Router intermittently failing

Posted by nomen on Super User See other posts from Super User or by nomen
Published on 2012-10-28T16:40:56Z Indexed on 2012/10/28 17:04 UTC
Read the original article Hit count: 213

Filed under:
|
|

My old Asus router died a few weeks ago, so I thought I'd set up my Debian box to deal with routing my home network. I have a few complications, but I adapted my configuration from a previously working configuration, and I don't see why I am having intermittent problems. But I am having them! Every so often, my SSH connections to the router (and to the Xen virtual machines hosted by the router) just drop. I am unable to use the router's dns server. I can't ping the router. Etc. All of these things work most of the time, but break down intermittently, for a few minutes at a time. (I can provide more details, but I'm not sure what will be helpful)

/etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# Gigabit ethernet, internal network
auto eth0
allow-hotplug eth0
iface eth0 inet manual

# USB ethernet, internet
auto eth1
allow-hotplug eth1
iface eth1 inet dhcp

# Xen Bridge
auto xlan0
iface xlan0 inet static
  bridge_ports eth0
  address   10.47.94.1
  netmask   255.255.255.0

As I understand it, this is sufficient to create the network interfaces, and even do some switching between Xen hosts and my eth0 interface. I installed and configured Shorewall to manage routing between the bridge and my internet-facing interface:

/etc/shorewall/zones

fw    firewall
net   ipv4
lan   ipv4

/etc/shorewall/interfaces

net     eth1            detect          dhcp,tcpflags,nosmurfs,routefilter,logmartians
lan     xlan0           detect dhcp,tcpflags,nosmurfs,routefilter,logmartians,routeback,bridge

/etc/shorewall/policy

net all DROP info
fw net ACCEPT info
all all REJECT info

/etc/shorewall/rules

DNS(ACCEPT) fw net
DNS(ACCEPT) lan fw
Ping(ACCEPT) lan fw
... and so on, these all work, when the router is accepting traffic at all.

/etc/shorewall/masq

eth1                    10.47.94.0/24

Also, the router is currently "working", and I checked on a problematic client:

arp infrastructure
infrastructure.mydomain (10.47.94.1) at 0:23:54:bb:7d:ce on en0 ifscope [ethernet]

I tried it when the router was down, and I (eventually) got the same response. It took about 30 seconds to return, though.

© Super User or respective owner

Related posts about networking

Related posts about router