# Network Connections Drop, Cisco Router is culprit.Howto Fix?

## ixion

Hello all,

I've noticed this happening recently and cannot place my finger on what caused it (reloading Gentoo on the firewall or on the webserver).

Connections are randomly being dropped while connected to my servers via ssh, https, etc. It acts just like Snort_Inline dropped the connection or if IPTABLES dropped it, but there is nothing in the logs. My snort logs do not add an entry when this happens, and IPTABLES does not log anything when this happens. I first thought it was the Sonicwalls they use at the office, but my wife has noticed the same problem at her office without a Sonicwall. I kept thinking it was snort being silly, but took snort out of the picture (-j ACCEPT instead of -j QUEUE), and it still happened. I then thought it was QoS, so cleared that on the firewall, nogo. Both kernels (firewall and webserver) are heavily locked down with GRSecurity, PaX, and the other Security features (hardened-dev-sources). Could this be a kernel problem?

A few examples:

Squirrelmail's auto-refresh of the folder list will hang intermittently. I cancel it, manually click 'Refresh Folder List', and it works almost every time.

SSH sessions with a 'keepalive' script that echo's a character every 5 seconds will hang intermittently until I interact with it.

During a long emerge, it will appear to hang until I press a key in the window, and then it will scroll the screen very fast until caught up with the actual output.

----------

## ixion

I rebuilt the firewall with a hardened-dev-sources without GRSecurity or Pax, but this issue remains.. can anyone think of any other ideas? Maybe it's the hardened-sources causing this? Is this perhaps a 2.6 issue?

----------

## the_sphynx

check /var/log/messages for kernel output.  Are you using ip_conntrack in iptables?  If so then you may want to increase the number in /proc/sys/net/ipv4/ip_conntrack_max to 32768 or more.  This will allow more connections to your firewall.

----------

## ixion

Thank you for your reply.

I'm very sorry for the denseness, but how would I know if I'm using ip_conntrack for iptables? I believe I am using it, but would like to confirm.

I tailed /var/log/messages (syslog-ng) on both the webserver and firewall over ssh, but saw no kernel messages when the connection locked (both the ssh sessions and the www sessions).

----------

## Riftwing

```
lsmod |grep ip_conntrack
```

----------

## ixion

actually, I have loadable module support disabled, and all IPTABLES options enabled in the kernel (except for a couple that crashed the kernel (realm, etc.). Is there another way, or if I have it enabled in the kernel means it's being used automatically?

(I apologize for being brainless in this:()

----------

## the_sphynx

Ixion,

I just noticed that my gentoo system doesn't have a /var/log/messages.  Instead it uses /var/log/kernel/current (I am running metalog).  Check that for output from the kernel as that is where the logging would occur if you are running metalog.  Chances are that you are using ip_conntrack..as long as you are using the -m --state or -m --ctstate options in any of your iptables rules (I hope you are).  That uses connection tracking when those are invoked.  Sorry for the late reply.  I will try to keep better track of the post for you.

Thanks,

the_sphynx

----------

## ixion

excellent, thank you very much for the advice.. I am using stateful packet filtering (with -m --state  :Smile:  ).. so I went ahead and set 

```
echo '32768' > /proc/sys/net/ipv4/ip_conntrack_max
```

 on the firewall and will see what happens. If it keeps up, I will compile a new kernel on the web server that doesn't prevent /proc/sys/net/...  :Smile: 

I will post back here my findings.. thank you so much for your advice, and no worries about long delays on replies, I appreciate greatly your help..  :Smile: 

----------

## frostschutz

 *ixion wrote:*   

> During a long emerge, it will appear to hang until I press a key in the window, and then it will scroll the screen very fast until caught up with the actual output.

 

This doesn't sound like a network connection problem to me, since the network system shouldn't have a receive buffer big enough to hold that much data. It sounds more like your terminal emulator receives the data all right, but doesn't waste CPU cycles on constantly updating the screen as long as you are idle. Either that or something is buffering hundreds of kilobytes (emerge output can easily get that big) in between.

----------

## ixion

very interesting.. I use aterm with a transparent background.. maybe I should switch to xterm and see what happens?

----------

## ixion

I forgot, this shouldn't be a terminal problem since the HTTPS sessions are dropped as well. I've tested this today, and the problem still exists.  :Crying or Very sad: 

Edit: but it does seem like possibly a buffer problem? I don't know what is buffering all of a sudden. And sometimes it locks totally and will not respond at all. I wonder what's doing this.

----------

## frostschutz

Unless your SSH client uses some dark magic that enables it to transparentely reconnect the session, rescue all programs that were running and output of the old session, there's no way that you have a network problem as far as the hit key + scrolling issue you describe. Usually, if an SSH session is cut, it is dead, the output is dead, and the programs you were running remotely are even more dead. The SSH client will print you a very nice message that the connection somehow died, and that's it. But since you get all output the connection is alive, so no network  issue *in that one case*.

The other issues might still be network related, I don't know about that.

----------

## ixion

understood.. the confusing part is that all the firewalls (Sonicwall) here drop stale connections after just a couple minutes, and then I do get disconnected, but that I'm 99% sure is due to the silly Sonicwalls.

What do you think about the HTTPS dropping, though? I have been able to get this to happen at both my office and my wife's, so it can't be related to my ISP and/or firewalls at the office.. it is QUITE annoying..  :Crying or Very sad:   :Crying or Very sad:   :Crying or Very sad: 

----------

## nadi

I am experiencing the same problem, just started 4 days ago (I don't know if it is because I emerged anything new or updated).

thread https://forums.gentoo.org/viewtopic-t-316852.html

 find the reasong to the problem, will you please post it? 

Thanks, 

Nadi

----------

## ixion

The only difference between yours and my problems is that mine still works after a couple seconds without having to restart net.eth0. Have you tried just leaving it for a little bit (30 seconds or so) to see if the connection is renewed?

One thing I've forgotten to mention is that it seems the return (stateful) packet is what is dropped.. packets into the web server seem to always be caught.. maybe I'm imagining this, but does that ring a bell?

----------

## nadi

oh yes, if I wait long enough (minute or two)  the connection resumes. I restarting net.eth0 cause I don't have patience to wait so long. I am getting crazy  :Mad:  . When restarting net.eth0, I get immidiatly network, for a few sec/ min.  ....

----------

## ixion

very interesting.. what are your hardware specs if you don't mind me asking?

The servers I'm using are:

3COM Onboard (Dell Optiplex GX1, GX110, etc)

and

Intel Pro 100

Pentium 3 webservers and pentium 2 firewall.

----------

## nadi

I am using Thinkpad T40p with pro1000 ethernet, and 1 GB RAM, intel centrino (pentium M 1.6Ghz). It is a good machine, and for the first time now I experienced this sort of problem. kernel is 2.6.11-r4 which I have being using for a while (month or so) without much problems, but it might be some kernel driver (I am not using any modules in the kernel, I build everything about the network in the kernel).

----------

## ixion

hey a commonality! I build everything into the kernel as well without loadable module support.. I am running 2.6.11-hardened-r1.. maybe something to do with 2.6.11?

