On 7/12/22 19:21, Ram Ramesh wrote:
On 7/11/22 11:30, Ram Ramesh wrote:
Experts,
I have a firewall machine built recently and it runs debian
bullseye (v11). It has two ethernet interfaces - one internal ($intf)
and one external ($extf). My external port runs dhclient to get its
IP address and internal port runs dnsmasq to provide DNS service to
internal/protected hosts. Usual iptables rules are established to
prevent attack/entry into internal net from external net and allow
proper internet access to internal net hosts.
I had this system working fine (on an older machine) since debian
5.0.7. I have not upgraded that machine as it is working fine.
However that hardware is too old (10+ years) and I wanted to replace
it with something more modern running latest OS and that is why I
built the above machine.
My old machine does not seem have avahi-daemon. So, it runs fine.
However, my new machine has this daemon running which notices that
$extif does not have much activity and disables it after some timeout
idle time. I initially thought my firewall rules are suspect and was
banging my head for a while adding extra rules for
DHCPDISCOVER/REQUEST etc thinking that those are blocked. Today I
noticed that my $extif is vanishing and /var/log/daemon.log shows
some avahi-daemon messages about that interface being
disabled/withdrawn or some such thing.
As a next step, I want to tell avahi-daemon that it should not work
on that interface as it is not meant to be fooled around. Do I use
deny-interface $extif or allow-interface $intif only? Which is
proper? Will doing one of these solve my problem of $extif vanishing
from ifconfig?
If you think there is something else that I can do that is better,
please let me know that too.
Much appreciate any help.
Please let me know if you need anything else that will help to
resolve this problem.
Regards
Ramesh
It appears that this is not an issue with avahi-daemon. My $extif is
through usb NIC and that seem to go down due to some sort of powersave
autosuspend. Currently I am running ping -i 60 <ext_gw> and that
keeps the net up and $extif has not vanished for a day.
I did some googling on how to disable autosuspend, but answers were
quite confusing. Do you know a simple way to disable autopowerdown of
just this usb NIC? May be there is something that I can do with ethtool?
Regards
Ramesh
I take back some of what I said. It is both - I mean usb
autosupend+avahi_daemon. I need to keep the adaptor from autosuspending
and tell avahi-daemon not to disable the interface in the OS.
I also found the power/control entry in /sys/bus/usb/.... for my usb
NIC. It is not in the usual place. lsusb does not list my usb ethernet
adapter at all. I had to manually search to find it and set its
power/control to "on"
With all this done, so far my net is up and running fine. Will wait a
couple days with a couple of reboots to make sure I have captured all
fixes in some boot scripts. After that this problem can be thought of as
solved.
Regards
Ramesh
