There's a few notes below, but I think that removing DNSSEC requirements
from the DNS server might have sorted it.
Does that make sense? It was causing a metric shedload of error messages.
Steve
On 08/06/15 09:09, C. Falconer wrote:
steve wrote on 06/06/15 17:00:
Am nearing wits end... been away on hols for a month and my network
performance has plummeted.
The best way of describing the problem is that you need to refresh a
web page before you get any content. In addition, bulk loading across
a VPN ( eg scp ) fails regularly.
Basic design of network: 'firewall' server runs fail2ban and links
upstream ADSL to local wireless and wired subnets. It also provides
DNS ( caching server ), DHCP, OpenVPN etc services.
I initially thought it was a DNS problem, and have migrated from the
local ( Voda ) DNS servers to OpenDNS, having briefly tried Googles
resolvers on the way. No improvement.
Any thoughts on what I can try to identify the real problem? My
thought is that the GCSB are involved somewhere along the line, but
as a SysAdm I am paid to be paranoid!
OK - honestly I have no idea.... but I agree with Fraser in that
"random weird stuff" does often have root causes in DNS or MTU. But
you've appeared to rule them out.
So, cut the problem up.
1) Does the link test as slow when from the firewall box, as opposed
to a client machine?
If no then its a local network thing - isolate between wired
and wireless clients
If yes, then its an internet link.
OK, I'm testing this as we speak as I don't have a GUI and want to test
like for like. Download speeds are not a problem generally, I usually
manage to crank over 1MB/s from anywhere not wirelessly connected.
Interestingly, if I try to start up firefox via ssh -X to the
'firewall', it starts a new session up on the local workstation if ff is
running on that, and vv.
2) How's the neighbour's speeds? Do they have Chorus ADSL?
No idea really. We generally get good service over here, probably due to
the odd MP living locally (:
3) Have you got any other ADSL routers to swap out? Its not unknown
for the hardware to just start dying from rubbish on the wire,
specially if its not completely urban.
The venerable 12 year old speedtouch doesn't seem to make any
appreciable difference.
4) Have you spoken with your ISP about getting line tests done? They
can do a 2 or 24 hour line test and monitor the stats from your DSL
link, which should give some indication of the DSL's performance. You
can continue to use it like normal for the test period too.
Like I say, the line seems to be fine, once the traffic is flowing.
5) From memory you're in Diamond Harbour, so pretty SOOL for anything
like fibre. Would you have line of sight to Marleys hill? Probably
not. Would you entertain the thought of a wireless link across the
water? Do you know anyone in Lyttelton with fibre and LOS to your
place ?
Yes, I'm over the water,unfortunately round the corner too. I'm not too
sure what wireless propagates like over water... last time I read up,
the bounces caused problems. However, with these 3 aerialed thingies,
that shouldn't be a problem nowadays???
6) If you want to investigate further, do a tcpdump -i any -nn
-w poorlink.pcap -vv -s 1500
on your firewall, while testing from the internal host. Do something
to exhibit the problem, and then email me the pcap off list.
7) Finally, apply all windows updates, upgrade flash, java and acrobat
reader, do a antivirus scan and a malware scan, and restart your
computer.
Wash your mouth out (:
--
CF
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
