Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
I'll be the first one to admit I am not a Linux expert, but I've run fast Linux servers in the past without any issues like this before. A brief ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2005
    Posts
    5

    Linux Network Slowing down more by the day ?


    I'll be the first one to admit I am not a Linux expert, but I've run fast Linux servers in the past without any issues like this before.

    A brief description of my network setup.
    I am running a local network connected to a broadband connection. I have the Cable Modem going to a router, which simply goes into a non-secure windows PC and a Linux server (RedHat 9), which is using iptables as a firewall for my local network. The Linux machine is not a beast. It is a 366 Intel Celeron with 1 gig of Ram. The hard drive has at least 40 gigs of free space.

    Brief description of my problem:
    I can do traces to an outside IP (www.yahoo.com for example) and the longest periods of time are always when my linux box tries to connect with the Router connected to the firewall. It seems to lose about 1/3 of the packets and IF a page loads up, it often has pages with "no data" or other errors associated with bad packets. That said, Once i am connected to the outside world, I can stream audio without any problems. When i try to send files to anyone using FTP the connection goes at a full 1k and often times out, where as I can initiate the same transfer on the non-secure windows box and it will send at a minimum of 30k.

    I realize this is a very general question, but I'm open to any and all suggestions. I know the 366 isn't very fast, but the network seems to be getting slower by the day. Please help

  2. #2
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    This sounds more or less like a FULL / HALF Duplex issue, since you do loose a lot of network packets. Check your SOHO-FW if you are able to switch between FULL / HALF duplex, if you are, try first 100Mbps/FULL Duple, if you still fail, try 100Mbps/HALF duplex. If still a bad connection, you should try the more final option, which is 10Mpbs/HALF Duplex.

    Oh, yeah, you should set this at the internal interface, not the external/wan interface. Or you could try that as well.

  3. #3
    Linux Engineer rong's Avatar
    Join Date
    Feb 2005
    Location
    California
    Posts
    803

    Re: Linux Network Slowing down more by the day ?

    Quote Originally Posted by my357magnum
    I'll be the first one to admit I am not a Linux expert, but I've run fast Linux servers in the past without any issues like this before.

    A brief description of my network setup.
    I am running a local network connected to a broadband connection. I have the Cable Modem going to a router, which simply goes into a non-secure windows PC and a Linux server (RedHat 9), which is using iptables as a firewall for my local network. The Linux machine is not a beast. It is a 366 Intel Celeron with 1 gig of Ram. The hard drive has at least 40 gigs of free space.

    Brief description of my problem:
    I can do traces to an outside IP (www.yahoo.com for example) and the longest periods of time are always when my linux box tries to connect with the Router connected to the firewall. It seems to lose about 1/3 of the packets and IF a page loads up, it often has pages with "no data" or other errors associated with bad packets. That said, Once i am connected to the outside world, I can stream audio without any problems. When i try to send files to anyone using FTP the connection goes at a full 1k and often times out, where as I can initiate the same transfer on the non-secure windows box and it will send at a minimum of 30k.

    I realize this is a very general question, but I'm open to any and all suggestions. I know the 366 isn't very fast, but the network seems to be getting slower by the day. Please help
    Have you got a spare Router you can test? Spare NIC?

  4. #4
    Just Joined!
    Join Date
    Apr 2005
    Posts
    5
    I went through and removed all of the non critical network options and removed iptables in place of firestarter, as someone suggested. The removal of those other services and the replacement of iptables did not resolve the problem.

    I will try swapping out the network cards tonight as Rong suggested, but before I do, I will test the duplex mode as Swemic suggested. I believe it is set to 100Mbps/HALF duplex.

    The internal network goes as follows:

    1. Cable Modem goes into a Simple Router using NAT and DHCP.
    2. That connection is split into the Windows Box and the Linux Box using a new IP range. (Simply by surfing the internet using those two computers alone the time it takes to load cnn.com for example is shockingly different. The Windows Machine loads it nearly instantly, and the linux machine chugs along slowly, often getting a "Page contains no Data" error. )
    3. The Linux Firewall uses NAT and DHCP to split the connection into a second IP Range. The output of the linux box goes into a wireless router.
    4. The wireless Router, also using NAT and DHCP is the final step where all of the secured computers reside on a third IP Range.


    I have not been able to get the Wireless router to provide IP addresses for the connected computers without using a DHCP or NAT. I have also been unable to provide the Wireless router an IP address without using DHCP and NAT on the Linux server.

