Board index Linux Networking

Strange network timeouts on iptables-firewall

Strange network timeouts on iptables-firewall

Post by toupei » Tue, 19 Oct 2004 23:13:09



Hi,

We recently set up a new linux firewall running Suse 9.1 Pro and
containing 5 NICs (all D-Link, 3x 550tx and 2x 530tx, using
sundance/via-rhine). This firewall sits between our main network
(mostly Windows-based) and our office.

We noticed that when copying big files from a server to a local
workstation via RDP or Citrix (on both W2k and W2k3 servers),
the transfer hangs about every 50 mb for up to a minute and then
goes on. Each time the following error appears in the logs (eth1
is the interface facing our office):

Oct  8 16:21:00 sofw kernel: NETDEV WATCHDOG: eth1: transmit timed out
Oct  8 16:21:00 sofw kernel: eth1: Transmit timed out, TxStatus 00
TxFrameId 0d, resetting...
Oct  8 16:21:00 sofw kernel: 00 0e23b000 0e23b010 00008001(00)
0ec5a0142 80000036
Oct  8 16:21:00 sofw kernel: 01 0e23b010 0e23b020 00008005(01)
09e59812 800005ea
Oct  8 16:21:00 sofw kernel: 02 0e23b020 0e23b030 00008009(02)
0dd46812 80000042
Oct  8 16:21:00 sofw kernel: 03 0e23b030 0e23b040 0000800d(03)
09b77812 80000036
Oct  8 16:21:00 sofw kernel: 04 0e23b040 0e23b050 00008011(04)
0dab2812 80000036
Oct  8 16:21:00 sofw kernel: 05 0e23b050 0e23b060 00008015(05)
0a923812 800005ea
Oct  8 16:21:00 sofw kernel: 06 0e23b060 0e23b070 00008019(06)
0ec5a812 8000010e
Oct  8 16:21:00 sofw kernel: 07 0e23b070 0e23b080 0000801d(07)
0ed46012 80000042
Oct  8 16:21:00 sofw kernel: 08 0e23b080 0e23b090 00008021(08)
0b772012 80000036
Oct  8 16:21:00 sofw kernel: 09 0e23b090 0e23b0a0 00008025(09)
0e01a812 800005ea
Oct  8 16:21:00 sofw kernel: 0a 0e23b0a0 0e23b0b0 00008029(0a)
09e5f812 80000036
Oct  8 16:21:00 sofw kernel: 0b 0e23b0b0 00000000 0000802d(0b)
0a411012 80000036
Oct  8 16:21:00 sofw kernel: 0c 0e23b0c0 0e23b0d0 00018031(0c)
00000000 00000000
Oct  8 16:21:00 sofw kernel: 0d 0e23b0d0 0e23b0e0 00008035(0d)
00000000 00000000
Oct  8 16:21:00 sofw kernel: 0e 0e23b0e0 0e23b0f0 00008039(0e)
0e07f812 80000050
Oct  8 16:21:00 sofw kernel: 0f 0e23b0f0 0e23b100 0000803d(0f)
0e626812 80000046
Oct  8 16:21:00 sofw kernel: 10 0e23b100 0e23b110 00008041(10)
0b6e5012 80000058
Oct  8 16:21:00 sofw kernel: 11 0e23b110 0e23b120 00008045(11)
0e0c3012 80000046
Oct  8 16:21:00 sofw kernel: 12 0e23b120 0e23b130 00008049(12)
0ebf8012 80000036
Oct  8 16:21:00 sofw kernel: 13 0e23b130 0e23b140 0000804d(13)
0db31812 80000092
Oct  8 16:21:00 sofw kernel: 14 0e23b140 0e23b150 00008051(14)
0e3d9812 80000036
Oct  8 16:21:00 sofw kernel: 15 0e23b150 0e23b160 00008055(15)
0e08d812 800000b2
Oct  8 16:21:00 sofw kernel: 16 0e23b160 0e23b170 00008059(16)
0eeca012 80000036
Oct  8 16:21:00 sofw kernel: 17 0e23b170 0e23b180 0000805d(17)
0b6a1812 80000036
Oct  8 16:21:00 sofw kernel: 18 0e23b180 0e23b190 00008061(18)
0e958012 80000036
Oct  8 16:21:00 sofw kernel: 19 0e23b190 0e23b1a0 00008065(19)
09c2c812 800005ea
Oct  8 16:21:00 sofw kernel: 1a 0e23b1a0 0e23b1b0 00008069(1a)
0e905012 8000008c
Oct  8 16:21:00 sofw kernel: 1b 0e23b1b0 0e23b1c0 0000806d(1b)
0ee28812 800004d4
Oct  8 16:21:00 sofw kernel: 1c 0e23b1c0 0e23b1d0 00008071(1c)
0f030812 80000036
Oct  8 16:21:00 sofw kernel: 1d 0e23b1d0 0e23b1e0 00008075(1d)
09b77012 80000036
Oct  8 16:21:00 sofw kernel: 1e 0e23b1e0 0e23b1f0 00008079(1e)
0b12c012 800005ea
Oct  8 16:21:00 sofw kernel: 1f 0e23b1f0 0e23b000 0000807d(1f)
0ef91812 8000010e
Oct  8 16:21:00 sofw kernel: TxListPtr=0e23b0d0 netif_queue_stopped=1
Oct  8 16:21:00 sofw kernel: cur_tx=1225228(0c) dirty_tx=1225198(0e)
Oct  8 16:21:00 sofw kernel: cur_rx=23 dirty_rx=23
Oct  8 16:21:00 sofw kernel: cur_task=1225228

