[ previous ] [ next ] [ threads ]
 
 From:  "sHuKKo Kazandibi" <shukko at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall in colocation environment serious problems.
 Date:  Tue, 23 May 2006 21:05:15 +0300 
Hi

I am using my m0n0 in my own colocation facilty especially for routing
purposes.
But I have got some serious problems.
First off all here's my current configuration:

My Isp gives me ip address: 212.225.100.100/30 as my internet ip
And 212.170.24.1/24 public ip space routed over above ip address.

So after reading the mailing lists archives I setup :

Wan Ip: 212.225.100.100/30 - static
Wan Gateway: 212.225.100.99

Lan Ip: 212.170.24.1/24

Every server behind this setup will have static ip addresses So I disable
DHCP and DNS forwarding etc.

Then I go to Firewall> NAT> Outbound and enable advanced outbound nat.
After this I go to Firewall> Rules> Wan and added a rule to pass anything on
Wan interface

My Hardware setup is like that:
Fiberoptic cable from my ISP comes to my layer2 switch and ends in a vlan
normal 100mbit copper line exits from this switch and enters to my m0n0wall
pc.
Lan interface comes out of my m0n0wall pc enters to another layer2 switch.
All other webservers, dns servers, mail servers etc. connects to this distro
switch.

Anyway this setup above seems to be working fine for about 2 weeks.
I am  not using any advanced firewall rules other than  the only rule on my
wan interface to pass anything.

But there is a problem

everyting seems to be working fine.
Dns servers web servers mail servers can be easily reached over the internet
and they also can connect to anywhere else without any problem.
But whenever I try to download a file from one of my webservers to a remote
location it sometimes stops responding but sometimes works without any
problem.

I can't be able to duplicate this problem in a controlled envionment. I
tried with different webservers, tried http downloads, tried ftp downloads
etc
It is always the same randomly I can download the files behind my m0n0wall
setup or can not.

But the thing is these servers are already in operation and there are
several websites on them.
Browsing sites on these servers or checking pop3 accounts or connecting ssh
sessions is not a problem.
But whenever I tried to download something bigger than 100/200 kb servers
randomly send the files perfectly or just stops responding.

I triple checked my cabling and m0n0wall pc hardware ethernet cards etc.
Everything is on perfect condition. Even I checked my switches for any kind
of hardware errors and changed them but it's still the same everytime.I
checked my apache  and ftp configs and try to duplicate the problem inside
the network but no chance.

The only thing left is my m0n0wall configuration.
Did I passed anything on my configuration?
Or the setup I placed is completely wrong for a usage like that?
I wonder if someone had an similar problem like that before?

Best Regards

Shukko







**