    I hope that clears up some confusion for those of you willing to help with this issue

  5. #5
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    Quote Originally Posted by my357magnum
    I will try swapping out the network cards tonight as Rong suggested, but before I do, I will test the duplex mode as Swemic suggested. I believe it is set to 100Mbps/HALF duplex.
    This could be the faulty point in your network, you should try to set both adapters into 100Mbps/FULL duplex.
    If one interface is set to Full duplex and the other to Half, you would probably have a Link establish, but you will have tons of re-transmissions due to missing packets, and in the nature of Ethernet when you have a lot of re-transmission it is considered as some fault device.

    Quote Originally Posted by my357magnum
    The internal network goes as follows:

    1. Cable Modem goes into a Simple Router using NAT and DHCP.
    2. That connection is split into the Windows Box and the Linux Box using a new IP range. (Simply by surfing the internet using those two computers alone the time it takes to load cnn.com for example is shockingly different. The Windows Machine loads it nearly instantly, and the linux machine chugs along slowly, often getting a "Page contains no Data" error. )
    3. The Linux Firewall uses NAT and DHCP to split the connection into a second IP Range. The output of the linux box goes into a wireless router.
    4. The wireless Router, also using NAT and DHCP is the final step where all of the secured computers reside on a third IP Range.
    This IP range you are talking about, is it the same range to both your Windows box as it is to you Linux box? Aonther thing here as well, it is never a good practice to do a double NAT, as you infact do from yor above description. This can cause some faulty session-tables in your first or second NAT handler. Could be the cause as well.

    Quote Originally Posted by my357magnum
    I have not been able to get the Wireless router to provide IP addresses for the connected computers without using a DHCP or NAT. I have also been unable to provide the Wireless router an IP address without using DHCP and NAT on the Linux server.

    I hope that clears up some confusion for those of you willing to help with this issue
    Hmm! Nope, this last did not clear up my mind, what exactly are you trying to acomplish here? You want your Wireless router to get an IP from your Linux box, and then also act lika a DHCP provider?

    I would infact not use any kind of NAT handler between your two networks, I would only set up a traditional FW (if even that, you should do fine with a router between then unless you really don't trust the networks), and use standard IP-tables for state-full inspection only.

  6. #6
    Just Joined!
    Join Date
    Apr 2005
    Posts
    5
    Upon inspection last night :
    1. Both cards were at 100Mbps/Full Duplex.
    2. I swapped NICS, but No change in speeds.
    I can rule out hardware at this point *I think*

    The IP Ranges are the DHCP IPs. The ranges are 192.168.0.# for the Initial Split from the cable modem, 192.168.1.# from the Linux Firewall to the Wireless Router, and 192.168.2.# for the Wireless Network. All of the Subnet masks are 255.255.255.0 on all of those networks.

    Perhaps NAT is the problem, but I don't know how to Turn off NAT on the RedHat Server. Ultimately I would like to have the Initial router split up the IPs using NAT and DHCP to provide IPs for the Windows and RedHat boxes, then have the Linux box perform all of the DHCP and Firewalling from that point on for the secure network. I only need to use NAT at the top level router, but for some reason I can't get DHCP to work without using NAT on the Redhat box ( I may probably not doing something right ), and from what I can tell I need to have DHCP enabled on the wireless router in order for it to provide IP addresses for the wireless connections.

    Im am currently performing NAT at each Router level.

    I appreciate the help.

  7. #7
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    Ok! Well, all you have to do is to start the "routed" deamon, and voila, you will have a non NAT:ed router. All your router configurations will be done by the standard "route add -net x.x.x.x gw x.x.x.x"

  8. #8
    Just Joined!
    Join Date
    Apr 2005
    Posts
    5
    I'll try that tonight and let you know if that fixes it.

  9. #9
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    Just realized that I forgott to tell you, you should and shall also disable all IPTABLES on your Linux before you start your "routed".
    Also you need to set up routing in your broadband router/fw as well.

  10. #10
    Just Joined!
    Join Date
    Apr 2005
    Posts
    5
    How do I ensure that routed starts before iptables or firestarter upon bootup?

    Also, what type of routing do you suggest for the broadband router? I think its currently setup correctly. The broadband routers only purpose is to provide NAT so that I can use my ISP IP address for more than one computer. I don't want to block any traffic at that level via Firewall or Port Forwarding.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •