hi,
I have a firewall server which runs squid. The firewall is configured by shorewall. We have 3 ISPs,
1. bsnl broadband 2 Mbps 2. leased line 2 Mbps 3. an internal line - not relevant to this issue
The LAN has 150 machines.
The problem I face with the first two is this: the line works well, iftop shows 2 Mbps or more of traffic. Then at random intervals - sometimes after several days, sometimes after a few hours, traffic stops flowing. Checking the interface with ping, sometimes I am unable to ping the gateway, at other times I can ping the gateway, but cannot ping anything beyond the gateway. I stop traffic to that line, and after some time restart traffic and it works ok.
I checked all the wiring, tightened everything in sight. When any of these lines are connected to a single pc, there is no problem regardless of the load put on it.
We then put NAT on the leased line router and connected it directly to the LAN. It works without crashing. The only difference is speed. When connected through the firewall server, with full load in daytime, download of Ubuntu ISO takes about 1 to 2 hours. In the same conditions, when the LAN is directly connected to the router, it takes 5 to 6 hours.
According to the ISP guys this is due to improper configuration of the firewall. I have discussed this with several people and they feel that a firewall cannot cause a router crash. One suggestion is that the router cannot handle the load - and that it is a hardware failure. Any one has had similar experiences?