Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Untanglit
    Join Date
    Feb 2010
    Posts
    17

    Default How to test Untangle packet drops?

    Hello,

    I added a new computer to my domain a few weeks back. It has been intermittently dropping internet connection. During these "outages" it can still access shares on our network and connect/RDP to other machines. No other machines are effected during these "outages." It seems to be specific to this single machine (not sure how/why). I tried moving it to a new location, on different switches, etc. but still no go. When i put it outside of the "internal" network so its directly connected to the hub splitting our FiOS connection, it works fine with no internet drops. However, as soon as i pop it back behind our firewall/untangle server, it starts dropping internet randomly again.

    I tried to assign it a static IP and have tried to monitor any funky packet activity on that machine. My switches are reporting no packet drops or collisions on that machine. During the outages, I can't ping our internal gateway (192.168.1.1) but I can access the Untangle web interface just fine.

    Another thing is that I can't ping our web server during this time which sits on a different subnet.

    Network setup:

    Fios connection comes in and connects to a hub -> Hub connects to our Cisco 2600 and Cisco PIX Firewall ->

    (Branch 1) PIX Firewall connects to Untangle "External" interface -> Untangle "Internal" interface connects to main switch -> Main Switch Connects all of our server/workstations and to our Catalyst 3500

    (Branch 2) Cisco 2600 connects to our Catalyst 3500 -> Catalyst 3500 connects to the PIX Firewall and web server

    All of the Cisco Equipment was programmed long before my time here from a consultant. I am unaware of their configurations. We recently had our PIX re-configured last October due to a FiOS upgrade from T1, and there were intermittent internet issues with other computers, however, those didn't occur nearly as often as this one machine's does and after I replaced all the switches with one monster 48-port Gigabit Netgear switch, those computer's problems stopped.

    Since the trail ends after the Untangle box, I need to know whether or not its the Untangle server or the Cisco Equipment. One of those two must be the culprit (or both possibly?). Untangle is setup as a transparent bridge and there are no more than 35 workstations/servers in our network.

    Any ideas of what can be wrong and/or how to test if the problem is from Untangle would be greatly appreciated!

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    The first thing I'd look into is what an "outage" is?

    Can you ping untangle from inside? Can you ping 4.2.2.1? Can you ping google.com?
    Can you do any DNS lookups? How about DNS directly with 4.2.2.1?
    Can you load google.com in a browser? Can untangle load google.com? Does the Untangle connectivity test succeed? etc.

    I'd try to isolate the "outage" and after you do that its usually easy to figure it out.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Feb 2010
    Posts
    17

    Default

    I can get to Untangle's Web Interface from the machine in question during these "outages"

    I can do DNS lookups, our DNS server is internal

    I can't ping Google, even when i try the IP directly.

    I can't load any website on a browser during these "outages"

    No other machine on our network is effected, i assume the same is true for the Untangle box (its headless and difficult for me to go on it and open a browser to test connectivity, i'll assume it works as other machines behind Untangle can still get out).

    Thanks.

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by condorcapital View Post
    I can get to Untangle's Web Interface from the machine in question during these "outages"

    I can do DNS lookups, our DNS server is internal

    I can't ping Google, even when i try the IP directly.

    I can't load any website on a browser during these "outages"

    No other machine on our network is effected, i assume the same is true for the Untangle box (its headless and difficult for me to go on it and open a browser to test connectivity, i'll assume it works as other machines behind Untangle can still get out).

    Thanks.
    Hmm, can your DNS server do non-cached lookups during this time?

    If you can't ping google or its IP during this time I suspect bad NICs. The untangle software doesn't process ping so if you can't ping its likely a low level driver/hardware issue. If you can ping but have no TCP/UDP then its probably a software/performance/configuration issue.

    If you drop to the terminal on untangle during an outage - can you ping 4.2.2.1 or google.com from there? Can you ping an internal machine?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untanglit
    Join Date
    Feb 2010
    Posts
    17

    Default

    Well like i said, other machines function just fine during this time. This means other machines can ping google.com just fine when this particular machine has an "outage".

    There is only ONE machine that the internet seems to "drop" for, all the other machines function normal/fine. Other machines can ping the internal gateway just fine and access the web where has this ONE machine can't do those simple tasks. Do you think that machine has a bad NIC? Even though when I brought it out from behind the PIX/Untangle setup it seemed to function just fine?

    I will try to get on the untangle box next time an "outage" occurs.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    If you don't have it installed, install the attack blocker and watch the reputation score on the single unit in question.

    I smell a bug.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by condorcapital View Post
    There is only ONE machine that the internet seems to "drop" for, all the other machines function normal/fine. Other machines can ping the internal gateway just fine and access the web where has this ONE machine can't do those simple tasks. Do you think that machine has a bad NIC? Even though when I brought it out from behind the PIX/Untangle setup it seemed to function just fine?
    Ah I see - I misunderstood I thought that one machine was bringing the entire network down.

    can that single machine ping untangle's internal IP? how about 4.2.2.1?
    can it go to untangle's administration UI?

    whats different about that machine?

    I'd definitely check attack blocker.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untanglit
    Join Date
    Feb 2010
    Posts
    17

    Default

    Last time i enabled attack blocker it brought down a bunch of my internal services. I'm not too sure I can re-enable it.

    The machine in question is the newest computer on our network and is the only HP computer we have (We all have Dell's though i decided the HP was a better bang for the buck this time around).

    Also, in respect to the other machines that had "intermittent" problems after the FiOS upgrade. I am hearing they still occur though a lot less frequently. It seems they just loose internet for a matter of minutes though they can still ping out to google and yahoo but can't load webpages. I am not sure why this occurs though it is a lot less problematic than that HP machine.

  9. #9
    Untanglit
    Join Date
    Feb 2010
    Posts
    17

    Default

    I STAND CORRECTED.

    Attack blocker IS enabled (I was thinking of another site in which we don't have it enabled), and I don't see anything on the event logs.

    How do i check the "reputation score?"

  10. #10
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    if there is nothing in the eventlog then it isn't attack blocker (remember to hit refresh though)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2