----------

## nadi

well, I have loadable module support, but I am not sure this is the problem. look at my kernel configure and tell me what you think

```

#

# Automatically generated make config: don't edit

# Linux kernel version: 2.6.11-gentoo-r4

# Wed Mar 30 11:06:12 2005

#

CONFIG_X86=y

CONFIG_MMU=y

CONFIG_UID16=y

CONFIG_GENERIC_ISA_DMA=y

CONFIG_GENERIC_IOMAP=y

#

# Code maturity level options

#

CONFIG_EXPERIMENTAL=y

CONFIG_CLEAN_COMPILE=y

CONFIG_LOCK_KERNEL=y

#

# General setup

#

CONFIG_LOCALVERSION=""

CONFIG_SWAP=y

CONFIG_SYSVIPC=y

CONFIG_POSIX_MQUEUE=y

# CONFIG_BSD_PROCESS_ACCT is not set

CONFIG_SYSCTL=y

CONFIG_AUDIT=y

CONFIG_AUDITSYSCALL=y

CONFIG_LOG_BUF_SHIFT=15

CONFIG_HOTPLUG=y

CONFIG_KOBJECT_UEVENT=y

CONFIG_IKCONFIG=y

# CONFIG_IKCONFIG_PROC is not set

# CONFIG_EMBEDDED is not set

CONFIG_KALLSYMS=y

# CONFIG_KALLSYMS_EXTRA_PASS is not set

CONFIG_FUTEX=y

CONFIG_EPOLL=y

# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set

CONFIG_SHMEM=y

CONFIG_CC_ALIGN_FUNCTIONS=0

CONFIG_CC_ALIGN_LABELS=0

CONFIG_CC_ALIGN_LOOPS=0

CONFIG_CC_ALIGN_JUMPS=0

# CONFIG_TINY_SHMEM is not set

#

# Loadable module support

#

CONFIG_MODULES=y

CONFIG_MODULE_UNLOAD=y

# CONFIG_MODULE_FORCE_UNLOAD is not set

CONFIG_OBSOLETE_MODPARM=y

# CONFIG_MODVERSIONS is not set

# CONFIG_MODULE_SRCVERSION_ALL is not set

CONFIG_KMOD=y

CONFIG_STOP_MACHINE=y

#

# Processor type and features

#

CONFIG_X86_PC=y

# CONFIG_X86_ELAN is not set

# CONFIG_X86_VOYAGER is not set

# CONFIG_X86_NUMAQ is not set

# CONFIG_X86_SUMMIT is not set

# CONFIG_X86_BIGSMP is not set

# CONFIG_X86_VISWS is not set

# CONFIG_X86_GENERICARCH is not set

# CONFIG_X86_ES7000 is not set

# CONFIG_M386 is not set

# CONFIG_M486 is not set

# CONFIG_M586 is not set

# CONFIG_M586TSC is not set

# CONFIG_M586MMX is not set

# CONFIG_M686 is not set

# CONFIG_MPENTIUMII is not set

# CONFIG_MPENTIUMIII is not set

CONFIG_MPENTIUMM=y

# CONFIG_MPENTIUM4 is not set

# CONFIG_MK6 is not set

# CONFIG_MK7 is not set

# CONFIG_MK8 is not set

# CONFIG_MCRUSOE is not set

# CONFIG_MEFFICEON is not set

# CONFIG_MWINCHIPC6 is not set

# CONFIG_MWINCHIP2 is not set

# CONFIG_MWINCHIP3D is not set

# CONFIG_MCYRIXIII is not set

# CONFIG_MVIAC3_2 is not set

CONFIG_X86_GENERIC=y

CONFIG_X86_CMPXCHG=y

CONFIG_X86_XADD=y

CONFIG_X86_L1_CACHE_SHIFT=7

CONFIG_RWSEM_XCHGADD_ALGORITHM=y

CONFIG_GENERIC_CALIBRATE_DELAY=y

CONFIG_X86_WP_WORKS_OK=y

CONFIG_X86_INVLPG=y

CONFIG_X86_BSWAP=y

CONFIG_X86_POPAD_OK=y

CONFIG_X86_GOOD_APIC=y

CONFIG_X86_INTEL_USERCOPY=y

CONFIG_X86_USE_PPRO_CHECKSUM=y

CONFIG_HPET_TIMER=y

CONFIG_SMP=y

CONFIG_NR_CPUS=8

# CONFIG_SCHED_SMT is not set

CONFIG_PREEMPT=y

# CONFIG_PREEMPT_BKL is not set

CONFIG_X86_LOCAL_APIC=y

CONFIG_X86_IO_APIC=y

CONFIG_X86_TSC=y

CONFIG_X86_MCE=y

# CONFIG_X86_MCE_NONFATAL is not set

# CONFIG_X86_MCE_P4THERMAL is not set

# CONFIG_TOSHIBA is not set

# CONFIG_I8K is not set

# CONFIG_MICROCODE is not set

# CONFIG_X86_MSR is not set

CONFIG_X86_CPUID=y

#

# Firmware Drivers

#

# CONFIG_EDD is not set

CONFIG_NOHIGHMEM=y

# CONFIG_HIGHMEM4G is not set

# CONFIG_HIGHMEM64G is not set

# CONFIG_MATH_EMULATION is not set

CONFIG_MTRR=y

# CONFIG_EFI is not set

CONFIG_IRQBALANCE=y

CONFIG_HAVE_DEC_LOCK=y

# CONFIG_REGPARM is not set

#

# Power management options (ACPI, APM)

#

CONFIG_PM=y

# CONFIG_PM_DEBUG is not set

CONFIG_SOFTWARE_SUSPEND=y

CONFIG_PM_STD_PARTITION="/dev/hda3"

#

# ACPI (Advanced Configuration and Power Interface) Support

#

CONFIG_ACPI=y

CONFIG_ACPI_BOOT=y

CONFIG_ACPI_INTERPRETER=y

CONFIG_ACPI_SLEEP=y

CONFIG_ACPI_SLEEP_PROC_FS=y

CONFIG_ACPI_AC=y

CONFIG_ACPI_BATTERY=y

CONFIG_ACPI_BUTTON=y

# CONFIG_ACPI_VIDEO is not set

CONFIG_ACPI_FAN=y

CONFIG_ACPI_PROCESSOR=y

CONFIG_ACPI_THERMAL=y

# CONFIG_ACPI_ASUS is not set

CONFIG_ACPI_IBM=y

# CONFIG_ACPI_TOSHIBA is not set

CONFIG_ACPI_BLACKLIST_YEAR=0

# CONFIG_ACPI_DEBUG is not set

CONFIG_ACPI_BUS=y

CONFIG_ACPI_EC=y

CONFIG_ACPI_POWER=y

CONFIG_ACPI_PCI=y

CONFIG_ACPI_SYSTEM=y

CONFIG_X86_PM_TIMER=y

# CONFIG_ACPI_CONTAINER is not set

#

# APM (Advanced Power Management) BIOS Support

#

# CONFIG_APM is not set

#

# CPU Frequency scaling

#

CONFIG_CPU_FREQ=y

# CONFIG_CPU_FREQ_DEBUG is not set

CONFIG_CPU_FREQ_STAT=y

CONFIG_CPU_FREQ_STAT_DETAILS=y

CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y

# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set

CONFIG_CPU_FREQ_GOV_PERFORMANCE=y

# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set

# CONFIG_CPU_FREQ_GOV_USERSPACE is not set

CONFIG_CPU_FREQ_GOV_ONDEMAND=y

CONFIG_CPU_FREQ_TABLE=y

#

# CPUFreq processor drivers

#

# CONFIG_X86_ACPI_CPUFREQ is not set

# CONFIG_X86_POWERNOW_K6 is not set

# CONFIG_X86_POWERNOW_K7 is not set

# CONFIG_X86_POWERNOW_K8 is not set

# CONFIG_X86_GX_SUSPMOD is not set

CONFIG_X86_SPEEDSTEP_CENTRINO=y

CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI=y

CONFIG_X86_SPEEDSTEP_CENTRINO_TABLE=y

# CONFIG_X86_SPEEDSTEP_ICH is not set

# CONFIG_X86_SPEEDSTEP_SMI is not set

# CONFIG_X86_P4_CLOCKMOD is not set

# CONFIG_X86_CPUFREQ_NFORCE2 is not set

# CONFIG_X86_LONGRUN is not set

# CONFIG_X86_LONGHAUL is not set

#

# shared options

#

# CONFIG_X86_ACPI_CPUFREQ_PROC_INTF is not set

#

# Bus options (PCI, PCMCIA, EISA, MCA, ISA)

#

CONFIG_PCI=y

# CONFIG_PCI_GOBIOS is not set

# CONFIG_PCI_GOMMCONFIG is not set

# CONFIG_PCI_GODIRECT is not set

CONFIG_PCI_GOANY=y

CONFIG_PCI_BIOS=y

CONFIG_PCI_DIRECT=y

CONFIG_PCI_MMCONFIG=y

# CONFIG_PCIEPORTBUS is not set

# CONFIG_PCI_MSI is not set

CONFIG_PCI_LEGACY_PROC=y

CONFIG_PCI_NAMES=y

CONFIG_ISA=y

# CONFIG_EISA is not set

CONFIG_MCA=y

# CONFIG_MCA_LEGACY is not set

# CONFIG_SCx200 is not set

#

# PCCARD (PCMCIA/CardBus) support

#

CONFIG_PCCARD=m

# CONFIG_PCMCIA_DEBUG is not set

# CONFIG_PCMCIA is not set

# CONFIG_CARDBUS is not set

#

# PC-card bridges

#

CONFIG_PCMCIA_PROBE=y

#

# PCI Hotplug Support

#

CONFIG_HOTPLUG_PCI=y

# CONFIG_HOTPLUG_PCI_FAKE is not set

# CONFIG_HOTPLUG_PCI_COMPAQ is not set

# CONFIG_HOTPLUG_PCI_IBM is not set

# CONFIG_HOTPLUG_PCI_ACPI is not set

# CONFIG_HOTPLUG_PCI_CPCI is not set

# CONFIG_HOTPLUG_PCI_SHPC is not set

#

# Executable file formats

#

CONFIG_BINFMT_ELF=y

CONFIG_BINFMT_AOUT=y

CONFIG_BINFMT_MISC=y

#

# Device Drivers

#

#

# Generic Driver Options

#

CONFIG_STANDALONE=y

CONFIG_PREVENT_FIRMWARE_BUILD=y

CONFIG_FW_LOADER=m

#

# Memory Technology Devices (MTD)

#

CONFIG_MTD=m

# CONFIG_MTD_DEBUG is not set

# CONFIG_MTD_PARTITIONS is not set

# CONFIG_MTD_CONCAT is not set

#

# User Modules And Translation Layers

#

# CONFIG_MTD_CHAR is not set

# CONFIG_MTD_BLOCK is not set

# CONFIG_MTD_BLOCK_RO is not set

# CONFIG_FTL is not set

# CONFIG_NFTL is not set

# CONFIG_INFTL is not set

#

# RAM/ROM/Flash chip drivers

#

# CONFIG_MTD_CFI is not set

# CONFIG_MTD_JEDECPROBE is not set

CONFIG_MTD_MAP_BANK_WIDTH_1=y

CONFIG_MTD_MAP_BANK_WIDTH_2=y

CONFIG_MTD_MAP_BANK_WIDTH_4=y

# CONFIG_MTD_MAP_BANK_WIDTH_8 is not set

# CONFIG_MTD_MAP_BANK_WIDTH_16 is not set

# CONFIG_MTD_MAP_BANK_WIDTH_32 is not set

CONFIG_MTD_CFI_I1=y

CONFIG_MTD_CFI_I2=y

# CONFIG_MTD_CFI_I4 is not set

# CONFIG_MTD_CFI_I8 is not set

# CONFIG_MTD_RAM is not set

# CONFIG_MTD_ROM is not set

# CONFIG_MTD_ABSENT is not set

#

# Mapping drivers for chip access

#

# CONFIG_MTD_COMPLEX_MAPPINGS is not set

#

# Self-contained MTD device drivers

#

# CONFIG_MTD_PMC551 is not set

# CONFIG_MTD_SLRAM is not set

# CONFIG_MTD_PHRAM is not set

# CONFIG_MTD_MTDRAM is not set

# CONFIG_MTD_BLKMTD is not set

# CONFIG_MTD_BLOCK2MTD is not set

#

# Disk-On-Chip Device Drivers

#

# CONFIG_MTD_DOC2000 is not set

# CONFIG_MTD_DOC2001 is not set

# CONFIG_MTD_DOC2001PLUS is not set

#

# NAND Flash Device Drivers

#

# CONFIG_MTD_NAND is not set

#

# Parallel port support

#

# CONFIG_PARPORT is not set

#

# Plug and Play support

#

CONFIG_PNP=y

# CONFIG_PNP_DEBUG is not set

#

# Protocols

#

# CONFIG_ISAPNP is not set

CONFIG_PNPBIOS=y

CONFIG_PNPBIOS_PROC_FS=y

CONFIG_PNPACPI=y

#

# Block devices

#

# CONFIG_BLK_DEV_FD is not set

# CONFIG_BLK_DEV_XD is not set

# CONFIG_BLK_CPQ_DA is not set

# CONFIG_BLK_CPQ_CISS_DA is not set

# CONFIG_BLK_DEV_DAC960 is not set

# CONFIG_BLK_DEV_UMEM is not set

# CONFIG_BLK_DEV_COW_COMMON is not set

# CONFIG_BLK_DEV_LOOP is not set

# CONFIG_BLK_DEV_NBD is not set

# CONFIG_BLK_DEV_SX8 is not set

# CONFIG_BLK_DEV_UB is not set

# CONFIG_BLK_DEV_RAM is not set

CONFIG_BLK_DEV_RAM_COUNT=16

CONFIG_INITRAMFS_SOURCE=""

CONFIG_LBD=y

CONFIG_CDROM_PKTCDVD=y

CONFIG_CDROM_PKTCDVD_BUFFERS=8

# CONFIG_CDROM_PKTCDVD_WCACHE is not set

#

# IO Schedulers

#

CONFIG_IOSCHED_NOOP=y

CONFIG_IOSCHED_AS=y

CONFIG_IOSCHED_DEADLINE=y

CONFIG_IOSCHED_CFQ=y

# CONFIG_ATA_OVER_ETH is not set

#

# ATA/ATAPI/MFM/RLL support

#

CONFIG_IDE=y

CONFIG_BLK_DEV_IDE=y

#

# Please see Documentation/ide.txt for help/info on IDE drives

#

# CONFIG_BLK_DEV_IDE_SATA is not set

# CONFIG_BLK_DEV_HD_IDE is not set

CONFIG_BLK_DEV_IDEDISK=y

CONFIG_IDEDISK_MULTI_MODE=y

CONFIG_BLK_DEV_IDECD=y

# CONFIG_BLK_DEV_IDETAPE is not set

# CONFIG_BLK_DEV_IDEFLOPPY is not set

# CONFIG_BLK_DEV_IDESCSI is not set

CONFIG_IDE_TASK_IOCTL=y

