“I know kung fu…”
2007/02/11 20:36:47
linux software

And so does everyone else. Simply apt-get install ipkungfu.

I’ve finally switched my gateway box from my 12 years old Pentium (I) 166MHz gateway box (still running Debian potato, kernel 2.2. This is Linux for you, when it works, it can work forever…), to my 5-6 years old Netwinder.

I was also very glad that the Netwinder is now (or still) officially supported by Debian. I had Debian potato installed on it for years. Upgrading it was painless.

My old gateway box was running such an old kernel, and the firewall was one of those copied-from-others script using ipchains. This time I decided to use a better way to manage my firewall rules. After a bit of research and trying things out, I’ve chosen ipkungfu. Again, it was painless to setup.

The only not-so-good bit was, I did the machine switching-over only 1 day before I went away. So as it turned out, my net connection went down in about 2 days time. I always have some scripts checking if the net is up or not, and it would reset everything (bringing down/up the interface, renewing IP, relogging on, etc). But looks like that wasn’t helping either. So I thought it might be one of those cable-modem-needed-to-be-reset situation.

I asked my uncle to power cycle the cable modem for me. And just to be safe I asked him to do the same for the gateway box too. As expected my net connection went up again. And I was happy, for a while.

Who would have thought, it went down again. Suspiciously, it also only stayed up for about 2 days. My instinct told me it wasn’t a coincident. A few days later my uncle again power cycled the modem.

I got on and check the logs again and found that my firewall was blocking (and logging) a lot of IGMP packets from some mysterious 10.x.x.x (Telstra internal network instruments) IP. It’s strange though, I haven’t seen these logs when I was testing the net. So apparently just the bpalogin client heartbeat is not enough. Seems that without the IGMP packet response (or how-ever IGMP works), after a certain timeout period (2 days?) the other end terminates the net connection and stops leasing IP, even if the cable modem is on or even there are existing network connections. So of course, I’ve then updated my firewall rules.

Lesson learnt, testing the net for 1 day is not enough, cos it will go down in 2 days ;)

Once again, many thanks to my uncle for the trouble.

