Re: [masq] clients can't see whole net

1999-02-11 Thread David A. Ranch 


For some clients, parts of the Internet disappear. you can't ping, ftp,
or http to some
adresses, while to others you can.
When I reboot my masq-gate, everything seems to turn back to normal.

Few Qs:

What linux kernel version?
IPFWADM or IPCHAINS?

Send a copy of:

- your masq setup script
- netstat -rn
- ifconfig

--David
..
|  David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED]  |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -'
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] clients can't see whole net

1999-02-10 Thread Fuzzy Fox 

Christoph Monig [EMAIL PROTECTED] wrote:

 For some clients, parts of the Internet disappear. you can't ping, ftp,
 or http to some
 adresses, while to others you can.

Are you using ipautofw?  It is known to cause symptoms similar to this,
if you use its features too aggressively.

 When I reboot my masq-gate, everything seems to turn back to normal.

You really should do more analysis rather than just reboot.  That way
you can find out what the problem is.  :)

My guess is that you are running out of ports.  Run the command

ipfwadm -M -l -n

and see how many connections are active at the time of the problem.  If
there are a large number of them, it means your masq box is being
overloaded with requests.  You can attempt to reduce them by reducing
the timeouts, as another poster suggested, but if you do, you run the
risk of long-term, idle connections being spontaneously disconnected
(such as a telnet session left idle for too long).

If most of your traffic is web-related (port 80), you may consider
running a transparent-proxy version of Squid, to multiplex the
connections without using the masq layer.

You might also consider rebuilding your kernel with a larger number of
masq ports, but I would try that only after determining the source of
the problem.  You may simply have an over-aggressive client behind your
network (such as GameSpy) which uses up all the ports because it
continually disconnects and reconnects.  If so, then stop running the
naughty client.  :)

-- 
   [EMAIL PROTECTED] (Fuzzy Fox)  || "Nothing takes the taste out of peanut
sometimes known as David DeSimone  ||  butter quite like unrequited love."
  http://www.dallas.net/~fox/  ||   -- Charlie Brown
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] clients can't see whole net

1999-02-10 Thread Matthew McGehrin 

On 9 Feb 99, at 14:19, Christoph Monig wrote:

 For some clients, parts of the Internet disappear. you can't ping, ftp,
 or http to some  adresses, while to others you can.
 When I reboot my masq-gate, everything seems to turn back to normal.
 My setuip is an Ethernet device for my LAN and a ppp-dialout to the
 Internet.

How many clients are using your masq-gate at the same time? 

Which Linux are you running?

Initially, I would check your timers, if alot of clients are connecting, 
I would make it less.

I have been using the following, it works fine for a "home-network" 
and also a "busy-office-network".

# timeouts
# 15 minutes for tcp, 5 mins - after a fin, 10 mins  for udp
/sbin/ipfwadm -M -s 900 300 600

I forget what the "default" values are. 

-- Matthew


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]