#

# IDE chipset support/bugfixes

#

CONFIG_IDE_GENERIC=y

# CONFIG_BLK_DEV_CMD640 is not set

CONFIG_BLK_DEV_IDEPNP=y

CONFIG_BLK_DEV_IDEPCI=y

CONFIG_IDEPCI_SHARE_IRQ=y

# CONFIG_BLK_DEV_OFFBOARD is not set

CONFIG_BLK_DEV_GENERIC=y

# CONFIG_BLK_DEV_OPTI621 is not set

# CONFIG_BLK_DEV_RZ1000 is not set

CONFIG_BLK_DEV_IDEDMA_PCI=y

# CONFIG_BLK_DEV_IDEDMA_FORCED is not set

CONFIG_IDEDMA_PCI_AUTO=y

# CONFIG_IDEDMA_ONLYDISK is not set

# CONFIG_BLK_DEV_AEC62XX is not set

# CONFIG_BLK_DEV_ALI15X3 is not set

# CONFIG_BLK_DEV_AMD74XX is not set

# CONFIG_BLK_DEV_ATIIXP is not set

# CONFIG_BLK_DEV_CMD64X is not set

# CONFIG_BLK_DEV_TRIFLEX is not set

# CONFIG_BLK_DEV_CY82C693 is not set

# CONFIG_BLK_DEV_CS5520 is not set

# CONFIG_BLK_DEV_CS5530 is not set

# CONFIG_BLK_DEV_HPT34X is not set

# CONFIG_BLK_DEV_HPT366 is not set

# CONFIG_BLK_DEV_SC1200 is not set

CONFIG_BLK_DEV_PIIX=y

# CONFIG_BLK_DEV_NS87415 is not set

# CONFIG_BLK_DEV_PDC202XX_OLD is not set

# CONFIG_BLK_DEV_PDC202XX_NEW is not set

# CONFIG_BLK_DEV_SVWKS is not set

# CONFIG_BLK_DEV_SIIMAGE is not set

# CONFIG_BLK_DEV_SIS5513 is not set

# CONFIG_BLK_DEV_SLC90E66 is not set

# CONFIG_BLK_DEV_TRM290 is not set

# CONFIG_BLK_DEV_VIA82CXXX is not set

# CONFIG_IDE_ARM is not set

# CONFIG_IDE_CHIPSETS is not set

CONFIG_BLK_DEV_IDEDMA=y

# CONFIG_IDEDMA_IVB is not set

CONFIG_IDEDMA_AUTO=y

# CONFIG_BLK_DEV_HD is not set

#

# SCSI device support

#

CONFIG_SCSI=y

CONFIG_SCSI_PROC_FS=y

#

# SCSI support type (disk, tape, CD-ROM)

#

CONFIG_BLK_DEV_SD=y

# CONFIG_CHR_DEV_ST is not set

# CONFIG_CHR_DEV_OSST is not set

# CONFIG_BLK_DEV_SR is not set

CONFIG_CHR_DEV_SG=y

#

# Some SCSI devices (e.g. CD jukebox) support multiple LUNs

#

# CONFIG_SCSI_MULTI_LUN is not set

# CONFIG_SCSI_CONSTANTS is not set

# CONFIG_SCSI_LOGGING is not set

#

# SCSI Transport Attributes

#

# CONFIG_SCSI_SPI_ATTRS is not set

# CONFIG_SCSI_FC_ATTRS is not set

# CONFIG_SCSI_ISCSI_ATTRS is not set

#

# SCSI low-level drivers

#

# CONFIG_BLK_DEV_3W_XXXX_RAID is not set

# CONFIG_SCSI_3W_9XXX is not set

# CONFIG_SCSI_7000FASST is not set

# CONFIG_SCSI_ACARD is not set

# CONFIG_SCSI_AHA152X is not set

# CONFIG_SCSI_AHA1542 is not set

# CONFIG_SCSI_AACRAID is not set

# CONFIG_SCSI_AIC7XXX is not set

# CONFIG_SCSI_AIC7XXX_OLD is not set

# CONFIG_SCSI_AIC79XX is not set

CONFIG_SCSI_DPT_I2O=m

# CONFIG_SCSI_IN2000 is not set

# CONFIG_MEGARAID_NEWGEN is not set

# CONFIG_MEGARAID_LEGACY is not set

CONFIG_SCSI_SATA=y

# CONFIG_SCSI_SATA_AHCI is not set

# CONFIG_SCSI_SATA_SVW is not set

CONFIG_SCSI_ATA_PIIX=y

# CONFIG_SCSI_SATA_NV is not set

# CONFIG_SCSI_PATA_PDC2027X is not set

# CONFIG_SCSI_SATA_PROMISE is not set

# CONFIG_SCSI_SATA_QSTOR is not set

CONFIG_SCSI_SATA_SX4=m

# CONFIG_SCSI_SATA_SIL is not set

CONFIG_SCSI_SATA_SIS=m

# CONFIG_SCSI_SATA_ULI is not set

# CONFIG_SCSI_SATA_VIA is not set

# CONFIG_SCSI_SATA_VITESSE is not set

# CONFIG_SCSI_BUSLOGIC is not set

# CONFIG_SCSI_DMX3191D is not set

# CONFIG_SCSI_DTC3280 is not set

# CONFIG_SCSI_EATA is not set

# CONFIG_SCSI_EATA_PIO is not set

# CONFIG_SCSI_FUTURE_DOMAIN is not set

# CONFIG_SCSI_GDTH is not set

# CONFIG_SCSI_GENERIC_NCR5380 is not set

# CONFIG_SCSI_GENERIC_NCR5380_MMIO is not set

# CONFIG_SCSI_IPS is not set

# CONFIG_SCSI_INITIO is not set

# CONFIG_SCSI_INIA100 is not set

# CONFIG_SCSI_NCR53C406A is not set

# CONFIG_SCSI_NCR_D700 is not set

# CONFIG_SCSI_SYM53C8XX_2 is not set

CONFIG_SCSI_IPR=m

# CONFIG_SCSI_IPR_TRACE is not set

# CONFIG_SCSI_IPR_DUMP is not set

# CONFIG_SCSI_NCR_Q720 is not set

# CONFIG_SCSI_PAS16 is not set

# CONFIG_SCSI_PSI240I is not set

# CONFIG_SCSI_QLOGIC_FAS is not set

# CONFIG_SCSI_QLOGIC_ISP is not set

# CONFIG_SCSI_QLOGIC_FC is not set

# CONFIG_SCSI_QLOGIC_1280 is not set

CONFIG_SCSI_QLA2XXX=y

# CONFIG_SCSI_QLA21XX is not set

# CONFIG_SCSI_QLA22XX is not set

# CONFIG_SCSI_QLA2300 is not set

# CONFIG_SCSI_QLA2322 is not set

# CONFIG_SCSI_QLA6312 is not set

# CONFIG_SCSI_SIM710 is not set

# CONFIG_SCSI_SYM53C416 is not set

# CONFIG_SCSI_DC395x is not set

# CONFIG_SCSI_DC390T is not set

# CONFIG_SCSI_T128 is not set

# CONFIG_SCSI_U14_34F is not set

# CONFIG_SCSI_ULTRASTOR is not set

# CONFIG_SCSI_NSP32 is not set

# CONFIG_SCSI_DEBUG is not set

#

# Old CD-ROM drivers (not SCSI, not IDE)

#

# CONFIG_CD_NO_IDESCSI is not set

#

# Multi-device support (RAID and LVM)

#

# CONFIG_MD is not set

#

# Fusion MPT device support

#

# CONFIG_FUSION is not set

#

# IEEE 1394 (FireWire) support

#

CONFIG_IEEE1394=y

#

# Subsystem Options

#

# CONFIG_IEEE1394_VERBOSEDEBUG is not set

# CONFIG_IEEE1394_OUI_DB is not set

# CONFIG_IEEE1394_EXTRA_CONFIG_ROMS is not set

#

# Device Drivers

#

# CONFIG_IEEE1394_PCILYNX is not set

CONFIG_IEEE1394_OHCI1394=y

#

# Protocol Drivers

#

CONFIG_IEEE1394_VIDEO1394=y

CONFIG_IEEE1394_SBP2=m

CONFIG_IEEE1394_SBP2_PHYS_DMA=y

# CONFIG_IEEE1394_ETH1394 is not set

CONFIG_IEEE1394_DV1394=y

CONFIG_IEEE1394_RAWIO=y

# CONFIG_IEEE1394_CMP is not set

#

# I2O device support

#

# CONFIG_I2O is not set

#

# Networking support

#

CONFIG_NET=y

#

# Networking options

#

CONFIG_PACKET=y

# CONFIG_PACKET_MMAP is not set

CONFIG_NETLINK_DEV=y

CONFIG_UNIX=y

CONFIG_NET_KEY=y

CONFIG_INET=y

CONFIG_IP_MULTICAST=y

CONFIG_IP_ADVANCED_ROUTER=y

# CONFIG_IP_MULTIPLE_TABLES is not set

# CONFIG_IP_ROUTE_MULTIPATH is not set

# CONFIG_IP_ROUTE_VERBOSE is not set

# CONFIG_IP_PNP is not set

# CONFIG_NET_IPIP is not set

# CONFIG_NET_IPGRE is not set

# CONFIG_IP_MROUTE is not set

# CONFIG_ARPD is not set

# CONFIG_SYN_COOKIES is not set

CONFIG_INET_AH=y

CONFIG_INET_ESP=y

CONFIG_INET_IPCOMP=y

CONFIG_INET_TUNNEL=y

CONFIG_IP_TCPDIAG=y

# CONFIG_IP_TCPDIAG_IPV6 is not set

#

# IP: Virtual Server Configuration

#

# CONFIG_IP_VS is not set

# CONFIG_IPV6 is not set

CONFIG_NETFILTER=y

# CONFIG_NETFILTER_DEBUG is not set

#

# IP: Netfilter Configuration

#

CONFIG_IP_NF_CONNTRACK=y

# CONFIG_IP_NF_CT_ACCT is not set

# CONFIG_IP_NF_CONNTRACK_MARK is not set

# CONFIG_IP_NF_CT_PROTO_SCTP is not set

CONFIG_IP_NF_FTP=y

CONFIG_IP_NF_IRC=y

CONFIG_IP_NF_TFTP=y

# CONFIG_IP_NF_AMANDA is not set

CONFIG_IP_NF_QUEUE=y

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_LIMIT=y

CONFIG_IP_NF_MATCH_IPRANGE=y

CONFIG_IP_NF_MATCH_MAC=y

CONFIG_IP_NF_MATCH_PKTTYPE=y

CONFIG_IP_NF_MATCH_MARK=y

CONFIG_IP_NF_MATCH_MULTIPORT=y

CONFIG_IP_NF_MATCH_TOS=y

CONFIG_IP_NF_MATCH_RECENT=y

CONFIG_IP_NF_MATCH_ECN=y

CONFIG_IP_NF_MATCH_DSCP=y

CONFIG_IP_NF_MATCH_AH_ESP=y

CONFIG_IP_NF_MATCH_LENGTH=y

CONFIG_IP_NF_MATCH_TTL=y

CONFIG_IP_NF_MATCH_TCPMSS=y

CONFIG_IP_NF_MATCH_HELPER=y

CONFIG_IP_NF_MATCH_STATE=y

CONFIG_IP_NF_MATCH_CONNTRACK=y

CONFIG_IP_NF_MATCH_OWNER=y

# CONFIG_IP_NF_MATCH_ADDRTYPE is not set

# CONFIG_IP_NF_MATCH_REALM is not set

# CONFIG_IP_NF_MATCH_SCTP is not set

# CONFIG_IP_NF_MATCH_COMMENT is not set

# CONFIG_IP_NF_MATCH_HASHLIMIT is not set

# CONFIG_IP_NF_FILTER is not set

# CONFIG_IP_NF_TARGET_LOG is not set

CONFIG_IP_NF_TARGET_ULOG=y

CONFIG_IP_NF_TARGET_TCPMSS=y

CONFIG_IP_NF_NAT=y

CONFIG_IP_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=y

CONFIG_IP_NF_TARGET_REDIRECT=y

CONFIG_IP_NF_TARGET_NETMAP=y

CONFIG_IP_NF_TARGET_SAME=y

# CONFIG_IP_NF_NAT_SNMP_BASIC is not set

CONFIG_IP_NF_NAT_IRC=y

CONFIG_IP_NF_NAT_FTP=y

CONFIG_IP_NF_NAT_TFTP=y

CONFIG_IP_NF_MANGLE=y

# CONFIG_IP_NF_TARGET_TOS is not set

# CONFIG_IP_NF_TARGET_ECN is not set

# CONFIG_IP_NF_TARGET_DSCP is not set

# CONFIG_IP_NF_TARGET_MARK is not set

# CONFIG_IP_NF_TARGET_CLASSIFY is not set

# CONFIG_IP_NF_RAW is not set

# CONFIG_IP_NF_ARPTABLES is not set

CONFIG_XFRM=y

CONFIG_XFRM_USER=y

#

# SCTP Configuration (EXPERIMENTAL)

#

# CONFIG_IP_SCTP is not set

# CONFIG_ATM is not set

# CONFIG_BRIDGE is not set

# CONFIG_VLAN_8021Q is not set

# CONFIG_DECNET is not set

# CONFIG_LLC2 is not set

# CONFIG_IPX is not set

# CONFIG_ATALK is not set

# CONFIG_X25 is not set

# CONFIG_LAPB is not set

# CONFIG_NET_DIVERT is not set

# CONFIG_ECONET is not set

# CONFIG_WAN_ROUTER is not set

#

# QoS and/or fair queueing

#

# CONFIG_NET_SCHED is not set

# CONFIG_NET_CLS_ROUTE is not set

#

# Network testing

#

# CONFIG_NET_PKTGEN is not set

# CONFIG_NETPOLL is not set

# CONFIG_NET_POLL_CONTROLLER is not set

# CONFIG_HAMRADIO is not set

# CONFIG_IRDA is not set

CONFIG_BT=y

# CONFIG_BT_L2CAP is not set

# CONFIG_BT_SCO is not set

#

# Bluetooth device drivers

#

# CONFIG_BT_HCIUSB is not set

# CONFIG_BT_HCIUART is not set

# CONFIG_BT_HCIBCM203X is not set

# CONFIG_BT_HCIBPA10X is not set

# CONFIG_BT_HCIBFUSB is not set

# CONFIG_BT_HCIVHCI is not set

CONFIG_NETDEVICES=y

CONFIG_DUMMY=y

# CONFIG_BONDING is not set

# CONFIG_EQUALIZER is not set

# CONFIG_TUN is not set

# CONFIG_ETHERTAP is not set

# CONFIG_NET_SB1000 is not set

#

# ARCnet devices

#

# CONFIG_ARCNET is not set

#

# Ethernet (10 or 100Mbit)

#

# CONFIG_NET_ETHERNET is not set

#

# Ethernet (1000 Mbit)

#

# CONFIG_ACENIC is not set

# CONFIG_DL2K is not set

CONFIG_E1000=y