Running mii-tool on the first 3 NICs yields the same message
(without the first 3 lines), the other 2 fail with
 "SIOCGMIIPHY on 'eth3' failed: Operation not supported".

I'm having a hard time tracing this problem down, so any pointers
are welcome. Could it be a hardware error or is my configuration
messed up?

greets,
markus

 
 
 
Top

Strange network timeouts on iptables-firewall

Post by Davide Bianch » Tue, 19 Oct 2004 23:20:31



Quote:> sundance/via-rhine). This firewall sits between our main network
> (mostly Windows-based) and our office.

...what's the point of having a firewall between your network and your
office?

Quote:> Oct  8 16:21:00 sofw kernel: eth1: Transmit timed out, TxStatus 00
> TxFrameId 0d, resetting...

I had sort-of the same error, it turned out that the network card
was not-completely functional. Once replaced everything was ok.

Davide

--
Myth: Linux has a lower TCO
Fact: If you consider that buying NT licenses for business use is
tax-deductible, as are all those tech support calls, NT actually has a
lower TCO than Linux! How are you going to expense software that doesn't
cost anything? Eh?!?

 
 
 
Top

Strange network timeouts on iptables-firewall

Post by Michael Heimin » Wed, 20 Oct 2004 03:12:13



[..]
Quote:> Oct  8 16:21:00 sofw kernel: NETDEV WATCHDOG: eth1: transmit timed out
> Oct  8 16:21:00 sofw kernel: eth1: Transmit timed out, TxStatus 00
> TxFrameId 0d, resetting...
> Oct  8 16:21:00 sofw kernel: 00 0e23b000 0e23b010 00008001(00)
> 0ec5a0142 80000036
[..]
> Oct  8 16:21:00 sofw kernel: TxListPtr=0e23b0d0 netif_queue_stopped=1
> Oct  8 16:21:00 sofw kernel: cur_tx=1225228(0c) dirty_tx=1225198(0e)
> Oct  8 16:21:00 sofw kernel: cur_rx=23 dirty_rx=23
> Oct  8 16:21:00 sofw kernel: cur_task=1225228

[..]

Quote:> I'm having a hard time tracing this problem down, so any pointers
> are welcome. Could it be a hardware error or is my configuration
> messed up?

Sounds like a flaky NIC, exchange it, and while your at it
exchange the rest if possible. You simply don't want something as
cheapo as "via-rhine" based cards in a server, can remember
having tons of problems with kernel 2.2 and those. Use them in
some M$ desktop. Get something worth the name NIC for a server,
like 3com/intel/etc.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: 0xEDD27B94)

#bofh excuse 156: Zombie processes haunting the computer

 
 
 
Top

Strange network timeouts on iptables-firewall

Post by Lewin A.R.W. Edwar » Wed, 20 Oct 2004 09:16:17


Hi,

Quote:> containing 5 NICs (all D-Link, 3x 550tx and 2x 530tx, using
> sundance/via-rhine). This firewall sits between our main network
> (mostly Windows-based) and our office.

> We noticed that when copying big files from a server to a local
> workstation via RDP or Citrix (on both W2k and W2k3 servers),
> the transfer hangs about every 50 mb for up to a minute and then

I have experienced this issue with Via's Rhine also, on both Windows
and Linux boxes. On the Windows boxes, the way I fixed it was by
disabling autodetect of media type and forcing half-duplex 100bT. I
never bothered to try to find out how to do the same thing on the
Linux side (I suspect the issue was not just the card, but also either
the cable or the switch).
 
 
 
Top

1. iptable timeout ?? (question on timeout features of ipchains)

I know we can enable timeout using ipchains by running the following.
ipchains -M -S 7200 120 900

How can I achieve this using iptables, which is a successor of ipchains??

William

2. Oracle Webserver Option Installation Problem

3. Very strange network timeout problem.....

4. NCSA Moaic?

5. Networking Firewall -> Iptables

6. SCO 3.0 Crash?

7. Iptables & rc.firewall from Iptables-Tutorial

8. Unix mail redirection script needed

9. Linksys wireless access point networked with IPtables linux firewall

10. iptable rules for two networks connected with two firewalls

11. Strange errors after firewall has been installed in network (DNS?)

12. SSH Through a firewall to gain access to a firewalled network

13. Network within a network.. Iptables stumbling block


All times are UTC
Board index