Default Route being invoked by unknown process
Bob Dawson
approx 20 PC's. We have installed a 3com ISDN Lan Modem, and set this up as a
default route, so that request outside the network go via this to the Internet.
We have enabled DNS on our server, and declared the IP addresses of our PC's,
and other peripheral devices (one or two test servers, and a Specialix MTS).
For some unknown reason, the amount of times the ISDN line comes up is
excessive, and it appears that some proces on the server cannot resolve an IP
address, so it looks to the default gateway to try to resolve it, hence the line
comes up. Tracking down this errant proces is proving something of a headache,
and I wonder if others have experienced a similar problem, and have a solution
in identifying the culprit.
We run VisionFS on the server, and this did have a known problem that caused
this sympton to occur every 5 minutes, but this was fixed by installing the
resolver patch.
Is there a way of identifying the calls to the gateway ? Alternatively, is
there a way of only making the gateway 'visible' at specific times during the
day, or via a specific command when required, and closing it when not required ?
All suggestions gratefully received.
Bob Dawson
E-Mail:Bo...@pciltd.co.uk
Tony Earnshaw
> We have a 5.0.4 system with supplement loaded as a server in a small network of
> approx 20 PC's. We have installed a 3com ISDN Lan Modem, and set this up as a
> default route, so that request outside the network go via this to the Internet.
Who's PPP are you running, Bob? SCO's or MorningStar's? I can help with
MorningStar's, but not with SCO's.
Tony
--
************* THE NEW DIMENSION IN DISTRIBUTION ***********
ilion Faculty B.V.
Tony Earnshaw email: to...@ilion.nl
Randstad 21-57
1314 BH Almere-Stad tel: +31 (0) 36 548 50 10
The Netherlands fax: +31 (0) 36 534 05 34
***************** http://www.ilion.nl *********************
Richard Thomas
wrote:
>We have a 5.0.4 system with supplement loaded as a server in a small network of
>approx 20 PC's. We have installed a 3com ISDN Lan Modem, and set this up as a
>default route, so that request outside the network go via this to the Internet.
>
>We have enabled DNS on our server, and declared the IP addresses of our PC's,
>and other peripheral devices (one or two test servers, and a Specialix MTS).
>
>For some unknown reason, the amount of times the ISDN line comes up is
>excessive, and it appears that some proces on the server cannot resolve an IP
>address, so it looks to the default gateway to try to resolve it, hence the line
>comes up. Tracking down this errant proces is proving something of a headache,
>and I wonder if others have experienced a similar problem, and have a solution
>in identifying the culprit.
<snip>
Are you running sendmail? If so, the domain parts of any messages sent
checked in DNS as soon as they are sent by default. If you have the
external mailer prog (the one used for internet addresses) flagged as
an expensive mailer, and sendmail set to queue "expensive" mail
for later delivery, you get the following "interesting" situation:
1. User sends email to an address that isn't in the local DNS
2. Sendmail tries to lookup address in DNS
3. DNS refers query to external server
4. Internet connection opened (modem, ISDN or whatever)
5. Address verified
6. Message is sent to sendmail queue
7. When sendmail processes its queue (once an hour by default),
internet connection is opened again and message is sent
To stop spurious connections while retaining periodic connection
to send email, find the line in sendmail.cf that tells it to do the
lookup, comment it out, and restart sendmail. (Clue: it's in
Ruleset 3, and it has a set of square brackets in the rewriting
rule!!).
The downside of this fix is that domain errors in addresses
won't be spotted and returned to the user until the queue
is run (up to 59 minutes from when the message was sent).
Of course, if you aren't running sendmail, this won't help you,
but hopefully it's a usefull addition to the dejanews archive.
Richard.
Bob Dawson
>richard@ starjump.org (Richard Thomas) wrote:
>
>Are you running sendmail? If so, the domain parts of any messages sent
No, I have removed sendmail and use Netscape Mail server. I too though it might
be this, so changed the parameter that sent mail immediately, to delay it for 60
minutes, but the frequency of connections ( approx 50 in 8 hours) rules this out
as the culprit.
>Tony Earnshaw <to...@ilion.nl> wrote:
>Who's PPP are you running, Bob? SCO's or MorningStar's? I can help with
>MorningStar's, but not with SCO's.
I use MorningStar PPP.
Regards
Bob Dawson
E-Mail:Bo...@pciltd.co.uk
Tony Earnshaw
> >Tony Earnshaw <to...@ilion.nl> wrote:
> >Who's PPP are you running, Bob? SCO's or MorningStar's? I can help with
> >MorningStar's, but not with SCO's.
> I use MorningStar PPP.
O.k. In /usr/lib/mstppp, edit the file called Filter to include the root
nameservers under 'default bringup'. The following filter is old, so get
the numbers of the present servers:
# Filter - PPP configuration file binding packet types to actions.
# The "default" filter will be used if no filter has been found earlier
# in the file which matches the current interface
default bringup !ntp !3/icmp !5/icmp !11/icmp !who !route !60000/udp
!domain/202.12.27.33 # Root servers Internic 12 Feb 99:
!domain/198.32.64.12
!domain/193.0.14.129
!domain/198.41.0.10
!domain/192.112.36.4
!domain/192.5.5.241
!domain/192.36.148.17
!domain/192.203.230.10
!domain/128.8.10.90
!domain/192.33.4.12
!domain/128.9.0.107
!domain/128.63.2.53
!domain/198.41.0.4
To get the numbers of the present root name servers, do 'dig
@rs.internic.net . ns > /tmp/rootservers;pg /tmp/rootservers' on the
server console whilst you have an Internet connection.