# CONFIG_E1000_NAPI is not set

# CONFIG_NS83820 is not set

# CONFIG_HAMACHI is not set

# CONFIG_YELLOWFIN is not set

# CONFIG_R8169 is not set

# CONFIG_SKGE is not set

# CONFIG_SK98LIN is not set

# CONFIG_TIGON3 is not set

#

# Ethernet (10000 Mbit)

#

# CONFIG_IXGB is not set

# CONFIG_S2IO is not set

#

# Token Ring devices

#

# CONFIG_TR is not set

#

# Wireless LAN (non-hamradio)

#

CONFIG_NET_RADIO=y

#

# Obsolete Wireless cards support (pre-802.11)

#

# CONFIG_STRIP is not set

CONFIG_ARLAN=m

# CONFIG_WAVELAN is not set

#

# Wireless 802.11b ISA/PCI cards support

#

# CONFIG_AIRO is not set

CONFIG_HERMES=m

# CONFIG_PLX_HERMES is not set

# CONFIG_TMD_HERMES is not set

# CONFIG_PCI_HERMES is not set

CONFIG_ATMEL=m

# CONFIG_PCI_ATMEL is not set

#

# Prism GT/Duette 802.11(a/b/g) PCI/Cardbus support

#

# CONFIG_PRISM54 is not set

CONFIG_NET_WIRELESS=y

#

# Wan interfaces

#

# CONFIG_WAN is not set

# CONFIG_FDDI is not set

# CONFIG_HIPPI is not set

CONFIG_PPP=y

# CONFIG_PPP_MULTILINK is not set

# CONFIG_PPP_FILTER is not set

# CONFIG_PPP_ASYNC is not set

CONFIG_PPP_SYNC_TTY=y

CONFIG_PPP_DEFLATE=y

# CONFIG_PPP_BSDCOMP is not set

# CONFIG_PPPOE is not set

# CONFIG_SLIP is not set

# CONFIG_NET_FC is not set

# CONFIG_SHAPER is not set

# CONFIG_NETCONSOLE is not set

#

# ISDN subsystem

#

# CONFIG_ISDN is not set

#

# Telephony Support

#

# CONFIG_PHONE is not set

#

# Input device support

#

CONFIG_INPUT=y

#

# Userland interfaces

#

CONFIG_INPUT_MOUSEDEV=y

CONFIG_INPUT_MOUSEDEV_PSAUX=y

CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024

CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768

# CONFIG_INPUT_JOYDEV is not set

# CONFIG_INPUT_TSDEV is not set

CONFIG_INPUT_EVDEV=y

# CONFIG_INPUT_EVBUG is not set

#

# Input I/O drivers

#

# CONFIG_GAMEPORT is not set

CONFIG_SOUND_GAMEPORT=y

CONFIG_SERIO=y

CONFIG_SERIO_I8042=y

# CONFIG_SERIO_SERPORT is not set

# CONFIG_SERIO_CT82C710 is not set

# CONFIG_SERIO_PCIPS2 is not set

CONFIG_SERIO_LIBPS2=y

# CONFIG_SERIO_RAW is not set

#

# Input Device Drivers

#

CONFIG_INPUT_KEYBOARD=y

CONFIG_KEYBOARD_ATKBD=y

# CONFIG_KEYBOARD_SUNKBD is not set

# CONFIG_KEYBOARD_LKKBD is not set

# CONFIG_KEYBOARD_XTKBD is not set

# CONFIG_KEYBOARD_NEWTON is not set

CONFIG_INPUT_MOUSE=y

CONFIG_MOUSE_PS2=y

# CONFIG_MOUSE_SERIAL is not set

# CONFIG_MOUSE_INPORT is not set

# CONFIG_MOUSE_LOGIBM is not set

# CONFIG_MOUSE_PC110PAD is not set

# CONFIG_MOUSE_VSXXXAA is not set

# CONFIG_INPUT_JOYSTICK is not set

# CONFIG_INPUT_TOUCHSCREEN is not set

# CONFIG_INPUT_MISC is not set

#

# Character devices

#

CONFIG_VT=y

CONFIG_VT_CONSOLE=y

CONFIG_HW_CONSOLE=y

# CONFIG_SERIAL_NONSTANDARD is not set

#

# Serial drivers

#

CONFIG_SERIAL_8250=y

# CONFIG_SERIAL_8250_CONSOLE is not set

# CONFIG_SERIAL_8250_ACPI is not set

CONFIG_SERIAL_8250_NR_UARTS=4

# CONFIG_SERIAL_8250_EXTENDED is not set

#

# Non-8250 serial port support

#

CONFIG_SERIAL_CORE=y

CONFIG_UNIX98_PTYS=y

CONFIG_LEGACY_PTYS=y

CONFIG_LEGACY_PTY_COUNT=256

#

# IPMI

#

# CONFIG_IPMI_HANDLER is not set

#

# Watchdog Cards

#

# CONFIG_WATCHDOG is not set

# CONFIG_HW_RANDOM is not set

# CONFIG_NVRAM is not set

# CONFIG_RTC is not set

# CONFIG_GEN_RTC is not set

# CONFIG_DTLK is not set

# CONFIG_R3964 is not set

# CONFIG_APPLICOM is not set

# CONFIG_SONYPI is not set

#

# Ftape, the floppy tape device driver

#

CONFIG_AGP=y

# CONFIG_AGP_ALI is not set

CONFIG_AGP_ATI=m

# CONFIG_AGP_AMD is not set

# CONFIG_AGP_AMD64 is not set

CONFIG_AGP_INTEL=y

CONFIG_AGP_INTEL_MCH=m

# CONFIG_AGP_NVIDIA is not set

# CONFIG_AGP_SIS is not set

# CONFIG_AGP_SWORKS is not set

# CONFIG_AGP_VIA is not set

# CONFIG_AGP_EFFICEON is not set

CONFIG_DRM=y

# CONFIG_DRM_TDFX is not set

# CONFIG_DRM_R128 is not set

# CONFIG_DRM_RADEON is not set

# CONFIG_DRM_I810 is not set

# CONFIG_DRM_I830 is not set

# CONFIG_DRM_I915 is not set

# CONFIG_DRM_MGA is not set

# CONFIG_DRM_SIS is not set

# CONFIG_MWAVE is not set

# CONFIG_RAW_DRIVER is not set

# CONFIG_HPET is not set

# CONFIG_HANGCHECK_TIMER is not set

#

# I2C support

#

CONFIG_I2C=y

CONFIG_I2C_CHARDEV=y

#

# I2C Algorithms

#

CONFIG_I2C_ALGOBIT=y

# CONFIG_I2C_ALGOPCF is not set

# CONFIG_I2C_ALGOPCA is not set

#

# I2C Hardware Bus support

#

# CONFIG_I2C_ALI1535 is not set

# CONFIG_I2C_ALI1563 is not set

# CONFIG_I2C_ALI15X3 is not set

# CONFIG_I2C_AMD756 is not set

# CONFIG_I2C_AMD8111 is not set

# CONFIG_I2C_I801 is not set

CONFIG_I2C_I810=y

# CONFIG_I2C_ISA is not set

# CONFIG_I2C_NFORCE2 is not set

# CONFIG_I2C_PARPORT_LIGHT is not set

# CONFIG_I2C_PIIX4 is not set

# CONFIG_I2C_PROSAVAGE is not set

# CONFIG_I2C_SAVAGE4 is not set

# CONFIG_SCx200_ACB is not set

# CONFIG_I2C_SIS5595 is not set

# CONFIG_I2C_SIS630 is not set

# CONFIG_I2C_SIS96X is not set

# CONFIG_I2C_STUB is not set

# CONFIG_I2C_VIA is not set

# CONFIG_I2C_VIAPRO is not set

# CONFIG_I2C_VOODOO3 is not set

# CONFIG_I2C_PCA_ISA is not set

#

# Hardware Sensors Chip support

#

# CONFIG_I2C_SENSOR is not set

# CONFIG_SENSORS_ADM1021 is not set

# CONFIG_SENSORS_ADM1025 is not set

# CONFIG_SENSORS_ADM1026 is not set

# CONFIG_SENSORS_ADM1031 is not set

# CONFIG_SENSORS_ASB100 is not set

# CONFIG_SENSORS_DS1621 is not set

# CONFIG_SENSORS_FSCHER is not set

# CONFIG_SENSORS_GL518SM is not set

# CONFIG_SENSORS_IT87 is not set

# CONFIG_SENSORS_LM63 is not set

# CONFIG_SENSORS_LM75 is not set

# CONFIG_SENSORS_LM77 is not set

# CONFIG_SENSORS_LM78 is not set

# CONFIG_SENSORS_LM80 is not set

# CONFIG_SENSORS_LM83 is not set

# CONFIG_SENSORS_LM85 is not set

# CONFIG_SENSORS_LM87 is not set

# CONFIG_SENSORS_LM90 is not set

# CONFIG_SENSORS_MAX1619 is not set

# CONFIG_SENSORS_PC87360 is not set

# CONFIG_SENSORS_SMSC47B397 is not set

# CONFIG_SENSORS_SMSC47M1 is not set

# CONFIG_SENSORS_VIA686A is not set

# CONFIG_SENSORS_W83781D is not set

# CONFIG_SENSORS_W83L785TS is not set

# CONFIG_SENSORS_W83627HF is not set

#

# Other I2C Chip support

#

# CONFIG_SENSORS_EEPROM is not set

# CONFIG_SENSORS_PCF8574 is not set

# CONFIG_SENSORS_PCF8591 is not set

# CONFIG_SENSORS_RTC8564 is not set

# CONFIG_I2C_DEBUG_CORE is not set

# CONFIG_I2C_DEBUG_ALGO is not set

# CONFIG_I2C_DEBUG_BUS is not set

# CONFIG_I2C_DEBUG_CHIP is not set

#

# Dallas's 1-wire bus

#

# CONFIG_W1 is not set

#

# Misc devices

#

# CONFIG_IBM_ASM is not set

#

# Multimedia devices

#

# CONFIG_VIDEO_DEV is not set

#

# Digital Video Broadcasting Devices

#

# CONFIG_DVB is not set

#

# Graphics support

#

CONFIG_FB=y

CONFIG_FB_MODE_HELPERS=y

# CONFIG_FB_TILEBLITTING is not set

# CONFIG_FB_CIRRUS is not set

# CONFIG_FB_PM2 is not set

# CONFIG_FB_CYBER2000 is not set

# CONFIG_FB_ASILIANT is not set

# CONFIG_FB_IMSTT is not set

# CONFIG_FB_VGA16 is not set

# CONFIG_FB_VESA is not set

# CONFIG_VIDEO_SELECT is not set

# CONFIG_FB_HGA is not set

# CONFIG_FB_RIVA is not set

# CONFIG_FB_I810 is not set

# CONFIG_FB_INTEL is not set

# CONFIG_FB_MATROX is not set

# CONFIG_FB_RADEON_OLD is not set

CONFIG_FB_RADEON=y

# CONFIG_FB_RADEON_I2C is not set

# CONFIG_FB_RADEON_DEBUG is not set

# CONFIG_FB_ATY128 is not set

# CONFIG_FB_ATY is not set

# CONFIG_FB_SAVAGE is not set

# CONFIG_FB_SIS is not set

# CONFIG_FB_NEOMAGIC is not set

# CONFIG_FB_KYRO is not set

# CONFIG_FB_3DFX is not set

# CONFIG_FB_VOODOO1 is not set

# CONFIG_FB_TRIDENT is not set

# CONFIG_FB_VIRTUAL is not set

#

# Console display driver support

#

CONFIG_VGA_CONSOLE=y

# CONFIG_MDA_CONSOLE is not set

CONFIG_DUMMY_CONSOLE=y

CONFIG_FRAMEBUFFER_CONSOLE=y

# CONFIG_FONTS is not set

CONFIG_FONT_8x8=y

CONFIG_FONT_8x16=y

#

# Logo configuration

#

CONFIG_LOGO=y

# CONFIG_LOGO_LINUX_MONO is not set

# CONFIG_LOGO_LINUX_VGA16 is not set

CONFIG_LOGO_LINUX_CLUT224=y

# CONFIG_BACKLIGHT_LCD_SUPPORT is not set

CONFIG_FB_SPLASH=y

#

# Speakup console speech

#

# CONFIG_SPEAKUP is not set

CONFIG_SPEAKUP_DEFAULT="none"

#

# Sound

#

CONFIG_SOUND=y

#

# Advanced Linux Sound Architecture

#

CONFIG_SND=y

CONFIG_SND_TIMER=y

CONFIG_SND_PCM=y

CONFIG_SND_SEQUENCER=y

# CONFIG_SND_SEQ_DUMMY is not set

CONFIG_SND_OSSEMUL=y

CONFIG_SND_MIXER_OSS=y

CONFIG_SND_PCM_OSS=y

CONFIG_SND_SEQUENCER_OSS=y

# CONFIG_SND_VERBOSE_PRINTK is not set

# CONFIG_SND_DEBUG is not set

#

# Generic devices

#

# CONFIG_SND_DUMMY is not set

# CONFIG_SND_VIRMIDI is not set

# CONFIG_SND_MTPAV is not set

# CONFIG_SND_SERIAL_U16550 is not set

# CONFIG_SND_MPU401 is not set

#

# ISA devices

#

# CONFIG_SND_AD1848 is not set

# CONFIG_SND_CS4231 is not set

# CONFIG_SND_CS4232 is not set

# CONFIG_SND_CS4236 is not set

# CONFIG_SND_ES1688 is not set

# CONFIG_SND_ES18XX is not set

# CONFIG_SND_GUSCLASSIC is not set

# CONFIG_SND_GUSEXTREME is not set

# CONFIG_SND_GUSMAX is not set

# CONFIG_SND_INTERWAVE is not set

# CONFIG_SND_INTERWAVE_STB is not set

# CONFIG_SND_OPTI92X_AD1848 is not set

# CONFIG_SND_OPTI92X_CS4231 is not set

# CONFIG_SND_OPTI93X is not set

# CONFIG_SND_SB8 is not set

# CONFIG_SND_SB16 is not set

# CONFIG_SND_SBAWE is not set

# CONFIG_SND_WAVEFRONT is not set

# CONFIG_SND_CMI8330 is not set

# CONFIG_SND_OPL3SA2 is not set

# CONFIG_SND_SGALAXY is not set

# CONFIG_SND_SSCAPE is not set

#

# PCI devices

#

CONFIG_SND_AC97_CODEC=y

