Errors in status interfaces
-
Hi all,
I have two boxes 1.2.3 release (built on Sun Dec 6 23:38:21 EST 2009), with 15 virtual ip (carp), about 10 ipsec tunnels (des, sha1, group2).
The wan is parted in 4 vlans (vlan1 10mbit hdsl, vlan2 20mbit adsl, vlan3 20mbit adsl, vlan4 100mbit wifi)from Status/Interfaces I have this situation:
WAN:
Media 100baseTX <full-duplex>In/out packets 22294161/19292992 (3.86 GB/1.47 GB)
In/out errors 0/55210
Collisions 0WAN2 interface (vlan1)
Media 100baseTX <full-duplex>In/out packets 82393/345183 (13.77 MB/75.93 MB)
In/out errors 0/2095
Collisions 0WAN3 interface (vlan2)
Media 100baseTX <full-duplex>In/out packets 24892508/21675838 (1.20 GB/76.62 MB)
In/out errors 0/63224
Collisions 0WIFI interface (vlan3)
Media 100baseTX <full-duplex>In/out packets 5507840/3261755 (3.57 GB/1.35 GB)
In/out errors 0/10363
Collisions 0LAN:
In/out packets 105693896/164395537 (1008.87 MB/1.08 GB)
In/out errors 766966/0
Collisions 0When I try to ping everything behind the fw I have a lot of packet loss, the same thing when I try to ping from the firewalls.
How can debug this situation ?
thanks
Giacomo</full-duplex></full-duplex></full-duplex></full-duplex>
-
I would start with the most likely suspects first:
Change the network cable(s) first, and if possible, the switch.
-
I also noticed a strange routing thing:
on the wifi dedicated vlan (vlan3) I have many ipsec tunnels, when I touch something in the ipsec configuration or I reboot the firewall, routes to remote peers go to hell.
From netstat I can see that routes to those remote peers are in the wrong vlan (vlan0 that is the vlan of the principal wan).
Doing a "route delete ip.of.the.peers" the routes coming back to the right vlan, and I am happy again.
At the moment I semi-solved with a route delete host every 3 min in the crontab.Giaco