Need network _guru_. Very strange problem - SOLVED

seatec · n00b Joined: 05 Jul 2003 Posts: 50 Location: Munich.de

Hi everyone

At home I run a linux 2.x router that does NAT to the outside world, providing my little home lan with internet access. A 10/100Mbit switch (can't be configured) keeps the network together. Here's my problem:
I decided my new gentoo was ready to replace my old main machine. So I shut both down, unplugged them, switched their places, and plugged them back in(the network cables are still on the same place, so cable 1 is in machine 2 now and vice versa). While the old system booted back up and worked fine on the new place, my gentoo did not.
It got an IP from the dhcpd(the router), it can ping into the lan and into the internet(so routing is correct). If I telnet into my lan it works, too. if I telnet into the internet, it times out. Why??? I didn't change a thing. Also, smbclient does not work anymore all of a sudden. it times out too(in my lan).
Does anyone have any idea what might cause this effect???
(Hint: There's no firewall configured in the gentoo)

seatec

neuron · Advocate Joined: 28 May 2002 Posts: 2371

well do you have the NAT properly set up?

it doesen't NAT per default...

"It got an IP from the dhcpd(the router), it can ping into the lan and into the internet(so routing is correct)."
you also need to allow forwarding of packets from the lan to internet..

linux_weenie · Guru Joined: 25 Jun 2003 Posts: 365

are you using cable? with my smoothwall setup at home i have two network card one for the modem and the other for my dhcp and routing. is the router the gentoo box or the old machine? and if i understand correctly you are trying to configure the new gentoo box to be the router? if so why is the gentoo box taking in dhcp if its the router?
-Will
_________________
There are only 10 types of people in the world. Those who understand binary and those who don't.

seatec · n00b Joined: 05 Jul 2003 Posts: 50 Location: Munich.de

Hi again

All together I have about 6 machines here. The router is the same for about 2 years, and it will stay the same. All machines have a fine internet connection provided by that NAT gateway. Within the internal network, I setup a new gentoo, which didn't have network problems for the last 2 week (since I installed it). Now that I moved it physically, I can't get online anymore. Well, not tcp at least. Ping works, namelookup works(with a nameserver within the internet). I just can't telnet/ssh/http/anything-tcp out.

seatect

neuron · Advocate Joined: 28 May 2002 Posts: 2371

ohhh, I thought you were replacing your gateway :p, nevermind me then

kashani · Posted: Wed Jul 30, 2003 11:32 pm Post subject:

I'd guess MAC address caching wackiness. Try rebooting the switch if you attempt it again.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

seatec · n00b Joined: 05 Jul 2003 Posts: 50 Location: Munich.de

I'm still debugging. I rebooted gentoo, switch and gateway. I sniffed both interfaces of the gateway. the problem is definitively the gentoo. while the whole lan sees that the gentoo sends a SYN, and the gateway receives and forwards the SYN/ACK back to the gentoo, itself does not see it. I sniffed from the gentoo, and from anotehr box. the gentoo didn't see the SYN/ACK. Right now I'm compilng a kernel and hope to solve the problem that way.

seatec

seatec · n00b Joined: 05 Jul 2003 Posts: 50 Location: Munich.de

SOLVED

I compiled a new kernel, now everything works fine again. The kernel that gave me headaches was:
2.4.20-gentoo-r5
I now run a vanilla 2.4.20. Everything is back to normal. I still have no clue wtf was wrong. Apparently the kernel was the problem.
Where to submit substantial bugs?

seatec

devon · l33t Joined: 23 Jun 2003 Posts: 943

Gentoo Bugzilla. Can you re-create the problem? I am using 2.4.20-gentoo-r5 and have no problems.

Cthulu23 · n00b Joined: 27 Aug 2002 Posts: 8

Check to see if explicit congestion notification (ECN) is selected in your kernel config. I've had machines that didn't speak ECN completely ignore traffic from one of my mail servers that did. This is especially likely if the traffic is hitting older / misconfigured firewalls (but not on your home network, of course).

seatec · n00b Joined: 05 Jul 2003 Posts: 50 Location: Munich.de

thx for the hint devon. I submitted the bug. I didn't try to re-create the problem, but I try to rebuild the same kernel again later and test it once more.

Cthulhu23:
# CONFIG_INET_ECN is not set
Thats from the kernel config. I suppose thats the option that you were refering to.

I'll post an update later today when I tested the old kernel once more.

I wonder wether the problem is related to my onboard gigabit ethernet nic, a 3com 3c940. maybe the driver is buggy?

seatec

Cthulu23 · n00b Joined: 27 Aug 2002 Posts: 8

To see if ECN is your problem, repeat your sniff of the traffic. Check the flags on the SYN/ACK that your box ignores to see if ECN is enabled.