# CONFIG_SND_ALI5451 is not set

# CONFIG_SND_ATIIXP is not set

# CONFIG_SND_ATIIXP_MODEM is not set

# CONFIG_SND_AU8810 is not set

# CONFIG_SND_AU8820 is not set

# CONFIG_SND_AU8830 is not set

# CONFIG_SND_AZT3328 is not set

# CONFIG_SND_BT87X is not set

# CONFIG_SND_CS46XX is not set

# CONFIG_SND_CS4281 is not set

# CONFIG_SND_EMU10K1 is not set

# CONFIG_SND_EMU10K1X is not set

# CONFIG_SND_CA0106 is not set

# CONFIG_SND_KORG1212 is not set

# CONFIG_SND_MIXART is not set

# CONFIG_SND_NM256 is not set

# CONFIG_SND_RME32 is not set

# CONFIG_SND_RME96 is not set

# CONFIG_SND_RME9652 is not set

# CONFIG_SND_HDSP is not set

# CONFIG_SND_TRIDENT is not set

# CONFIG_SND_YMFPCI is not set

# CONFIG_SND_ALS4000 is not set

# CONFIG_SND_CMIPCI is not set

# CONFIG_SND_ENS1370 is not set

# CONFIG_SND_ENS1371 is not set

# CONFIG_SND_ES1938 is not set

# CONFIG_SND_ES1968 is not set

# CONFIG_SND_MAESTRO3 is not set

# CONFIG_SND_FM801 is not set

# CONFIG_SND_ICE1712 is not set

# CONFIG_SND_ICE1724 is not set

CONFIG_SND_INTEL8X0=y

# CONFIG_SND_INTEL8X0M is not set

# CONFIG_SND_SONICVIBES is not set

# CONFIG_SND_VIA82XX is not set

# CONFIG_SND_VIA82XX_MODEM is not set

# CONFIG_SND_VX222 is not set

#

# USB devices

#

# CONFIG_SND_USB_AUDIO is not set

# CONFIG_SND_USB_USX2Y is not set

#

# Open Sound System

#

# CONFIG_SOUND_PRIME is not set

#

# USB support

#

CONFIG_USB=y

# CONFIG_USB_DEBUG is not set

#

# Miscellaneous USB options

#

CONFIG_USB_DEVICEFS=y

# CONFIG_USB_BANDWIDTH is not set

# CONFIG_USB_DYNAMIC_MINORS is not set

# CONFIG_USB_SUSPEND is not set

# CONFIG_USB_OTG is not set

CONFIG_USB_ARCH_HAS_HCD=y

CONFIG_USB_ARCH_HAS_OHCI=y

#

# USB Host Controller Drivers

#

CONFIG_USB_EHCI_HCD=y

CONFIG_USB_EHCI_SPLIT_ISO=y

CONFIG_USB_EHCI_ROOT_HUB_TT=y

# CONFIG_USB_OHCI_HCD is not set

CONFIG_USB_UHCI_HCD=y

CONFIG_USB_SL811_HCD=m

#

# USB Device Class drivers

#

# CONFIG_USB_AUDIO is not set

#

# USB Bluetooth TTY can only be used with disabled Bluetooth subsystem

#

# CONFIG_USB_MIDI is not set

# CONFIG_USB_ACM is not set

CONFIG_USB_PRINTER=y

#

# NOTE: USB_STORAGE enables SCSI, and 'SCSI disk support' may also be needed; see USB_STORAGE Help for more information

#

CONFIG_USB_STORAGE=y

# CONFIG_USB_STORAGE_DEBUG is not set

CONFIG_USB_STORAGE_RW_DETECT=y

# CONFIG_USB_STORAGE_DATAFAB is not set

# CONFIG_USB_STORAGE_FREECOM is not set

# CONFIG_USB_STORAGE_ISD200 is not set

# CONFIG_USB_STORAGE_DPCM is not set

# CONFIG_USB_STORAGE_HP8200e is not set

# CONFIG_USB_STORAGE_SDDR09 is not set

# CONFIG_USB_STORAGE_SDDR55 is not set

# CONFIG_USB_STORAGE_JUMPSHOT is not set

#

# USB Input Devices

#

CONFIG_USB_HID=y

CONFIG_USB_HIDINPUT=y

# CONFIG_HID_FF is not set

# CONFIG_USB_HIDDEV is not set

# CONFIG_USB_AIPTEK is not set

# CONFIG_USB_WACOM is not set

# CONFIG_USB_KBTAB is not set

# CONFIG_USB_POWERMATE is not set

# CONFIG_USB_MTOUCH is not set

# CONFIG_USB_EGALAX is not set

# CONFIG_USB_XPAD is not set

# CONFIG_USB_ATI_REMOTE is not set

#

# USB Imaging devices

#

# CONFIG_USB_MDC800 is not set

# CONFIG_USB_MICROTEK is not set

#

# USB Multimedia devices

#

# CONFIG_USB_DABUSB is not set

#

# Video4Linux support is needed for USB Multimedia device support

#

#

# USB Network Adapters

#

# CONFIG_USB_CATC is not set

# CONFIG_USB_KAWETH is not set

# CONFIG_USB_PEGASUS is not set

# CONFIG_USB_RTL8150 is not set

# CONFIG_USB_USBNET is not set

#

# USB port drivers

#

#

# USB Serial Converter support

#

# CONFIG_USB_SERIAL is not set

#

# USB Miscellaneous drivers

#

# CONFIG_USB_EMI62 is not set

# CONFIG_USB_EMI26 is not set

# CONFIG_USB_AUERSWALD is not set

# CONFIG_USB_RIO500 is not set

# CONFIG_USB_LEGOTOWER is not set

# CONFIG_USB_LCD is not set

# CONFIG_USB_LED is not set

# CONFIG_USB_CYTHERM is not set

# CONFIG_USB_PHIDGETKIT is not set

# CONFIG_USB_PHIDGETSERVO is not set

# CONFIG_USB_IDMOUSE is not set

# CONFIG_USB_TEST is not set

#

# USB ATM/DSL drivers

#

#

# USB Gadget Support

#

# CONFIG_USB_GADGET is not set

#

# MMC/SD Card support

#

# CONFIG_MMC is not set

#

# InfiniBand support

#

# CONFIG_INFINIBAND is not set

#

# File systems

#

CONFIG_EXT2_FS=y

CONFIG_EXT2_FS_XATTR=y

# CONFIG_EXT2_FS_POSIX_ACL is not set

# CONFIG_EXT2_FS_SECURITY is not set

CONFIG_EXT3_FS=y

CONFIG_EXT3_FS_XATTR=y

# CONFIG_EXT3_FS_POSIX_ACL is not set

# CONFIG_EXT3_FS_SECURITY is not set

CONFIG_JBD=y

# CONFIG_JBD_DEBUG is not set

CONFIG_FS_MBCACHE=y

# CONFIG_REISERFS_FS is not set

# CONFIG_JFS_FS is not set

#

# XFS support

#

# CONFIG_XFS_FS is not set

# CONFIG_MINIX_FS is not set

# CONFIG_ROMFS_FS is not set

# CONFIG_INOTIFY is not set

# CONFIG_QUOTA is not set

CONFIG_DNOTIFY=y

# CONFIG_AUTOFS_FS is not set

# CONFIG_AUTOFS4_FS is not set

#

# CD-ROM/DVD Filesystems

#

CONFIG_ISO9660_FS=y

CONFIG_JOLIET=y

CONFIG_ZISOFS=y

CONFIG_ZISOFS_FS=y

CONFIG_UDF_FS=y

CONFIG_UDF_NLS=y

#

# DOS/FAT/NT Filesystems

#

CONFIG_FAT_FS=y

CONFIG_MSDOS_FS=y

CONFIG_VFAT_FS=y

CONFIG_FAT_DEFAULT_CODEPAGE=437

CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"

CONFIG_NTFS_FS=y

# CONFIG_NTFS_DEBUG is not set

# CONFIG_NTFS_RW is not set

#

# Pseudo filesystems

#

CONFIG_PROC_FS=y

CONFIG_PROC_KCORE=y

CONFIG_SYSFS=y

CONFIG_DEVFS_FS=y

# CONFIG_DEVFS_MOUNT is not set

# CONFIG_DEVFS_DEBUG is not set

CONFIG_DEVPTS_FS_XATTR=y

# CONFIG_DEVPTS_FS_SECURITY is not set

CONFIG_TMPFS=y

CONFIG_TMPFS_XATTR=y

# CONFIG_TMPFS_SECURITY is not set

# CONFIG_HUGETLBFS is not set

# CONFIG_HUGETLB_PAGE is not set

CONFIG_RAMFS=y

#

# Miscellaneous filesystems

#

# CONFIG_ADFS_FS is not set

# CONFIG_AFFS_FS is not set

# CONFIG_HFS_FS is not set

# CONFIG_HFSPLUS_FS is not set

# CONFIG_BEFS_FS is not set

# CONFIG_BFS_FS is not set

# CONFIG_EFS_FS is not set

# CONFIG_JFFS_FS is not set

# CONFIG_JFFS2_FS is not set

# CONFIG_CRAMFS is not set

# CONFIG_SQUASHFS is not set

# CONFIG_VXFS_FS is not set

# CONFIG_HPFS_FS is not set

# CONFIG_QNX4FS_FS is not set

# CONFIG_SYSV_FS is not set

# CONFIG_UFS_FS is not set

#

# Network File Systems

#

# CONFIG_NFS_FS is not set

# CONFIG_NFSD is not set

# CONFIG_SMB_FS is not set

# CONFIG_CIFS is not set

# CONFIG_NCP_FS is not set

# CONFIG_CODA_FS is not set

# CONFIG_AFS_FS is not set

#

# Partition Types

#

# CONFIG_PARTITION_ADVANCED is not set

CONFIG_MSDOS_PARTITION=y

#

# Native Language Support

#

CONFIG_NLS=y

CONFIG_NLS_DEFAULT="iso8859-1"

CONFIG_NLS_CODEPAGE_437=y

# CONFIG_NLS_CODEPAGE_737 is not set

# CONFIG_NLS_CODEPAGE_775 is not set

# CONFIG_NLS_CODEPAGE_850 is not set

# CONFIG_NLS_CODEPAGE_852 is not set

# CONFIG_NLS_CODEPAGE_855 is not set

# CONFIG_NLS_CODEPAGE_857 is not set

# CONFIG_NLS_CODEPAGE_860 is not set

# CONFIG_NLS_CODEPAGE_861 is not set

CONFIG_NLS_CODEPAGE_862=y

# CONFIG_NLS_CODEPAGE_863 is not set

# CONFIG_NLS_CODEPAGE_864 is not set

CONFIG_NLS_CODEPAGE_865=y

# CONFIG_NLS_CODEPAGE_866 is not set

# CONFIG_NLS_CODEPAGE_869 is not set

# CONFIG_NLS_CODEPAGE_936 is not set

# CONFIG_NLS_CODEPAGE_950 is not set

# CONFIG_NLS_CODEPAGE_932 is not set

# CONFIG_NLS_CODEPAGE_949 is not set

# CONFIG_NLS_CODEPAGE_874 is not set

CONFIG_NLS_ISO8859_8=y

# CONFIG_NLS_CODEPAGE_1250 is not set

# CONFIG_NLS_CODEPAGE_1251 is not set

# CONFIG_NLS_ASCII is not set

CONFIG_NLS_ISO8859_1=y

# CONFIG_NLS_ISO8859_2 is not set

# CONFIG_NLS_ISO8859_3 is not set

# CONFIG_NLS_ISO8859_4 is not set

# CONFIG_NLS_ISO8859_5 is not set

# CONFIG_NLS_ISO8859_6 is not set

# CONFIG_NLS_ISO8859_7 is not set

# CONFIG_NLS_ISO8859_9 is not set

# CONFIG_NLS_ISO8859_13 is not set

# CONFIG_NLS_ISO8859_14 is not set

# CONFIG_NLS_ISO8859_15 is not set

# CONFIG_NLS_KOI8_R is not set

# CONFIG_NLS_KOI8_U is not set

# CONFIG_NLS_UTF8 is not set

#

# Profiling support

#

# CONFIG_PROFILING is not set

#

# Kernel hacking

#

# CONFIG_DEBUG_KERNEL is not set

# CONFIG_DEBUG_PREEMPT is not set

CONFIG_DEBUG_BUGVERBOSE=y

# CONFIG_FRAME_POINTER is not set

CONFIG_EARLY_PRINTK=y

CONFIG_4KSTACKS=y

CONFIG_X86_FIND_SMP_CONFIG=y

CONFIG_X86_MPPARSE=y

#

# Security options

#

# CONFIG_KEYS is not set

# CONFIG_SECURITY is not set

#

# Cryptographic options

#

CONFIG_CRYPTO=y

CONFIG_CRYPTO_HMAC=y

# CONFIG_CRYPTO_NULL is not set

# CONFIG_CRYPTO_MD4 is not set

CONFIG_CRYPTO_MD5=y

CONFIG_CRYPTO_SHA1=y

# CONFIG_CRYPTO_SHA256 is not set

# CONFIG_CRYPTO_SHA512 is not set

# CONFIG_CRYPTO_WP512 is not set

CONFIG_CRYPTO_DES=y

# CONFIG_CRYPTO_BLOWFISH is not set

# CONFIG_CRYPTO_TWOFISH is not set

# CONFIG_CRYPTO_SERPENT is not set

# CONFIG_CRYPTO_AES_586 is not set

# CONFIG_CRYPTO_CAST5 is not set

# CONFIG_CRYPTO_CAST6 is not set

# CONFIG_CRYPTO_TEA is not set

# CONFIG_CRYPTO_ARC4 is not set

# CONFIG_CRYPTO_KHAZAD is not set

# CONFIG_CRYPTO_ANUBIS is not set

CONFIG_CRYPTO_DEFLATE=y

# CONFIG_CRYPTO_MICHAEL_MIC is not set

# CONFIG_CRYPTO_CRC32C is not set

# CONFIG_CRYPTO_TEST is not set

#

# Hardware crypto devices

#

# CONFIG_CRYPTO_DEV_PADLOCK is not set

#

# Library routines

#

# CONFIG_CRC_CCITT is not set

CONFIG_CRC32=y

# CONFIG_LIBCRC32C is not set

CONFIG_ZLIB_INFLATE=y

CONFIG_ZLIB_DEFLATE=y

CONFIG_GENERIC_HARDIRQS=y

CONFIG_GENERIC_IRQ_PROBE=y

CONFIG_X86_SMP=y

CONFIG_X86_HT=y

CONFIG_X86_BIOS_REBOOT=y

CONFIG_X86_TRAMPOLINE=y

CONFIG_PC=y

