rexhsu
n00b
Joined: 22 Mar 2004
Posts: 3
|
 Posted: Fri Jan 07, 2005 4:36 am Post subject: some website(ip) cant surfered,help |
 |
|
software:
----------
kernel 2.4.26-gentoo-r14
rp-pppoe 3.5-r2
ppp 2.4.2-r9
shorewall-2.2.0-RC3
introduction
----------
My company shares a adsl(pppoe) connection. I use gentoo to be our internet gateway. I use rp-pppoe to dail, use shorewall to be my firewall.
The gateway has 2 nics. One connected to adsl modem(eth1). Another connected to lan segment(eth0).
| Code: |
gateway root # ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0E:0C:59:1D:02
inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:76055 errors:0 dropped:0 overruns:0 frame:0
TX packets:73199 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9211812 (8.7 Mb) TX bytes:32316895 (30.8 Mb)
Interrupt:7 Base address:0xb000
eth1 Link encap:Ethernet HWaddr 00:B0:D0:69:C0:9F
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:72769 errors:0 dropped:0 overruns:1 frame:0
TX packets:70864 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34451459 (32.8 Mb) TX bytes:8854483 (8.4 Mb)
Interrupt:7 Base address:0xec00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1713 errors:0 dropped:0 overruns:0 frame:0
TX packets:1713 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130040 (126.9 Kb) TX bytes:130040 (126.9 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:61.XXX.XXX.XXX P-t-P:218.1.1.253 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:72343 errors:0 dropped:0 overruns:0 frame:0
TX packets:70457 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:32828299 (31.3 Mb) TX bytes:7251731 (6.9 Mb)
tun0 Link encap:Point-to-Point Protocol
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
| Code: |
#***********************************************************************
#
# pppoe.conf
#
# Configuration file for rp-pppoe. Edit as appropriate and install in
# /etc/ppp/pppoe.conf
#
# NOTE: This file is used by the adsl-start, adsl-stop, adsl-connect and
# adsl-status shell scripts. It is *not* used in any way by the
# "pppoe" executable.
#
# Copyright (C) 2000 Roaring Penguin Software Inc.
#
# This file may be distributed under the terms of the GNU General
# Public License.
#
# LIC: GPL
# $Id: pppoe.conf,v 1.10 2002/04/09 17:28:38 dfs Exp $
#***********************************************************************
# When you configure a variable, DO NOT leave spaces around the "=" sign.
# Ethernet card connected to ADSL modem
ETH='eth1'
# ADSL user name. You may have to supply "@provider.com" Sympatico
# users in Canada do need to include "@sympatico.ca"
# Sympatico uses PAP authentication. Make sure /etc/ppp/pap-secrets
# contains the right username/password combination.
# For Magma, use xxyyzz@magma.ca
USER='adXXXXXX'
# Bring link up on demand? Default is to leave link up all the time.
# If you want the link to come up on demand, set DEMAND to a number indicating
# the idle time after which the link is brought down.
DEMAND=no
#DEMAND=300
# DNS type: SERVER=obtain from server; SPECIFY=use DNS1 and DNS2;
# NOCHANGE=do not adjust.
DNSTYPE=NOCHANGE
# Obtain DNS server addresses from the peer (recent versions of pppd only)
# In old config files, this used to be called USEPEERDNS. Changed to
# PEERDNS for better Red Hat compatibility
PEERDNS=no
DNS1=202.96.209.5
DNS2=202.96.209.133
# Make the PPPoE connection your default route. Set to
# DEFAULTROUTE=no if you don't want this.
DEFAULTROUTE=yes
### ONLY TOUCH THE FOLLOWING SETTINGS IF YOU'RE AN EXPERT
# How long adsl-start waits for a new PPP interface to appear before
# concluding something went wrong. If you use 0, then adsl-start
# exits immediately with a successful status and does not wait for the
# link to come up. Time is in seconds.
#
# WARNING WARNING WARNING:
#
# If you are using rp-pppoe on a physically-inaccessible host, set
# CONNECT_TIMEOUT to 0. This makes SURE that the machine keeps trying
# to connect forever after adsl-start is called. Otherwise, it will
# give out after CONNECT_TIMEOUT seconds and will not attempt to
# connect again, making it impossible to reach.
CONNECT_TIMEOUT=30
# How often in seconds adsl-start polls to check if link is up
CONNECT_POLL=2
# Specific desired AC Name
ACNAME=
# Specific desired service name
SERVICENAME=
# Character to echo at each poll. Use PING="" if you don't want
# anything echoed
PING="."
# File where the adsl-connect script writes its process-ID.
# Three files are actually used:
# $PIDFILE contains PID of adsl-connect script
# $PIDFILE.pppoe contains PID of pppoe process
# $PIDFILE.pppd contains PID of pppd process
#
# NB: When adsl-start is called from net.eth0, PIDFILE is overruled by
# a Gentoo patch to adsl-start to allow proper shutdown of devices
# even when configuration changes. In that case, the PIDFILE setting
# here has no effect.
CF_BASE=`basename $CONFIG`
PIDFILE="/var/run/$CF_BASE-adsl.pid"
# Do you want to use synchronous PPP? "yes" or "no". "yes" is much
# easier on CPU usage, but may not work for you. It is safer to use
# "no", but you may want to experiment with "yes". "yes" is generally
# safe on Linux machines with the n_hdlc line discipline; unsafe on others.
SYNCHRONOUS=no
# Do you want to clamp the MSS? Here's how to decide:
# - If you have only a SINGLE computer connected to the ADSL modem, choose
# "no".
# - If you have a computer acting as a gateway for a LAN, choose "1412".
# The setting of 1412 is safe for either setup, but uses slightly more
# CPU power.
CLAMPMSS=1412
#CLAMPMSS=no
# LCP echo interval and failure count.
LCP_INTERVAL=20
LCP_FAILURE=3
# PPPOE_TIMEOUT should be about 4*LCP_INTERVAL
PPPOE_TIMEOUT=80
# Firewalling: One of NONE, STANDALONE or MASQUERADE
FIREWALL=NONE
# Linux kernel-mode plugin for pppd. If you want to try the kernel-mode
# plugin, use LINUX_PLUGIN=/etc/ppp/plugins/rp-pppoe.so
LINUX_PLUGIN=/usr/lib/pppd/2.4.2/rp-pppoe.so
# Any extra arguments to pass to pppoe. Normally, use a blank string
# like this:
PPPOE_EXTRA=""
# Rumour has it that "Citizen's Communications" with a 3Com
# HomeConnect ADSL Modem DualLink requires these extra options:
# PPPOE_EXTRA="-f 3c12:3c13 -S ISP"
# Any extra arguments to pass to pppd. Normally, use a blank string
# like this:
PPPD_EXTRA=""
########## DON'T CHANGE BELOW UNLESS YOU KNOW WHAT YOU ARE DOING
# If you wish to COMPLETELY overrride the pppd invocation:
# Example:
# OVERRIDE_PPPD_COMMAND="pppd call dsl"
# If you want adsl-connect to exit when connection drops:
# RETRY_ON_FAILURE=no
|
situation
----------
Sometimes the ip I got, I can surf all the websites. But sometimes I redailed and got another ip, I cant surf some websites (such as www.oracle.com,www.sourceforge.net). This situation is random. IP must not be banned by websites.
When I cant surf sourcforge. I just do some diags.
ping www.sourceforge.net -----> request timeout
| Code: |
gateway root # traceroute www.sourceforge.net
traceroute to sourceforge.net (66.35.250.203), 30 hops max, 40 byte packets
1 218.1.1.253 (218.1.1.253) 6.982 ms 10.304 ms 7.224 ms
2 218.1.63.45 (218.1.63.45) 7.879 ms 7.575 ms 48.795 ms
3 218.1.4.33 (218.1.4.33) 78.538 ms 13.237 ms 9.580 ms
4 218.1.1.130 (218.1.1.130) 7.869 ms 7.830 ms 7.856 ms
5 202.101.63.242 (202.101.63.242) 7.615 ms 7.377 ms 8.102 ms
6 202.97.33.86 (202.97.33.86) 105.493 ms 142.803 ms 106.705 ms
7 202.97.51.102 (202.97.51.102) 530.929 ms 526.370 ms 534.109 ms
8 * * *
9 * * *
|
then I use another normal adsl line(same city) to traceroute:
| Code: |
E:\Documents and Settings\Administrator>tracert www.sourceforge.net
Tracing route to www.sourceforge.net [66.35.250.203]
over a maximum of 30 hops:
1 3 ms 1 ms <1 ms 192.168.100.1
2 9 ms 20 ms 20 ms 218.1.1.252
3 8 ms 9 ms 8 ms 7ge2-ip-xz-016.online.sh.cn [218.1.63.65]
4 27 ms 9 ms 8 ms 218.1.9.1
5 12 ms 9 ms 9 ms 218.1.0.194
6 9 ms 9 ms 9 ms 202.101.63.242
7 92 ms 111 ms 89 ms 202.97.33.86
8 484 ms 456 ms * 202.97.51.106
9 762 ms 775 ms 759 ms aer1-gigabitethernet4-4.LosAngeles.savvis.net [2
08.173.55.197]
10 774 ms * 759 ms dcr1-ae1-0.LosAngeles.savvis.net [208.172.47.1]
11 754 ms 755 ms 759 ms dcr2-loopback.SanFranciscosfo.savvis.net [206.24
.210.100]
12 760 ms 765 ms 769 ms bhr1-pos-0-0.SantaClarasc8.savvis.net [208.172.1
56.198]
13 748 ms 741 ms 755 ms csr1-ve243.SantaClarasc8.savvis.net [66.35.194.5
0]
14 * 756 ms 755 ms 66.35.212.174
15 775 ms 780 ms 788 ms sourceforge.net [66.35.250.203]
Trace complete.
|
I am puzzled why I reconnected and got another ip I cant surfed some sites. Sure, I havent changed any settings. I have thought of the mtu/mss problem. But as I know if mtu/mss problem, it should ping successfully but cant surf the site or tell me fragmention needed. As now told me request timeout.
ALL DIAGS MADE ON THE GATEWAY ITSELF.
any helps will be appreciated! |
|
Networking & Security
