=67 DPT=68 LEN=308

Aug 26 12:00:44 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=20399 PROTO=UDP SPT=67 DPT=68 LEN=308

Aug 26 12:00:46 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20408 PROTO=UDP SPT=67 DPT=68 LEN=330

Aug 26 12:00:46 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20412 PROTO=UDP SPT=67 DPT=68 LEN=330

Aug 26 12:00:53 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=20429 PROTO=UDP SPT=67 DPT=68 LEN=308

Aug 26 12:01:02 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20455 PROTO=UDP SPT=67 DPT=68 LEN=330

Aug 26 12:01:02 (none) kernel: UDP Drop: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:6c:4a:c4:54:08:00 SRC=10.55.128.1 DST=255.255.255.255

   LEN=350 TOS=0x00 PREC=0x00 TTL=255 ID=20459 PROTO=UDP SPT=67 DPT=68 LEN=330

The ping command works normally:
Code:


Pinging www.google.com [216.239.53.99] with 1360 bytes of data:



Reply from 216.239.53.99: bytes=1360 time=65ms TTL=43

Reply from 216.239.53.99: bytes=1360 time=64ms TTL=43

Reply from 216.239.53.99: bytes=1360 time=66ms TTL=43

Reply from 216.239.53.99: bytes=1360 time=62ms TTL=43

And, finally, the processor and memory utilizations look good. Cpu is Maximum: 37% Average: 5% Current: 6%, memory is Maximum: 167763 kB Average: 144569 kB Current: 167712 kB (physical RAM is 256MB). No swap activity.

edit--readability