```

so It is long and you can take a look if your have patience (probably in the network section). I will check if it is a kernel problem, by going back to my backup 2.6.10 which I used for a few months, and never had this kind of problem.

Nadi

----------

## nadi

bad news (or not) 

The problem still exists using the kernel 2.6.10, which means it is something I did in the last week that changed the cofiguration or files. Or it can be something someone else did (I don't think so though). I updated mozilla, I emerged again mozilla-thunderbird. I remerged opera but after I noticed the problem (I thought it is opera which makes the problem. a good probel, opera. What was I thinking!? ).

is there any other way of tracking the problem?

Nadi

----------

## nadi

Hei,

I think I solved the problem. I went back to kernel 2.6.11 and changed the config from the given above (see the replies above) to the next one: this is the DIFF, different between the two .config, so you can see what I changed. 

```

linux # diff .config .config.old                                                                  

4c4

< # Thu Mar 31 14:42:07 2005

---

> # Wed Mar 30 11:06:12 2005

637a638,642

> 

> #

> # IP: Virtual Server Configuration

> #

> # CONFIG_IP_VS is not set

639c644,704

< # CONFIG_NETFILTER is not set

---

> CONFIG_NETFILTER=y

> # CONFIG_NETFILTER_DEBUG is not set

> 

> #

> # IP: Netfilter Configuration

> #

> CONFIG_IP_NF_CONNTRACK=y

> # CONFIG_IP_NF_CT_ACCT is not set

> # CONFIG_IP_NF_CONNTRACK_MARK is not set

> # CONFIG_IP_NF_CT_PROTO_SCTP is not set

> CONFIG_IP_NF_FTP=y

> CONFIG_IP_NF_IRC=y

> CONFIG_IP_NF_TFTP=y

> # CONFIG_IP_NF_AMANDA is not set

> CONFIG_IP_NF_QUEUE=y

> CONFIG_IP_NF_IPTABLES=y

> CONFIG_IP_NF_MATCH_LIMIT=y

> CONFIG_IP_NF_MATCH_IPRANGE=y

> CONFIG_IP_NF_MATCH_MAC=y

> CONFIG_IP_NF_MATCH_PKTTYPE=y

> CONFIG_IP_NF_MATCH_MARK=y

> CONFIG_IP_NF_MATCH_MULTIPORT=y

> CONFIG_IP_NF_MATCH_TOS=y

> CONFIG_IP_NF_MATCH_RECENT=y

> CONFIG_IP_NF_MATCH_ECN=y

> CONFIG_IP_NF_MATCH_DSCP=y

> CONFIG_IP_NF_MATCH_AH_ESP=y

> CONFIG_IP_NF_MATCH_LENGTH=y

> CONFIG_IP_NF_MATCH_TTL=y

> CONFIG_IP_NF_MATCH_TCPMSS=y

> CONFIG_IP_NF_MATCH_HELPER=y

> CONFIG_IP_NF_MATCH_STATE=y

> CONFIG_IP_NF_MATCH_CONNTRACK=y

> CONFIG_IP_NF_MATCH_OWNER=y

> # CONFIG_IP_NF_MATCH_ADDRTYPE is not set

> # CONFIG_IP_NF_MATCH_REALM is not set

> # CONFIG_IP_NF_MATCH_SCTP is not set

> # CONFIG_IP_NF_MATCH_COMMENT is not set

> # CONFIG_IP_NF_MATCH_HASHLIMIT is not set

> # CONFIG_IP_NF_FILTER is not set

> # CONFIG_IP_NF_TARGET_LOG is not set

> CONFIG_IP_NF_TARGET_ULOG=y

> CONFIG_IP_NF_TARGET_TCPMSS=y

> CONFIG_IP_NF_NAT=y

> CONFIG_IP_NF_NAT_NEEDED=y

> CONFIG_IP_NF_TARGET_MASQUERADE=y

> CONFIG_IP_NF_TARGET_REDIRECT=y

> CONFIG_IP_NF_TARGET_NETMAP=y

> CONFIG_IP_NF_TARGET_SAME=y

> # CONFIG_IP_NF_NAT_SNMP_BASIC is not set

> CONFIG_IP_NF_NAT_IRC=y

> CONFIG_IP_NF_NAT_FTP=y

> CONFIG_IP_NF_NAT_TFTP=y

> CONFIG_IP_NF_MANGLE=y

> # CONFIG_IP_NF_TARGET_TOS is not set

> # CONFIG_IP_NF_TARGET_ECN is not set

> # CONFIG_IP_NF_TARGET_DSCP is not set

> # CONFIG_IP_NF_TARGET_MARK is not set

> # CONFIG_IP_NF_TARGET_CLASSIFY is not set

> # CONFIG_IP_NF_RAW is not set

> # CONFIG_IP_NF_ARPTABLES is not set

688c753

< # CONFIG_DUMMY is not set

---

> CONFIG_DUMMY=y

711c776

< CONFIG_E1000_NAPI=y

---

> # CONFIG_E1000_NAPI is not set

770,771c835,836

< # CONFIG_PPP_SYNC_TTY is not set

< # CONFIG_PPP_DEFLATE is not set

---

> CONFIG_PPP_SYNC_TTY=y

> CONFIG_PPP_DEFLATE=y

850c915,919

< # CONFIG_SERIAL_8250 is not set

---

> CONFIG_SERIAL_8250=y

> # CONFIG_SERIAL_8250_CONSOLE is not set

> # CONFIG_SERIAL_8250_ACPI is not set

> CONFIG_SERIAL_8250_NR_UARTS=4

> # CONFIG_SERIAL_8250_EXTENDED is not set

854a924

> CONFIG_SERIAL_CORE=y

```

SO: I believe it is not the seriel. I never use hte seriel line, so I figured out best just removing it. possibly:

1. # CONFIG_NETFILTER

2. net dummy -< # CONFIG_DUMMY is not set

---

> CONFIG_DUMMY=y

3. CONFIG_E1000_NAPI=y  which is special for intel PRO/1000. Since ixion has PRO/100 so it might be somthing else. 

Maybe it is th enet filter. Can you check it ixion? if you solve the problem, please change the title to SOLVED. 

Already 45 minutes and network is still working smoothly.

Not so bad for a n00b !  :Smile: 

----------

## ixion

wow nice work!!  :Smile: 

I can't live without netfilter, but have disabled the dummy driver and rebooted to the new kernel. So far no lockups, but it never did tend to lockup after a fresh reboot. I will post back later today or tomorrow for more concrete evidence.. I hope it's not the netfilter part of the kernel, but I have a sickening feeling it is.. in that case, don't know what I'll do, heh..  :Wink: 

cheers for your hard work!! you rock!  :Smile: 

*** EDIT: Just had an HTTPS session drop.. must be netfilter causing this.. but I can't disable my firewalls, those are essential.. maybe I should go with a different kernel than hardened-dev-sources?

*** EDIT2: I have not, however, changed the firewall's kernel. I will do the same as I've done with the web servers' kernels on the firewall and see what happens

*** EDIT3: Why is this happening only across the internet, though? If iptables is messed up, then it should happen locally, correct? This problem has never exhibited itself locally on the LAN. Could it be possible the firewall eth0 is going bad?

----------

## nadi

Can someone explain to me what is so important with hte net filter, and if it is very important, how can we fix it? 

Nadi

----------

## ixion

isn't netfilter required for iptables?

iptables is extremely crucial for internet accessible machines.. it's Linux's firewall.  :Smile: 

----------

## nadi

ok, so iptables is important. Just need to find the problem / bug. I don't know where to begin even! (well, kernel, net filter, and start smart tweaking  until problem is solved. Or not.)

does anyone in this frum knows? we should change the title to problem with net filter or iptables.

EDIT: I would expect that many people will have this problem then. No one cares then ?

EDIT2: Oh man, I just became Tux's lil' helper !!  :Laughing:   I will try to do my best...

----------

## ixion

you have done a lot already, mate.. you have determined the problem is likely due to the kernel. I wonder why all of a sudden. Maybe it's one particular option under netfilter. I unfortunately do not have a chance to play with this right now, but hopefully will be able to try to pick out an option under netfilter that might be the culprit. This possibly could not be the entire netfilter option, but one of the sub-options underneath it (for example, I have trouble with realm support, so I don't enable that). I will look into this further and let you know!  :Smile: 

EDIT: Found a couple interesting ones:

```

[*] Connection tracking flow accounting

[*] Connection mark tracking support

[*] SCTP protocol connection tracking support (EXPERIMENTAL)

```

There's loads more in there that I've enabled but don't use.. going to try to run a trimmed down config and see if that helps.. will post back my findings!  :Smile: 

----------

## nadi

So I just enabled netfilter, and marked ALL the options as modules. What I was hoping to do is to load some of them, group at a time (or load all of them but one or two). This way I can debug my way through the modules, until I find the trouble maker. 

My question is: is it going to work as a module just like as build in the kernel? then I can load, unload without rebooting each time, compiling again etc. I can do a month's work in a day.

----------

## ixion

yeah, I think you can do what you want:

```

modprobe ip_conntrack.o (or whatever)

modprobe -r ip_conntrack.o (or whatever)

```

(please forgive my lack of experience with modprobe, I don't know if the '.o' is needed or not)

----------

## nadi

new stuff:

I run today my linux in two enviroments:

1. in the laboratory, with firewall, without the netfilter.

