wan hangs, lan works

From: Fritz Thielemann (fthielem@de.oracle.com)
Date: Mon Feb 14 2000 - 11:42:39 EST

Next message: Michael H. Warfield: "Re: Windows interface for CVS?"
Previous message: Voitenko, Denis: "Windows interface for CVS?"
Next in thread: Alan Cox: "Re: wan hangs, lan works"
Reply: Alan Cox: "Re: wan hangs, lan works"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi friends,

we have a linux-server running within our coporate network.
if we using it within our lan (decentral segment) everthings works fine.

if someone tries to connect over the wan connection (like ras or from
another country organisations router) it sometimes shows no life signs.
then we
pinging witin the lan and the server answers (from lan and from wan).
only ten
minutes later same proc as ...

some infos behind the scene:

kernel 2.2.5-15 (red hat 6.0)
netoptions section of kernel params
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_FIREWALL=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y

#
# Protocol-specific masquerading support will be built as modules.
#
CONFIG_IP_MASQUERADE_ICMP=y

#
# Protocol-specific masquerading support will be built as modules.
#
# CONFIG_IP_ROUTER is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPGRE_BROADCAST=y
# CONFIG_IP_MROUTE is not set
CONFIG_IP_ALIAS=y
CONFIG_SYN_COOKIES=y

#
# (it is safe to leave these untouched)
#
CONFIG_INET_RARP=m
CONFIG_SKB_LARGE=y

in our discussions the SYN_COOKIES part might be is interesting
(at system startup we setting TCP_SYNCOOKIES to 1 to enable the
protection)

we running a 3com905b network card (should be not the point of problem)

we have tried to make the machine secure as possible and turned all
ports and services
off except ssh, http and oracle db port (1521)

we have tried the following workaround (but this is really dirty):
a beside running sun pings every 5 mins the linux server

if you need more informations use fthielem@de.oracle.com (please cc to
speterse@de.oracle.com - in case I could't answer fast enough)

thanks for your help

text/x-vcard attachment: Card for Fritz Thielemann

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Michael H. Warfield: "Re: Windows interface for CVS?"
Previous message: Voitenko, Denis: "Windows interface for CVS?"
Next in thread: Alan Cox: "Re: wan hangs, lan works"
Reply: Alan Cox: "Re: wan hangs, lan works"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:36 EST