Hi. I run my linux machine as a firewall / router (with iptables 1.3.3). At first I had 1 nic towards wan and 1 towards lan and all worked well. For different reasons I want multiple IP-adresses and I can get 5 of them from my ISP, so I installed another 4 nics into the machine. eht0-eth4 to wan and eth5 to lan, all of them 3c905c. Everything seemed to work great, eht0-4 gets IP from dhcp-server and eth5 has a static config. But every now and then a strange error occurs, in fact there are two different problems, but I suppose they relate. Somehow my firewall sometimes block incoming connections to my services for a couple of minutes. Example: The ssh / ftp etc works, then suddenly they are blocked, and then after 10 minutes you can connect to them again. One theory was that the names of nics swapped so the firewall rules were messed up, but i don't think that is the case. The second problem is about forwardning traffic to / from lan. I use eth4 for forwarding (i've tried the other nics as well but same result). Sometimes the forwarding just cease to work, and I have to restart eth4 in order to get it to work. However, I can still ssh from lan to eth5 and use eth4 from there, it's the forwarding that doesnt work. Just before the forwarding problem occurs the syslog says: ethX: setting full-duplex. ethX: no IPv6 routers present where X is 0..4 I tried with two nics to wan (one netgear) and 1 nic to lan, and the same thing occurred. Another theory is that there is some power-saving state going on. I'm going crazy and will try with another distro if I can't work this out. I would appreciate any comments, and I will provide more details if needed. Thanks -- ingmar

ingmar - do you have any rate limiting definitions in your iptables definitions? (That is a guess ....) Guy

hi. no, i dont, but thanks for guessing :)

OK. You said it happens even if only two nics to wan, and one to lan. Does it happen if just one to the wan? (And one to the lan of course)? I suppose I would think about adding LOG stuff to the iptables rules to gather data. You may have already done that. Hours later ..... Are all these nics from the same manufacturer? If not, .... I am sure what you are trying to do has not been well tested.

Hello again. I learned that you have to activate arp_filer on devices that reside on the same subnet. echo 1 > /proc/sys/net/ipv4/conf/DEVICE/arp_filter Hope that helps someone :) -- ingmar