2. At home, regular ASDL network, without firewall.

results:

I got the same problems using the network at the lab, again the irritating lags, but somewhat better than yesterday with all hte netfilter. At home, without the netfilter was smooth and fast network connection, no lags or anything, With hte netfilter: Again the crapy connection, net is dropping randomally etc.

I know somehting is wrong with the netfilter then, because it is preventing me working at home, without the firewall.

What to do? How can I fix the problem at the lab? btw the windows machines connected to the network at lab do not have this problem. But hey, WHO WANTS TO USE WINDOWZ?

----------

## ixion

I think I'm a bit confused here, though.. isn't netfilter needed for iptables to work? If you are able to use iptables without netfilter, then I wonder what netfilter's use is.. 

Did you try disabling unneeded iptables options? I've done that, but don't have a remote network to test from until Monday. I will post back any findings, though.

Thank you very much for your help!  :Smile:  Keep up the good work!  :Smile: 

----------

## ixion

well appears running a bare-bones configuration in the kernel for netfilter/iptables does not solve it. It to me appears to be a general netfilter problem. How is your troubleshooting going, nadi?

----------

## nadi

well, Network has been working flawless for couple of days now. I am starting debugging as soon as possible. I need first to learn about netfilter, iptables, function etc. I configured everything in netfilter as modules. it is just to unload some and load others, until I find the bug / problem. 

Will keep you informed. 

Nadi

----------

## nadi

After enabling the netfilter in the kernel 

```

[*] Network packet filtering (replaces ipchains)  --->        

       --- Network packet filtering (replaces ipchains)                             

                           [*]   Network packet filtering debugging                                       

                                 IP: Netfilter Configuration  --->

 <M> Connection tracking (required for masq/NAT)                                       x x  

  x x                       [*]   Connection tracking flow accounting                                             x x  

  x x                       [*] Connection mark tracking support                                                  x x  

  x x                       <M> SCTP protocol connection tracking support (EXPERIMENTAL)                          x x  

  x x                       <M> FTP protocol support                                                              x x  

  x x                       <M> IRC protocol support                                                              x x  

  x x                       <M> TFTP protocol support                                                             x x  

  x x                       <M> Amanda backup protocol support                                                    x x  

  x x                       <M> Userspace queueing via NETLINK                                                    x x  

  x x                       <M> IP tables support (required for filtering/masq/NAT)                               x x  

  x x                       <M>   limit match support                                                             x x  

  x x                       <M>   IP range match support                                                          x x  

  x x                       <M>   MAC address match support                                                       x x  

  x x                       <M>   Packet type match support                                                       x x  

  x x                       <M>   netfilter MARK match support                                                    x x  

  x x                       <M>   Multiple port match support                                                     x x  

  x x                       <M>   TOS match support                                                               x x  

  x x                       <M>   recent match support                                                            x x  

  x x                       <M>   ECN match support                                                               x x  

  x x                       <M>   DSCP match support                                                              x x  

  x x                       <M>   AH/ESP match support                                                            x x  

  x x                       <M>   LENGTH match support                                                            x x  

  x x                       <M>   TTL match support                                                               x x  

  x x                       <M>   tcpmss match support                                                            x x  

  x x                       <M>   Helper match support                                                            x x  

  x x                       <M>   Connection state match support                                                  x x  

  x x                       <M>   Connection tracking match support                                               x x  

  x x                       <M>   Owner match support                                                             x x  

  x x                       <M>   address type match support                                                      x x  

  x x                       <M>   realm match support                                                             x x  

  x x                       <M>   SCTP protocol match support                                                     x x  

  x x                       <M>   comment match support                                                           x x  

  x x                       <M>   Connection mark match support                                                   x x  

  x x                       <M>   hashlimit match support                                                         x x  

  x x                       <M>   Packet filtering                                                                x x  

  x x                       <M>     REJECT target support     

<M>   LOG target support                                                              x x  

  x x                       <M>   ULOG target support                                                             x x  

  x x                       <M>   TCPMSS target support                                                           x x  

  x x                       <M>   Full NAT                                                                        x x  

  x x                       <M>     MASQUERADE target support                                                     x x  

  x x                       <M>     REDIRECT target support                                                       x x  

  x x                       <M>     NETMAP target support                                                         x x  

  x x                       <M>     SAME target support                                                           x x  

  x x                       <M>     Basic SNMP-ALG support (EXPERIMENTAL)                                         x x  

  x x                       <M>   Packet mangling                                                                 x x  

  x x                       <M>     TOS target support                                                            x x  

  x x                       <M>     ECN target support                                                            x x  

  x x                       <M>     DSCP target support                                                           x x  

  x x                       <M>     MARK target support                                                           x x  

  x x                       <M>     CLASSIFY target support                                                       x x  

  x x                       <M>     CONNMARK target support                                                       x x  

  x x                       < >   CLUSTERIP target support (EXPERIMENTAL)                                         x x  

  x x                       <M>   raw table support (required for NOTRACK/TRACE)                                  x x  

  x x                       <M>     NOTRACK target support                                                        x x  

  x x                       <M> ARP tables support                                                                x x  

  x x                       < >   ARP packet filtering                                                            x x  

  x x                       < >   ARP payload mangling                                                           

```

so until now, 40 minutes running with no modules loaded, it is showing good signs. 

starting loading modules, in groups, and updating this thread...

----------

## nadi

connection seems to be stable so far, with these modules loaded in to the kernel:

```
Module                  Size  Used by

iptable_raw             2688  0 

iptable_nat            23996  0 

iptable_mangle          3328  0 

iptable_filter          3328  0 

ip_tables              24320  4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter

ip_conntrack_tftp       4368  0 

ip_conntrack_irc       72080  0 

ip_conntrack_proto_sctp     9220  0 

ip_conntrack_amanda    70176  0 

ip_conntrack           50408  5 iptable_nat,ip_conntrack_tftp,ip_conntrack_irc,ip_conntrack_proto_sctp,ip_conntrack_amanda

```

----------

## nadi

now I am behind a firewall (at the university), using, succesfully (no problems so far) the following modules for about 2 hours.

```

Module                  Size  Used by

ip_conntrack_proto_sctp     9220  0 

ip_nat_tftp             2560  0 

ip_conntrack_tftp       4368  1 ip_nat_tftp

ip_nat_snmp_basic      11780  0 

ip_nat_irc              2816  0 

ip_conntrack_irc       72080  1 ip_nat_irc

ip_nat_ftp              3584  0 

ip_conntrack_ftp       72976  1 ip_nat_ftp

ip_nat_amanda           2816  0 

ip_conntrack_amanda    70176  1 ip_nat_amanda

iptable_mangle          3328  0 

iptable_raw             2688  0 

iptable_nat            23996  4 ip_nat_tftp,ip_nat_irc,ip_nat_ftp,ip_nat_amanda

iptable_filter          3328  0 

ip_conntrack           50408  11 ip_conntrack_proto_sctp,ip_nat_tftp,ip_conntrack_tftp,ip_nat_snmp_basic,ip_nat_irc,ip_conntrack_irc,ip_nat_ftp,ip_conntrack_ftp,ip_nat_amanda,ip_conntrack_amanda,iptable_nat

ip_queue                9880  0 

ip_tables              24320  4 iptable_mangle,iptable_raw,iptable_nat,iptable_filter

arp_tables             15232  0 

```

----------

## ixion

Impressive! I wll compare the modules you're using with the options I have enabled, and maybe we can narrow down which one of them is the culprit. I'm sorry, but I'm on the road for the next day or so, so won't have much time to test until later this week.

Nice work!!  :Smile: 

----------

## ixion

```

# grep CONFIG_NETFILTER\= /usr/src/linux/.config -A 70

CONFIG_NETFILTER=y

# CONFIG_NETFILTER_DEBUG is not set

#

# IP: Netfilter Configuration

#

CONFIG_IP_NF_CONNTRACK=y

CONFIG_IP_NF_CT_ACCT=y

CONFIG_IP_NF_CONNTRACK_MARK=y

CONFIG_IP_NF_CT_PROTO_SCTP=y

CONFIG_IP_NF_FTP=y

CONFIG_IP_NF_IRC=y

CONFIG_IP_NF_TFTP=y

CONFIG_IP_NF_AMANDA=y

CONFIG_IP_NF_QUEUE=y

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_LIMIT=y

CONFIG_IP_NF_MATCH_IPRANGE=y

CONFIG_IP_NF_MATCH_MAC=y

CONFIG_IP_NF_MATCH_PKTTYPE=y

CONFIG_IP_NF_MATCH_MARK=y

CONFIG_IP_NF_MATCH_MULTIPORT=y

CONFIG_IP_NF_MATCH_TOS=y

CONFIG_IP_NF_MATCH_RECENT=y

CONFIG_IP_NF_MATCH_ECN=y

CONFIG_IP_NF_MATCH_DSCP=y

CONFIG_IP_NF_MATCH_AH_ESP=y

CONFIG_IP_NF_MATCH_LENGTH=y

CONFIG_IP_NF_MATCH_TTL=y

CONFIG_IP_NF_MATCH_TCPMSS=y

# CONFIG_IP_NF_MATCH_STEALTH is not set

CONFIG_IP_NF_MATCH_HELPER=y

CONFIG_IP_NF_MATCH_STATE=y

CONFIG_IP_NF_MATCH_CONNTRACK=y

CONFIG_IP_NF_MATCH_OWNER=y

# CONFIG_IP_NF_MATCH_ADDRTYPE is not set

# CONFIG_IP_NF_MATCH_REALM is not set

# CONFIG_IP_NF_MATCH_SCTP is not set

# CONFIG_IP_NF_MATCH_COMMENT is not set

CONFIG_IP_NF_MATCH_CONNMARK=y

# CONFIG_IP_NF_MATCH_HASHLIMIT is not set

CONFIG_IP_NF_FILTER=y

CONFIG_IP_NF_TARGET_REJECT=y

CONFIG_IP_NF_TARGET_LOG=y

CONFIG_IP_NF_TARGET_ULOG=y

CONFIG_IP_NF_TARGET_TCPMSS=y

CONFIG_IP_NF_NAT=y

CONFIG_IP_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=y

CONFIG_IP_NF_TARGET_REDIRECT=y

CONFIG_IP_NF_TARGET_NETMAP=y

CONFIG_IP_NF_TARGET_SAME=y

# CONFIG_IP_NF_NAT_SNMP_BASIC is not set

CONFIG_IP_NF_NAT_IRC=y

CONFIG_IP_NF_NAT_FTP=y

CONFIG_IP_NF_NAT_TFTP=y

CONFIG_IP_NF_NAT_AMANDA=y

CONFIG_IP_NF_MANGLE=y

CONFIG_IP_NF_TARGET_TOS=y

CONFIG_IP_NF_TARGET_ECN=y

CONFIG_IP_NF_TARGET_DSCP=y

CONFIG_IP_NF_TARGET_MARK=y

CONFIG_IP_NF_TARGET_CLASSIFY=y

CONFIG_IP_NF_TARGET_CONNMARK=y

# CONFIG_IP_NF_TARGET_CLUSTERIP is not set

CONFIG_IP_NF_RAW=y

CONFIG_IP_NF_TARGET_NOTRACK=y

CONFIG_IP_NF_ARPTABLES=y

CONFIG_IP_NF_ARPFILTER=y

CONFIG_IP_NF_ARP_MANGLE=y

```

Well, I suppose it's obvious I'm not running too terribly 'bare bones' with my config.. I still have quite a bit more enabled than you have so far..  :Sad: 

How is the testing going, btw?  :Smile: 

cheers!

EDIT:

```

# grep CONFIG_NETFILTER\= /usr/src/linux/.config -A 70|grep -v '#'|wc -l

59

```

59 netfilter options enabled.. :-/

----------

## ixion

Now only running with this. Will see what happens..  :Smile: 

```

grep NETFILTER .config -A 70|grep -v '#'

CONFIG_NETFILTER=y

CONFIG_IP_NF_CONNTRACK=y

CONFIG_IP_NF_QUEUE=y

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_MULTIPORT=y

CONFIG_IP_NF_MATCH_TOS=y

CONFIG_IP_NF_MATCH_TTL=y

CONFIG_IP_NF_MATCH_STATE=y

CONFIG_IP_NF_MATCH_CONNTRACK=y

CONFIG_IP_NF_FILTER=y

CONFIG_IP_NF_TARGET_ULOG=y

CONFIG_IP_NF_NAT=y

CONFIG_IP_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_REDIRECT=y

CONFIG_IP_NF_MANGLE=y

CONFIG_IP_NF_TARGET_TOS=y

```

EDIT: Just had a couple HTTPS sessions lock, so going even barer:

```

# grep NETFILTER /usr/src/linux/.config -A 70|grep -v '#'

CONFIG_NETFILTER=y

CONFIG_IP_NF_CONNTRACK=y

CONFIG_IP_NF_QUEUE=y

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_STATE=y

CONFIG_IP_NF_MATCH_CONNTRACK=y

CONFIG_IP_NF_FILTER=y

CONFIG_IP_NF_TARGET_ULOG=y

CONFIG_IP_NF_NAT=y

CONFIG_IP_NF_NAT_NEEDED=y

```

Note: Of course, these lockups may be due to the firewall box. Have not recompiled a kernel for that, yet, so will see what happens.

