Results 1 to 7 of 7
  1. #1
    Master Untangler
    Join Date
    Jul 2008
    Location
    Germany
    Posts
    144

    Default Untangle partially hangs

    Hi all,
    since a few days I see partial hanging untangle. Some hosts won't be reachable then. (in our case most of the time upstream ldap and mail servers) get out of reach, preventing login and mail...

    Always if this happens I see following in kern.log:

    Code:
    Mon Nov 29 13:47:02 2021] WARNING (unknown src intf):IN=tun0 OUT= MAC= SRC=172.16.137.10 DST=111.222.000.60 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=61010 DPT=443 WINDOW=2026 RES=0x00 ACK URGP=0 MARK=0x200 
    [Mon Nov 29 13:47:02 2021] WARNING (unknown src intf):IN=tun0 OUT= MAC= SRC=172.16.137.10 DST=111.222.000.60 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=61010 DPT=443 WINDOW=2025 RES=0x00 ACK URGP=0 MARK=0x200
    (DST anonymized)

    The message has nothing to do with the real blocked connections!
    They only appear simultaneously.

    So in my expirience, when untangle starts losing interface information, bad things happen everywhere.

    The question is: might it be a software problem or might it be a hardware problem (about 10-12 year old server machine)???

    Any suggestions, or same experience?
    Thanks in advance,
    Frank

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,389

    Default

    Debian has been dropping support for ancient hardware, my best guess is your NICs are falling off the back end and have crap drivers.

    What NICs are in there?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler
    Join Date
    Jul 2008
    Location
    Germany
    Posts
    144

    Default

    Code:
    # lspci|grep Ethernet
    03:00.0 Ethernet controller: Broadcom Limited NetXtreme II BCM5708 Gigabit Ethernet (rev 12)
    07:00.0 Ethernet controller: Broadcom Limited NetXtreme II BCM5708 Gigabit Ethernet (rev 12)
    0c:00.0 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)
    0c:00.1 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)
    0d:00.0 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)
    0d:00.1 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)
    11:00.0 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)
    11:00.1 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)
    12:00.0 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)
    12:00.1 Ethernet controller: Intel Corporation 82575GB Gigabit Network Connection (rev 02)

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,389

    Default

    The Intels are good, I've got a ton of those out myself. And I don't mean similar, I mean that specific chipset. Now the Broadcoms... those can get squirrely sometimes with the way they do their firmware.

    Are you useing the Broadcoms?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler
    Join Date
    Jul 2008
    Location
    Germany
    Posts
    144

    Default

    Quote Originally Posted by sky-knight View Post
    ...Now the Broadcoms... those can get squirrely sometimes with the way they do their firmware.

    Are you useing the Broadcoms?
    Yes they are in use.

    Detection and startup of the Broadcom from dmesg:
    Code:
    [Mon Nov 29 13:53:43 2021] bnx2: QLogic bnx2 Gigabit Ethernet Driver v2.2.6 (January 29, 2014)
    [Mon Nov 29 13:53:43 2021] bnx2 0000:03:00.0 eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem da000000, IRQ 16, node addr 00:1e:c9:e4:18:10
    [Mon Nov 29 13:53:43 2021] dca service started, version 1.12.1
    [Mon Nov 29 13:53:43 2021] SCSI subsystem initialized
    [Mon Nov 29 13:53:43 2021] bnx2 0000:07:00.0 eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) PCI-X 64-bit 133MHz found at mem d6000000, IRQ 16, node addr 00:1e:c9:e4:18:12
    (...)
    [Mon Nov 29 13:53:57 2021] bnx2 0000:07:00.0: firmware: direct-loading firmware bnx2/bnx2-mips-06-6.2.3.fw
    [Mon Nov 29 13:53:57 2021] bnx2 0000:07:00.0: firmware: direct-loading firmware bnx2/bnx2-rv2p-06-6.0.15.fw
    bnx2 0000:07:00.0 eth1: using MSI
    (...)
    bnx2 0000:07:00.0 eth1: NIC Copper Link is Up, 1000 Mbps full duplex
    [Mon Nov 29 13:54:03 2021] bnx2 0000:03:00.0 eth0: NIC Copper Link is Up, 1000 Mbps full duplex
    EDIT:
    I am wondering why there are two different firmares for 0000:07:00.0 and none for 0000:03:00.0
    Last edited by frust; 11-30-2021 at 04:52 AM.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,389

    Default

    How many interfaces do you have in use? Is it possible to reconfigure to the Intels only?

    Note, I'm unable to do much more other than suggest you swap NIC and see if the issue goes away, hardware support does change over time. Though typically this sort of thing comes up after a kernel level update, which we haven't had in quite some time.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler
    Join Date
    Jul 2008
    Location
    Germany
    Posts
    144

    Default

    Quote Originally Posted by sky-knight View Post
    How many interfaces do you have in use? Is it possible to reconfigure to the Intels only?
    (...)
    Yes, there are 7 Interfaces in use, so I could give it a try.
    Meanwhile we are thinking about a new hardware (the server is running since 2008, as a firewall since 2016 !)...

    Thanks for your help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2