Results 1 to 5 of 5

Thread: ping breaks

  1. #1
    Junior Member
    Join Date
    Feb 2009
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default ping breaks

    I have implemented advance routing fo load balancing and a script for and fail over on a Linux machine which run squid and dansguardian for proxying, i have three interfaces on this machine which are

    10.201.108.254 eth1 external interface connected to service provider
    10.201.109.254 eth2 external interface connected to service provider
    10.200.14.11 eth0 Internal interface for users.

    Routing List
    192.101.5.0/26 via 10.200.14.254 dev eth0
    10.1.45.0/24 via 10.200.14.254 dev eth0
    192.168.100.0/24 via 10.200.14.254 dev eth0
    10.201.108.0/24 dev eth1 proto kernel scope link src 10.201.108.11
    10.201.14.0/24 dev eth3 proto kernel scope link src 10.201.14.11
    10.201.109.0/24 dev eth2 proto kernel scope link src 10.201.109.11
    192.168.65.0/24 via 10.200.14.254 dev eth0
    192.168.50.0/24 via 10.200.14.254 dev eth0
    192.168.151.0/24 via 10.200.14.254 dev eth0
    10.1.10.0/24 via 10.200.14.254 dev eth0
    10.200.17.0/24 via 10.200.14.254 dev eth0
    10.200.16.0/24 via 10.200.14.254 dev eth0
    131.11.3.0/24 via 10.200.14.254 dev eth0
    192.168.155.0/24 via 10.200.14.254 dev eth0
    10.200.14.0/24 dev eth0 proto kernel scope link src 10.200.14.11
    192.168.152.0/24 via 10.200.14.254 dev eth0
    10.203.0.0/24 via 10.200.14.254 dev eth0
    172.25.0.0/16 via 10.200.14.254 dev eth0
    10.100.0.0/16 via 10.200.14.254 dev eth0
    192.172.0.0/16 via 10.200.14.254 dev eth0
    169.254.0.0/16 dev eth3 scope link
    10.200.0.0/16 via 10.200.14.254 dev eth0
    default
    nexthop via 10.201.108.254 dev eth1 weight 2
    nexthop via 10.201.109.254 dev eth2 weight 1

    I have added static routes for LAN users which are

    #LOCAL NETWORKS

    any net 192.168.151.0/24 gw 10.200.14.254 dev eth0
    any net 192.168.50.0/24 gw 10.200.14.254 dev eth0
    any net 192.168.152.0/24 gw 10.200.14.254 dev eth0
    any net 192.168.155.0/24 gw 10.200.14.254 dev eth0
    any net 192.168.65.0/24 gw 10.200.14.254 dev eth0
    any net 192.172.0.0/16 gw 10.200.14.254 dev eth0

    Problem is that when i ping internal interface that is 10.200.14.11 which is assigned on eth0, the ping breaks too much due to which browsing gets slow when internet traffic load is high on proxy server then ping breaks too much on internal interface, i have checked the network on layer-2 switches and layer-3 firewalls which are fine changed network cables also changed network interface on proxy server still ping is breaking, i dont understand wts the reason traffice flow is Users -> Firewall (gateway) -> Proxy Server -> Router -> service provider
    any help will b highly appreciated

  2. #2
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,513
    Thanks
    17
    Thanked 807 Times in 511 Posts
    Rep Power
    10

    Default

    Squid and ICMP ping requests are two different things. Squid cannot proxy out icmp requests. Check your firewall settings, especially iptables on Linux and /etc/sysctl.conf.
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  3. #3
    Junior Member
    Join Date
    Feb 2009
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    dear nixCraft i know squid dont cache icmp, and the issue may be with routing,firewall or interfaces, as u told i have checked my firewall (iptables) and sysctl.conf file in /etc here are the setting of both iptables and sysctl.conf file

    /etc/sysctl.conf

    # Controls IP packet forwarding
    net.ipv4.ip_forward = 0

    # Controls source route verification
    net.ipv4.conf.default.rp_filter = 1

    # Do not accept source routing
    net.ipv4.conf.default.accept_source_route = 0

    # Controls the System Request debugging functionality of the kernel
    kernel.sysrq = 0

    # Controls whether core dumps will append the PID to the core filename
    # Useful for debugging multi-threaded applications
    kernel.core_uses_pid = 1

    # Controls the use of TCP syncookies
    net.ipv4.tcp_syncookies = 1

    # Controls the maximum size of a message, in bytes
    kernel.msgmnb = 65536

    # Controls the default maxmimum size of a mesage queue
    kernel.msgmax = 65536

    # Controls the maximum shared segment size, in bytes
    kernel.shmmax = 68719476736

    # Controls the maximum number of shared memory segments, in pages
    kernel.shmall = 4294967296

    Firewall

    #SSH Ports
    #################################################
    iptables -A INPUT --source 192.168.151.220 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT --source 192.168.151.174 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT --source 10.200.14.11 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j DROP
    #################################################

    #DANSGUARDIAN PORT
    ################################################## ###
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    ################################################## ###
    Last edited by ifti; 17th December 2009 at 12:55 PM.

  4. #4
    Junior Member
    Join Date
    Dec 2009
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default ping break

    hi ,

    while sending icmp packets to any domain its breaking or for specific only ...


    john

  5. #5
    Junior Member
    Join Date
    Feb 2009
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    thanks johndaz, actually i m pinging my proxy machine as i have mentioned in my thread ping to other ips is fine.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. PIng resolves to wrong IP
    By Action in forum Networking, Firewalls and Security
    Replies: 1
    Last Post: 29th July 2011, 05:59 AM
  2. Can't ping host_name
    By vijendra in forum Networking, Firewalls and Security
    Replies: 2
    Last Post: 12th October 2008, 11:48 AM
  3. Can't ping hostname
    By satimis in forum Networking, Firewalls and Security
    Replies: 1
    Last Post: 25th September 2008, 12:04 AM
  4. Unable to ping ???
    By raina_ajeet in forum Linux software
    Replies: 2
    Last Post: 24th April 2008, 05:39 PM
  5. Can't ping to a linux box by its machine name.
    By lacloai in forum Linux software
    Replies: 6
    Last Post: 17th May 2007, 02:56 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •