Some strange connection timeout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Messaggio
Hi all, I am a rather newbie in firewall issues.
 
I have noticed this little problem: I am installing a network with some linux-boxes-router for a little sized firm in my hometown.
 
These boxes have a ADSL router connected to an ethernet card and an ISDN internal modem for backup purpose.
Every remote office have one of this boxes to connect its LAN to the central headquarters LAN via a VPN tunnel.
 
Every box at startup tries if the ADSL is up pinging a sure Ip server, and if it's so it tries to establish a VPN connection to headquarters.  After this it tries to ping a server in the HQ lan, and nothing happens since the HQ server continues responding to pings (like an heartbeat).
 
If the HQ server stops responding to pings it tries to ping a sure server on the internet and if there's no response it realizes adsl is down, dials the ISDN provider and  try to connect via VPN to the HQ.
 
Let's come to the problem : after the ADSL is fallen, ISDN is set up and the VPN is established, for a couple of minutes the server in the HQ lan is not 'ping'able.
 
Routing is OK, (I must changes routing tables after the interface swap),  firewall rules are (IMHO) ok, but server starts responding only after some time.
 
There 's some kind of timeout, perhaps a cached value that must become stale, but I can't realize if the problem comes from the DNS or ARP cache or the ip_conntrack table.
 
I tried to clear both caches, using ip_dynaddr, using SNAT or MASQUERADING, lowering the timeouts values in proc/sys/net/ipv4/route/gc* files, but I can't work around the problem.
 
Thanks a lot and every help is truly appreciated.
 
Hi all
 

------------------------------------------------------------
 Tiziano Arbizzani - Area Tecnica / Sviluppo SW
DIGIBYTE SERVIZI E SISTEMI INFORMATICI
------------------------------------------------------------
  Assistenza - Vendita - Consulenza - Formazione
 Networking - Internetworking - Internet Provider
------------------------------------------------------------
  via Marziale, 9 - 40128 - Bologna (Italia)
 Tel. +39 051 6388614 Fax +39 051 323735
  www.powerstation.it - digibyte@xxxxxxxxxxxxxxx
Appliance Server CubeLibre       www.cubelibre.it

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux