[Linux] what could be killing my linux router?

Phil Smith linux@flux.org
Thu, 7 Jun 2007 08:01:15 -0700 (PDT) 

Terry Richards wrote:

> how do i find out when<exact time> the connection
goes off and what 
triggers the disconnection?

Terry,

I was making an assumption that your older machine
might be running outdated software leading to
eventual, successful attacks.  Debian based systems
have a /var/log/auth.log where failed SSH logins from
China, Italy, etc. are stored, listing the attempted
userid.  Perhaps Gentoo stores this in another file or
logging  has to be activated.  

I'd look for whatever files you do have in /var/log:
syslog, kern.log, messages, etc., especially looking
for a TCP window shrinkage issue that show up logged
as "Treason uncloaked" that is a kernel vulnerability
for which no real fix exists yet, mainly because some
are still arguing whether the existing kernel code
works "well enough" or not, even when confronted with
system crash reports.

You didn't state your ISP.  I recently had problems
with a Bellsouth DSL 6 upgrade, they shipped a very
low quality "Westell WindRiver" DSL modem that lost
connectivity at the slightest rumble of thunder (18
times in one hour!), and the Cat 5 patch cable they
provided failed a continuity test.  I've reverted to
the older Westell DSL 3 modem for now and in the
future, the new AT&T will not be providing me any more
"hardware", apparently you can buy your own DSL modem.

Most DSL modems seem to require a complete power-down
reset at least every few months for reliable
operation.

You could also be having an issue with DHCP leases
expiring from your ISP and the Linux DHCP not agreeing
with a Windows-based ISP's idea on DHCP license
renewal.  This would be expected to happen
consistently after a certain number of hours of
operation after acquiring a license.  

You can probably find or write a tool to monitor the
connection, for example, ping google.com once every 5
minutes and log if ping was successful.  In some
cases, this keeps connections alive that drop perhaps
because of some ISP inactivity policy.

To diagnose a connection, you determine:
1) can you ping the default gateway at the ISP by ip
address?
2) can you ping anything more distant by ip address?
3) can you ping anything by name, to determine if
DNS/remote DNS servers are reachable.working.  

Many times I can ping by IP address but not name,
there is a tool called 'dig' to figure out where the
DNS failure is:

dig @192.168.1.254 google.com # DSL modem
dig @4.2.2.1 google.com    # verizon DNS

Phil




      ____________________________________________________________________________________
Shape Yahoo! in your own image.  Join our Network Research Panel today!   http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7