EDIT2: Still nogo. Thinking the firewall may need to be knocked down a bit. nadi, have you had any luck narrowing down which module is causing the problems?

cheers!  :Smile: 

----------

## nadi

no, sorry. It is working fine for me now. If the problem is serious, why not disabling the netfilter? I will rather have a working risky network than no network at all. And I took some other security measurements so I don't want to waste more time in this matter, I have to finish my Phd soon....

Good luck! I will keep an eye to see if anyone else reports a similar problem with netfilter...

Nadi

----------

## ixion

That's cool and understandable..  :Smile: 

 I've just modified the firewall to run a bare-bones setup, will see from work tomorrow if it still is a problem. If it is, I suppose I will grab a stock 2.6 kernel (outside of portage) and patch it myself with the security features I want.. this is such a strange issue..  :Rolling Eyes:   :Rolling Eyes: 

I can't just stop using netfilter.. these machines are exposed to the internet..  :Wink: 

Thanks so much for your help, mate.. you helped me tremendously..  :Very Happy: 

----------

## ixion

lockups still occur, more now than ever... time to go with a new kernel, *sigh*...  :Rolling Eyes:   :Rolling Eyes:   :Rolling Eyes: 

----------

## ch053n1

I'm experiencing the very same problem.  :Sad: 

I've got a new server running fine for few weeks, and then unexpectedly started dropping network connections (any port).

I have undone all changes, reverted back to the old kernel versions (even tried 2.4) without solving the problem. I have even reinstalled the server....

I thought about some problems with the drivers of my NIC Dual Intel Gigabit. I've downloaded the drivers from Intel and installed, but it's same...  :Sad: 

Now I will try removing netfilter support... However I cannot do it without it... Has anybody found where the problem lies exactly?

----------

## ixion

well, I've been able to trace some of it to the Cisco router at work. My wife's office has pretty much ceased to drop connections whereas it happens every 5 minutes or so at my office. I actually will be at an office today that does not use a Cisco router, and will post back my experience.

----------

## ch053n1

UPDATE:

NO, IT'S NOT NETFILTER IN MY CASE

I have disabled it into the kernel, and I'm still running into the same problem.

Besides, i had to include in the kernel the NIC drivers because if compiled as module,

the server goes into kernel panic....  :Shocked: 

----------

## ixion

I'm here at the office w/o Cisco routers, and so far everything's been doing perfectly. Normally by this time it would lock up, but not once has it even hesitated.

Where you are browsing from, do they have Cisco routers anywhere on the network? Also, does the lockups occur when using the webserver locally on the LAN?

HTH  :Smile: 

----------

## neuron

*subscribing to this thread*, I've had a feeling net stuff have started going slower lately aswell, although it could be in my head  :Wink: 

----------

## ch053n1

Yes!

Clients -> Proxy Server -> Cisco -> ISP

My network is very simple. Just a couple of Win2k DCs, an SMTP server and about 30 clients connected all together with HP switches.

However I do feel I have some hardware/driver related problems.

The kernel without netfilter it's a bit unstable... :Confused: 

I'm going to change the hardware and see how it goes...

----------

## ixion

Perhaps try removing that Cisco from the loop and see what happens? Maybe you can drop a Linux box in its place for testing purposes?

good luck!  :Smile: 

----------

## LV426

I just came by reading your thread (while wating for an answer for one of my questions... but thats an other story  :Wink:  )

Have either one of you tried to look at the output of "dmesg" ? (your first friend when something "smells fishy")

exspecially ch053n1 could find an answer here.

@ixion:

Maybe its not a problem with netfilter itself but with your configuration of your firewall?

From the way things look, it could be, that some TCP Acknowlege packages does not reach your box, when you connect

from outside (droping packets?!), so the network stack will stop sending packets out to you, because it is waiting for an ACK

Package, that you recieved the data correctly. And only after you hit a button in the console (and sending the keystroke

to your box, which it seems to reach) your linux begins sending the rest, still waiting in the buffer.

(So much for my first theory)

Does the problem persist, even after disabling all firewall rules and setting the chain Policys to accept?

If no: it definitely has something to do with your firewall rules, try to put in some "debug" rules, like

```
iptables -A INPUT   -j LOG --log-prefix "DROP_INPUT "
```

To see, which packets get dropped where and why

Oh, and you can safely compile all netfilter options into the kernel as modules.

As long as you compile in kernel module autolading support. Then netfilter will tell the kernel when it needs a special module and you should not have to worry about loading any ip_* module

(I use it that way and never had a problem with a missing module)

Joust my two cents  :Wink: 

----------

## ixion

I've been able to confirm it is the Cisco routers causing this problem. While at one of my non-Cisco stores last week, I never had one single problem. It didn't even hesitate!

So now onto my next question. I've googled around a bit, and can see no instances of Cisco's dropping ssh or whatever connections. Has anyone else experienced this? Am I just miserable at Googling? The problem possibly could be a config issue. Would posting the Cisco config help at all in troubleshooting?

edit:

Changed the title of the thread to match the current discussion

edit2:

LV426, I had already tried that. I don't know if I posted it in here or not, but iptables did not log any abnormalities, dmesg did not report anything funny, either.

----------

## think4urs11

never heared of 'cisco-related-connection dropping'

additionally we've literally hundreds of them here and never had any problems related to them.

post your conf and maybe we'll see if there's something fishy in there.

----------

## ixion

[disclaimer]

This config is not my config; I think it needs an entire overhaul, but Mgmt refuses to listen (politics)

[/disclaimer]

Now that that's out of the way, here is the config of the Cisco router at this local branch:

```
Current configuration : 2509 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname orlando_rtr

!

aaa new-model

aaa authentication login default local

aaa authentication login NO_AUTHEN none

aaa authentication ppp default local

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

enable password enable

!

username administrator password

username xxxxxx 

username xxxxxx 

!

!

!         

!

memory-size iomem 25

ip subnet-zero

!

chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT \T" TIMEOUT 45 CONNECT \c

modemcap entry MY_USR_MODEM:MSC=&F1S0;=1

!

!

!

interface Loopback0

 ip address 172.17.1.1 255.255.255.0

!

interface Serial0

 no ip address

 encapsulation frame-relay IETF

 no fair-queue

 service-module t1 timeslots 1-8

 frame-relay lmi-type ansi

!

interface Serial0.100 point-to-point

 description frame-relay to downtown jax

 ip address 172.17.254.6 255.255.255.252

 no arp frame-relay

 frame-relay interface-dlci 100 IETF

!

interface FastEthernet0

 ip address 192.168.58.1 255.255.255.0

 ip helper-address 192.168.44.21

 ip helper-address 192.168.44.2

 speed auto

 half-duplex

 no cdp enable

!

!

interface Async5

 ip unnumbered Loopback0

 encapsulation ppp

 dialer in-band

 dialer idle-timeout 30

 dialer watch-disable 15

 dialer map ip 172.22.1.1 name jax_rtr broadcast 1<phone number here>

 dialer map ip 192.168.44.0 name jax_rtr broadcast 1<phone number here>

 dialer watch-group 8

 dialer-group 1

 async default routing

 async mode interactive

 ppp authentication chap

!

router ospf 5

 log-adjacency-changes

 network 172.17.1.0 0.0.0.255 area 0

 network 172.17.254.0 0.0.0.3 area 0

 network 192.168.58.0 0.0.0.255 area 0

!

router rip

 version 2

 redistribute connected

 network 172.17.0.0

 network 192.168.58.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.58.254

ip route 192.168.44.0 255.255.255.0 192.168.58.254 200

ip route 192.168.64.0 255.255.255.0 172.17.254.5

no ip http server

!

access-list 101 remark Define Interesting Traffic

access-list 101 deny   ospf any any

access-list 101 permit ip any any

dialer watch-list 8 ip 192.168.44.0 255.255.255.0

dialer-list 1 protocol ip list 101

!

line con 0

 login authentication NO_AUTHEN

line aux 0

 exec-timeout 0 0

 script dialer Dialout

 modem InOut

 modem autoconfigure type MY_USR_MODEM

 transport input all

 autoselect ppp

 stopbits 1

 speed 19200

 flowcontrol hardware

line vty 0 4

 password xxxxxxxxxxxx

!

no scheduler allocate

end

```

If you have any questions, feel free to ask. Any suggestions, that'd be awesome (although I've already tried proposing a fine-tuning of the config with no luck).

Basically this router connects to a host that is connected to other WAN boxes. There is a local internet here with a gateway (58.254). This is likely the worst way to set this kind of thing up, but I unfortunately have been met with brick walls when making suggestions. Do you think the network layout by itself could be causing these issues? I have my default gw to 58.254 to try to eliminate the Cisco from the chain, but problems still remain.

----------

## think4urs11

uhhmm, nothing obvious

- half-duplex is correct for Fa0?

- i've always a better feeling with speed/duplex set to fixed values than 'auto' on routers and servers.

- it might not be the best of ideas to have ip helpers configured on 'the other side of the dialup' but shouldn't be the source of your problem.

- routing to 192.168.44.0/24 seems to be redundant/wierd(?)

----------

## ixion

44.0 is where the host resides, as well as the Domain Controller. It is weirdly setup. Personally I'd like to get rid of the dialer map (there is a VPN backup now across internet), OSPF, and RIP, and then start with static routes from the ground up. Basically all traffic should be routed to 58.254 except 44.0 traffic, which should be routed through the frame. But there should be an additional 44.0 route with a high metric when the frame goes down, 44.0 destined traffic can go over the VPN via 58.254.

So the config doesn't look too terribly insane? I thought it was quite bloated for the simple task that needs to be done, but I'm no Cisco expert.  :Smile: 

All I know is that on networks with Ciscos (configured very similar to this one), this problem occurs, while on VPN-only stores the problem doesn't exist. Appears that ch053n1 may be having similar issues with the Cisco as well.  :Confused: 

----------

## think4urs11

ok, so you now have something like double backup

primary: frame-relay

secondary: vpn over Internet

'backup for the backup': dialer

but... (BTW we are getting very [OT] here)

from the routing i don't see the primary, only traffic for 192.168.64.0/24 goes through the frame-relay; everything else towards internet.

I'm no expert (in terms of CCIE) too, just a little CCNA so i might very well be wrong too  :Rolling Eyes: 

----------

## ixion

You are right. We have a self-proclaimed 'Network Engineer' here who thinks he's a Cisco expert. Maybe the above route works, but I personally would do (forget 64.0):

```

ip route 192.168.44.0 255.255.255.0 172.17.254.5

ip route 0.0.0.0 0.0.0.0 192.168.58.254

ip route 192.168.44.0 255.255.255.0 192.168.58.254 2

```

Now that I look at it, his static route might work, but it's very hard to follow. I think the above would be better, but again, not a CCIE here either  :Smile: 

Do you think all the other unneeded protocols could be getting in the way (OSPF, RIP)?

Is there a missing NAT/Stateful statement that should be entered into that config somewhere?

Or is it just the fact that there are two different gateways on the same subnet? There should be a heirarchical structure in networking, not one gateway that routes to another gateway on the same subnet.

What do you think?

----------

## think4urs11

i don't see any need for NAT here at the moment

 *Quote:*   

> ip route 192.168.44.0 255.255.255.0 172.17.254.5
> 
> ip route 0.0.0.0 0.0.0.0 192.168.58.254
> 
> ip route 192.168.44.0 255.255.255.0 192.168.58.254 2 

 

won't work

The router cannot decide when to use the default and when to use the frame-relay cloud... except the frame-relay link goes down; but NOT e.g. when you have a power outage on 172.17.254.5 side.

Maybe the routing gets somehow asymetric (from you to them via VPN, from them to you via frame relay) - latest if there's a firewall somewhere in between it gets reeaaaally nasty.

To clearify this issue a full scheme drawing plus all configs would be needed  :Embarassed: 

----------

