Thanks Eric I forgot this, in /var/log/messages there are several messages: ... Jul 2 09:19:34 firewall pppd[5337]: Couldn't increase MTU to 1500. Jul 2 09:19:34 firewall pppd[5337]: Couldn't increase MRU to 1500 ...
For avoid the preceding messages, I don´t know if uncommenting one of the following lines (mostly the third line) would help. #pty "pppoe -I eth0 -T 80 -m 1452" #pty "pppoe -I eth0 -T 80" #pty "pppoe -I eth0 -T 80 -m 1412" Would this help? I´m not in the firewall location now, so I can´t test it. The sintesis of problem is: 1. The problem allways happens when the firewall starts, the firewall sometimes connects well or sometimes not. 2. If the firewall connects well, it work so for hours without problem until shutdown. 3. There is allways a ppp0 interface. 4. It´s like a DNS or route problem. Could be dnscache the problem? Dnscache should start before shorewall? HH comments inline. > -----Mensaje original----- > De: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] nombre de eric wolzak > Enviado el: Miércoles, 02 de Julio de 2003 03:19 p.m. > Para: Herbert H hlke; Leaf User Mail List > Asunto: [leaf-user] Re: [leaf-user] Bering often doesn´t connect at > startup > > > Hello Herbert > I suppose you need a pppoe connection with pap > if the ppp0 is there than you have a connection. at least with your > provider, if the pppoe start wouldn't be successfull you don't have a ppp0 > interface. HH ppp0 is allways created. > > #comments to connections script inline. > > I wouldn't use my Providers dns ( but use dnscache) YMMV > to test if that is the problem, ping only the ip address of a server that > you know should be reachable. HH Yes, I changed it only for testing. I will use dnscache. HH With the ISP DNS IPs, ping www.yahoo.com returns the IP (the ISP DNS translates well), but yahoo.com doesn´t replies the pings. HH With dnscache, ping www.yahoo.com doesn´t return the IP and yahoo.com doesn´t replies the pings. HH So, it seems a dnscache or a route problem. Could it be? > > >I´m using Bering 1.1 floppy firewall. When the firewall starts, > the most of > >the times, the workstations don´t connect. I would appreciate if somebody > >could give a hint. I don´t know if the problem caused by the firewalll or > by > >my ISP. > >I check the connection with "ping www.yahoo.com" in the firewall. > >The operator has to restart the firewall until the workstations connect > >well. > >I have to use "ifdown ppp0" and "ifup ppp0" one or more times until the > >firewall connects well. > >I have set my ISP DNS IPs in /etc/resolv.conf, but the connection also > >fails. > > > >Even if the firewall connects or not, ppp0 is defined. The output of "ip > add > >show" allways is: > > > >3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > > link/ether 00:20:18:03:65:62 brd ff:ff:ff:ff:ff:ff > >4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > > link/ether 00:00:21:86:92:56 brd ff:ff:ff:ff:ff:ff > > inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1 > >5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc > pfifo_fast qlen 3 > > link/ppp > > inet 200.45.216.85 peer 200.3.62.137/32 scope global ppp0 > > > >and the "ip route show" is also the same with a good and a bad > connection: > >===== > >200.3.62.137 dev ppp0 proto kernel scope link src 200.45.216.85 > >192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 > >default via 200.3.62.137 dev ppp0 > >===== > > > >The daemon.logs are different with a good and a bad connection. > > > >Daemon.log with a GOOD connection at startup > >===== > >Jul 1 11:00:22 firewall pppd[10802]: rcvd [LCP ConfReq id=0x81 > <mru 1492> > ><auth pap> <magic 0x7fb977c3>] 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 > >Jul 1 11:00:22 firewall pppd[10802]: sent [LCP ConfAck id=0x81 > <mru 1492> > ><auth pap> <magic 0x7fb977c3>] > > # You agree to use pap > # and the authentication is succesfull > > >Jul 1 11:00:22 firewall pppd[10802]: rcvd [PAP AuthAck id=0x1 > ""] 00 00 00 > >00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 ... > >Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x1 <addr > >0.0.0.0>] > >Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfReq id=0x25 <addr > >200.3.62.137>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 00 > >Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfAck id=0x25 <addr > >200.3.62.137>] > >Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfNak id=0x1 <addr > >200.45.216.85>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 00 > >Jul 1 11:00:22 firewall pppd[10802]: sent [IPCP ConfReq id=0x2 <addr > >200.45.216.85>] > >Jul 1 11:00:22 firewall pppd[10802]: rcvd [IPCP ConfAck id=0x2 <addr > >200.45.216.85>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 00 > >Jul 1 11:00:22 firewall pppd[10802]: local IP address 200.45.216.85 > >Jul 1 11:00:22 firewall pppd[10802]: remote IP address 200.3.62.137 > # you got a remote and local IP > # and lcp pings are succesfull > > >Jul 1 11:00:25 firewall pppd[10802]: rcvd [LCP EchoReq id=0x1 > >magic=0x7fb977c3 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 > >Jul 1 11:00:25 firewall pppd[10802]: sent [LCP EchoRep id=0x1 > >magic=0x839a0621 68 6f 61 40] > >===== > > > >Daemon.log with a BAD connection at startup > >===== > >Jul 2 09:14:24 firewall pppd[5337]: rcvd [LCP EchoRep id=0x0 > >magic=0x847ea138] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 > # > # here the pap authentication was succesfull too. > > >Jul 2 09:14:24 firewall pppd[5337]: rcvd [PAP AuthAck id=0x1 > ""] 00 00 00 > >00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 ... > >Jul 2 09:14:24 firewall pppd[5337]: sent [IPCP ConfReq id=0x1 <addr > >0.0.0.0>] > >Jul 2 09:14:24 firewall pppd[5337]: rcvd [IPCP ConfReq id=0x19 <addr > >200.3.62.137>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 00 > >Jul 2 09:14:24 firewall pppd[5337]: sent [IPCP ConfAck id=0x19 <addr > >200.3.62.137>] > >Jul 2 09:14:24 firewall pppd[5337]: rcvd [IPCP ConfNak id=0x1 <addr > >200.82.32.224>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 00 > >Jul 2 09:14:24 firewall pppd[5337]: sent [IPCP ConfReq id=0x2 <addr > >200.82.32.224>] > >Jul 2 09:14:24 firewall pppd[5337]: rcvd [IPCP ConfAck id=0x2 <addr > >200.82.32.224>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 00 > >Jul 2 09:14:24 firewall pppd[5337]: local IP address 200.82.32.224 > >Jul 2 09:14:24 firewall pppd[5337]: remote IP address 200.3.62.137 > # > # you got your address and will have set your route. > # HH I think the route sets up good. HH 200.3.62.137 dev ppp0 proto kernel scope link src 200.45.216.85 HH 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 HH default via 200.3.62.137 dev ppp0 > > >Jul 2 09:14:28 firewall pppd[5337]: rcvd [LCP EchoReq id=0x1 > >magic=0x847ea138 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 > >Jul 2 09:14:28 firewall pppd[5337]: sent [LCP EchoRep id=0x1 > >magic=0x77aa3ee9 68 6f 61 40] > >Jul 2 09:14:38 firewall pppd[5337]: rcvd [LCP EchoReq id=0x2 > >magic=0x847ea138 00 00 00 00] 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >00 00 00 00 00 00 00 > # > # then a lot of successfull LCP pings are sent and received . > # > So your connection is setup to the route level. > The problem will probably not be in the pppd or pppoe system. > Did you set the clampmss HH Yes, CLAMPMSS = Yes > > Did you look at the connections you have after you put your router up. > If you have lots of clients that starts to game and request a server list, > you've got thousands of connections and that might just fill the nat-list. > after some time the traffic is becoming less , and you can use > the internet. > The same might occur by filesharing. HH No, there was no user connected at the moment of testing. > > Also > Check http://192.168.1.254 from an internal machine, look for current > connections. . HH Weblet wasn´t installed. I will install it and check the connections tomorrow. > ping a ip number from your firewall to look if it is a dns problem. > check back for further advice > > my 2eurocent ;) > > Eric Wolzak > member of the Bering Crew > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
