Добрьій день!
Кто нибудь сталкивался с такой проблемой.
Настроен шлюз из локалки (26 компьютеров) в интернет.
Вечером и утром доступ из локалки в интернет работает, а днем - тупит. Вьідает в браузерах ошибку 105. При перезагрузке шлюза интернет появляется, а потом снова исчезает.
Параметрьі системьі:
железо - Pentium MMX-200, 32Mb ОЗУ
ос - Slackware 10.1
скорость модема в интернет 5 Мб
настройки:--------- dhcp.conf -----------
ddns-update-style interim;
ignore client-updates;
authoritative;
subnet 192.168.3.0 netmask 255.255.255.0 {
option routers 192.168.3.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option ip-forwarding on;
server-identifier big.titki;
option domain-name-servers 8.8.8.8;
option time-offset -18000;
range 192.168.3.2 192.168.3.126;
default-lease-time 21600;
max-lease-time 28800;
}
---------- rc.firewall -----------
#!/bin/sh
IPT="/usr/sbin/iptables"
IPTS="/usr/sbin/iptables-save"
IPTR="/usr/sbin/iptables-restore"
MODP="/sbin/modprobe"
# Internet Interface
INET_IFACE="eth0"
INET_ADDRESS="192.168.1.3"
# Local Interface Information
LOCAL_IFACE="eth1"
LOCAL_IP="192.168.3.1"
LOCAL_NET="192.168.3.0/24"
LOCAL_BCAST="192.168.3.255"
# Localhost Interface
LO_IFACE="lo"
LO_IP="127.0.0.1"
$MODP ip_tables
$MODP ip_conntrack
$MODP iptable_filter
$MODP ipt_limit
$MODP ipt_MASQUERADE
$MODP ipt_owner
$MODP ipt_REJECT
$MODP ipt_mark
$MODP ipt_tcpmss
$MODP ipt_state
$MODP ipt_unclean
$MODP ip_nat_ftp
$MODP ip_conntrack_ftp
$MODP ip_conntrack_irc
# -------
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
# -------
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -A INPUT -i $LO_IFACE -j ACCEPT
$IPT -A INPUT -i $LOCAL_IFACE -j ACCEPT
$IPT -A OUTPUT -o $LO_IFACE -j ACCEPT
$IPT -A OUTPUT -o $LOCAL_IFACE -j ACCEPT
$IPT -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
$IPT -A INPUT -m state --state INVALID -j DROP
$IPT -A FORWARD -m state --state INVALID -j DROP
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A FORWARD -i $LOCAL_IFACE -o $INET_IFACE -j ACCEPT
$IPT -A FORWARD -i $INET_IFACE -o $LOCAL_IFACE -j REJECT
$IPT -t nat -A POSTROUTING -o $INET_IFACE -s $LOCAL_NET -j MASQUERADE
$IPT -A INPUT -i $INET_IFACE -s 192.168.3.101 -p tcp --dport 22 -j ACCEPT
------------ rc.inet1.conf -------------
# eth0:
IPADDR[0]="192.168.1.3"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""
# eth1:
IPADDR[1]="192.168.3.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
GATEWAY="192.168.1.1"
DEBUG_ETH_UP="no"
--------- rc.local ---------------
/sbin/route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0
/sbin/route add -net 192.168.3.0 netmask 255.255.255.0 dev eth1
/sbin/route add -host 255.255.255.255 dev eth0
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "32000000" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo "14400" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo "60" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo "10" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1280" > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo "4" > /proc/sys/net/ipv4/tcp_synack_retries
echo "4" > /proc/sys/net/ipv4/tcp_syn_retries
