Re: DHCP and multiple netsegments

From: MONZ (monz@danbbs.dk)
Date: Mon Oct 23 2000 - 10:24:18 EST

Next message: Peter De Schrijver: "SMSC 91c96 chipset"
Previous message: Jason Meyering: "RE: ftp login prompt appears after a long time"
In reply to: MONZ: "Re: DHCP and multiple netsegments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

MONZ wrote:
>
> Bernd Eckenfels wrote:
> >
> > In article <39F2CF2F.F71BE884@danbbs.dk> you wrote:
> > > Another thing is funny: ipchains -L takes a l-o-n-g time to finish
> > > showing up masqueraded nets in the forward chain; they get through
> > > one by one, 10-20 secs apart. Definitely seems related.
> >
> > it is a nameserver issue, use -L -n
>
> Not sure. The setup at my customer doesn't differ that much from my own,
> except for two things: Here I am running a caching nameserver, and have
> dhcp on only one netsegment, so I never used dhcrelay.

Did away with dhcrelay, and of course dhcp still worked.

Nameresolution still sucks; I simply don't understand what's going on.
If I restart network, inet and firewall, the first few hits comes
blazing through; after that clients sometimes get through, sometimes get
the nameresolution done, but the site doesn't load, and remaining
attempts simply times out, or so it seems.
_Any_ attempts right from the firewall, using lynx, goes right through.

Ipchains -L goes right through now, though.

Could it be a routing problem? The five segments are:
eth0: 10.10.0.0/16 3c509TX DHCP, few slow clients
eth1: 10.0.0.0/16 DFE570TX DMZ<->inet-router
eth2: 10.1.0.0/16 DFE570TX Servers (when everything works)
eth3: 10.12.0.0/16 DFE570TX DHCP, clients
eth4: 10.13.0.0/16 DFE570TX DHCP, clients

Yes, the firewall default router is set to eth1.
As a test, I tried disabling the 3c509TX, though all interfaces do have
separate IRQ's and I/O.
I also tried setting a client up with fixed IP# and so forth, alos tried
using different nameservers, no change.
Resolv.conf contains search domain.dk and three nameservers at the ISP.

Gee, I dunno what next to test... Except shutting down interfaces to
have only the DMZ and one segment.

-- 
Regards,
              Mogens Valentin
    Networking - Security - Programming
  Linux configuration and troubleshooting
http://www.danbbs.dk/~monz - monz@danbbs.dk
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org

Next message: Peter De Schrijver: "SMSC 91c96 chipset"
Previous message: Jason Meyering: "RE: ftp login prompt appears after a long time"
In reply to: MONZ: "Re: DHCP and multiple netsegments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Oct 23 2000 - 21:00:25 EST