Hi all.
I have noticed that when my connection pass through IPFire with ethernet, rather often I get a time out message from IPFire itself, especially when I check database websites, like my SQL server. But when I surf the web without IPFire (wifi) everything works fine and fast, with no errors.
Why does it happen? What should I check in IPFire?
I don’t suspect the ethernet infrastructure, as I said in a previous post I just migrated from IPCop without changing anything in the ethernet configuration (network card, hub or cables) but I don’t know what to look for.
Thank you for your help.
Hi, please tell us some more details of the system. CPU, Nics. Examples of the problem, logfiles…
Hi markusm, thank you.
The CPU is a Pentium IV 2,4 GHz, 1 GB of RAM (I should probably upgrade it, but I don’t see how it can affect the network, as I said with the previous IPCop installation I had no problems at all), the two NICs are a Realtek RTL 8139 10/100 for the GREEN and a VIA Rhine III VT6105 10/100 for the RED. The hard disk is a Seagate ST310220A of 10 GB, probably at 5400 rpm.
The problem is quite random, it is difficult for me to understand when it happens.
Sometimes I cannot even reach the google search page, because Firefox display the page “time out connection”, other times it appears the red page by IPFire that tells me that I cannot reach that website because of a time out request. It seems to me that it happens more often when I check dynamic pages, like my bank account, or my SQL server, but not always.
As example: the screenshot of a site I wanted to reach, a blog I usually surf without problem. In this case I just reloaded the page from the address bar and everything worked fine after one second, but the first attempt timed out.
Which logfiles do you need? In the SystemLog all the logs are empty, I wonder if I have to activate them somewhere.
Thank you for your help.
IpFire is a fork of IPcop, definitively not the same thing. It’s like compare a 1980 car with a 2005 car. Ok, maybe as some engine have ancients in common, but is a different thing. Totally.
Therefore…
If current hardware was enough for IpCop (which kernel was substantially i486-based) for IPFire is quite understandably not enough. Also, RTK8139 is a nice old 10/100 network adapter, but IMVHO Via Rhine III is… simply a chip awaiting for trash. Last but not least, ATA100 HDD is more or less slower than a shiny USB 3.0 good flashdrive.
https://wiki.ipfire.org/hardware
Take a read.
IMVHO at least an healthy setup should stick to:
SATA2 or SATA3 hard drive
2 GB of DDR2 (better DDR3)
2 1gbE ethernet adapters (keep your RTL8139 as Red if your ISP is lower than 50MPS for ingress or egress)
Dual Core x64 CPU, for energy efficiency you should stick not more than 65w of TDP, but consider than a lots of old Intel CPU are affected by security flaws on Speculative execution, this lead IpFire team to avoid enabling of HT. So… 1core HT is not good, and 2 core HT will perform only as 2cores, not 4.
Why? Simple: a lot newer kernel, which take care of most advanced CPU functions and encryption algorithms, a lot of more features available on “stock” ipFire, starting with so less insecure OpenVPN and IPSec implementations, among TLS supports.
Hi Pike,
thank you for the detailed answer. I absolutely agree with you that a more “modern” machine would be better, and also the performances will dramatically increase, the point is that at the moment I don’t have such pc components you describe, and I don’t want to spend money to buy a new machine. The security issues you point out are important, but, for example, I don’t use VPN and IPSec in my configuration. So upgrading the hardware is likely important but it is not possible at the moment. The only thing I can do is to change the network cards, much more affordable.
My idea is that if there is a lack of computational power or bottlenecks (slow hard disk and CPU, etc.) the time out errors should occurr more often, and as soon as they happen I should be able to check immediately the IPFire system log to see if it is a problem of CPU, RAM or whatever. Right now I am not even able to see the system logs, they are all empty. I am probably missing something here, how to activate the logs or check them.
Yesterday afternoon, for instance, the time out error occurred only once, and then I used Internet for several hours without any problem. That’s why it seems strange to me that the time out error is only an hardware problem, and I would like to understand a bit better.
Thank you for your help.
Hi markusm,
I checked the System Log and indeed there are few entries, like the NTP syncronisation, and also the RED section has some entries: I probably checked not properly last time.
I also checked deeply the graphs under the State of the System, and until now memory and cpu usage are very low.
I’ll keep monitoring the syslog and the hardware graphs.
Thank you for your help.