echo "16384 61000" > /proc/sys/net/ipv4/ip_local_port_range
echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "2" > /proc/sys/net/ipv4/tcp_keepalive_probes
echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
echo "0" > /proc/sys/net/ipv4/tcp_sack
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
echo "1048576" > /proc/sys/net/core/rmem_max
echo "1048576" > /proc/sys/net/core/rmem_default
echo "1048576" > /proc/sys/net/core/wmem_max
echo "1048576" > /proc/sys/net/core/wmem_default
echo "1" > /proc/sys/net/ipv4/tcp_orphan_retries
EXT_IFACE="eth0"
INT_IFACE="eth1"
TC="tc"
UNITS="kbit"
LINE="5000" # максимальная фактическая скорость внешнего (ext) линка
LIMIT="2500" # максимально скорость, которую мы можем допустить
SOME_IMPORTANT_IP="192.168.3.101"
SOME_OTHER_IMPORTANT_IP="192.168.3.24"
IMPORTANT_IP="192.168.3.124"
CLS1_RATE="200"
CLS2_RATE="300"
CLS3_RATE="4500"
INT_CLS1_RATE="1000"
INT_CLS2_RATE="4000"
${TC} qdisc del dev ${INT_IFACE} root
${TC} qdisc del dev ${EXT_IFACE} root
${TC} qdisc add dev ${INT_IFACE} root handle 1:0 htb
${TC} qdisc add dev ${EXT_IFACE} root handle 1:0 htb
${TC} class add dev ${INT_IFACE} parent 1:0 classid 1:1 htb rate ${LIMIT}${UNITS} ceil ${LIMIT}${UNITS}
${TC} class add dev ${EXT_IFACE} parent 1:0 classid 1:1 htb rate ${LIMIT}${UNITS} ceil ${LIMIT}${UNITS}
${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:2 htb rate ${INT_CLS1_RATE}${UNITS} ceil ${LIMIT}${UNITS}
${TC} class add dev ${INT_IFACE} parent 1:1 classid 1:3 htb rate ${INT_CLS2_RATE}${UNITS} ceil ${INT_CLS2_RATE}${UNITS}
${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:2 htb rate ${CLS1_RATE}${UNITS} ceil ${LIMIT}${UNITS}
${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:3 htb rate ${CLS2_RATE}${UNITS} ceil `echo ${LIMIT}-${CLS1_RATE}|bc`${UNITS}
${TC} class add dev ${EXT_IFACE} parent 1:1 classid 1:4 htb rate ${CLS3_RATE}${UNITS} ceil `echo ${LIMIT}-${CLS1_RATE}-${CLS2_RATE}|bc`${UNITS}
${TC} qdisc add dev ${INT_IFACE} parent 1:2 handle 12: pfifo limit 10
${TC} qdisc add dev ${INT_IFACE} parent 1:3 handle 13: pfifo limit 10
${TC} qdisc add dev ${EXT_IFACE} parent 1:2 handle 12: pfifo limit 10
${TC} qdisc add dev ${EXT_IFACE} parent 1:3 handle 13: pfifo limit 10
${TC} qdisc add dev ${EXT_IFACE} parent 1:4 handle 14: pfifo limit 10
${TC} filter add dev ${INT_IFACE} parent 1:0 protocol ip prio 1 u32 match ip dst $SOME_IMPORTANT_IP flowid 1:2
${TC} filter add dev ${INT_IFACE} parent 1:0 protocol ip prio 1 u32 match ip dst $SOME_OTHER_IMPORTANT_IP flowid 1:2
${TC} filter add dev ${INT_IFACE} parent 1:0 protocol ip prio 1 u32 match ip dst 0.0.0.0/0 flowid 1:3
${TC} filter add dev ${EXT_IFACE} parent 1:0 protocol ip prio 1 u32 match ip src $IMPORTANT_IP match ip sport 53 0xffff flowid 1:2
${TC} filter add dev ${EXT_IFACE} parent 1:0 protocol ip prio 1 u32 match ip src $IMPORTANT_IP match ip sport 22 0xffff flowid 1:2
${TC} filter add dev ${EXT_IFACE} parent 1:0 protocol ip prio 1 u32 match ip src $IMPORTANT_IP match ip sport 25 0xffff flowid 1:3
${TC} filter add dev ${EXT_IFACE} parent 1:0 protocol ip prio 1 u32 match ip src 0.0.0.0/0 flowid 1:4
/usr/sbin/dhcpd eth1
-----------------
Спасибо.