[Techtalk] Is it the server???
Michelle Murrain
tech at murrain.net
Tue Apr 9 14:24:10 EST 2002
At 01:57 PM 4/9/2002, Raven, corporate courtesan wrote:
> Okay -- and 192.168.1.1 is the address of an interface on your
>router? Which interface? The one that mailserver 2 connects to, or the
>one that mailserver/webserver 1 connects to? (Or do the two boxes
>connect to a switch, and then the switch connects to one Ethernet port
>on the router?)
The gateway - the LAN side. Everything connects to it.
> The reason that I'm so interested in the topology is that if
>your mailserver is throwing errors that it can't reach your router, that
>should be something that's easy to correct. We just need to know
>exactly what connects to exactly what, and where.
>
> Could you do a
>
>route
>
>on the mailservers, and verify that there is a route for the subnet that
>192.168.1.1 is on in the routing table on your box?
Here are the routes:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
and
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
> > The way the network is set up at this moment, it has a private IP, with
> the
> > 192.168.1.1 as the gateway/firewall/router.
>
> Which interface on the router? Or does the router only have one
>internal interface?
Only has one.
> Another reason this might be: if your internal network is 100
>Mb, and your fractional T1 is 768 K, you're able to push a lot more
>traffic to that frac-T1 than it can handle. Same problem as the T3 ->
>T1 issue, just one step earlier along the path. Any time you try to go
>from a network with higher bandwidth across a network with lower
>bandwidth you run the risk of packet loss if you try to flood the link.
>Most LANs have far greater bandwidth than their WAN links.
Yes, that makes a lot of sense.
> Oh! Okay, you're doing NAT. That makes more sense. I thought
>you had the boxes configured with routable IPs, inside your private
>network. If everything inside your private network has a private space
>IP, suddenly all becomes clear. And NAT just happens statically at the
>router, and those two boxes always get translated to the same two
>external IPs, right?
Exactly.
> > Here's a set of tcpdumps for successful SMTP packets:
> >
> > 16:33:08.174659 nanuuq.ursa-minor.com.1221 >
> > xx5.mail.simpleservers.com.smtp: . ack 1 win 16060 <nop,nop,timestamp
> > 1650370 488638534> (DF)
> > 16:33:08.653713 xx5.mail.simpleservers.com.smtp >
> > nanuuq.ursa-minor.com.1221: P 1:94(93) ack 1 win 32120 <nop,nop,timestamp
> > 488638568 1650370> (DF)
>
> Did you get any SYN packets or any other sorts immediately
>before this? This is the first acknowledgement packet (ack 1) after the
>connection's been set up. I'm interested to see if there's anything
>else going on at the same time (DNS, ICMP, ARP even) that could be
>causing our complication. Usually that sort of thing happens near the
>beginning of a session.
OK - I'll look more at that.
> But the rest of this session looks normal. Is
>this one of the domains that you're often having trouble with? Also if
>possible, could you provide more of the tcpdump before an unsuccessful
>session? I am looking to see where the packets are coming from, and if
>there are any unsuccessful queries, etc. before the servfail error.
It doesn't happen so frequently - so it's a challenge to find it - but I'll
do some more looking, and send more tcpdumps back.
.Michelle
---------------------------------------
Michelle Murrain
tech at murrain.net
AIM/Yahoo Messenger:pearlbear0
ICQ:129250575
http://www.murrain.net/ for pgp public key
Check out XINA! http://www.xinasoft.org
More information about the Techtalk
mailing list