Free Weekly Tech Newsletter

matt_richards · 05-07-2002, 08:52 PM

Hello there,

I have recently setup a local area network comprising a number of win98 desktop machines, a couple of winxp laptops and a windows 2000 server. We needed internet access for the two laptops and the server and so experimented with a few ICS options. The initial setup with a win98 machine as proxy running wingate and connected to an ISDN modem proved extremely unreliable. We settled on a linux proxy with smoothwall and aside from the occasional reinitialisation after power interruptions it has proven incredibly stable.

However, upon receipt of the first phone bill we were alarmed to see that the machine had been dialling in spontaneously at regular intervals and staying online for periods which were often brief, but sometimes up to two hours. There are a few things that we can rule out from the beginning: it is not an anti-virus program checking for new definitions, it is not people accessing their email because it often happens when noone could possibly be in the building, the xp machines are all disconnected and the win98 machines switched off. This leaves only the server machine – after the screensaver kicks in, that is effectively logged out, but whether other (net-accessing) programs could be invisibly running in the background I do not know. Aside from that the only possible culprits are the linux machine and smoothwall, but I do not know what element of the configuration could be causing this.

Does anyone know why this happens and also how it can be avoided. I would be very grateful for some feedback, as this problem is proving as perplexing as it is expensive.

Thanks in advance.

OOPS! · 05-08-2002, 05:29 PM

Just a WAG, but do you have anything set to run as a cron job?

OOPS!

matt_richards · 05-08-2002, 08:11 PM

At the risk of seeming ignorant here, what exactly is a cron job?

Cheers.

OOPS! · 05-08-2002, 09:45 PM

Hi,

Cron is a utility that will run tasks at a specified time. It might be possible that your server is being activated by some job that is set up to run under cron. But as I said, I'm just WAGging.

OOPS!

MaXimum SMOKE · 05-11-2002, 12:11 PM

Does your server, or any other 'active' machine on your network allow remote access? Like is it dial-up available, or made available by another LAN, in any manner? Otherwise you may be to the point of physically disconnecting machines to find the culprit. There may be a way to log connections made to the Firewall server using something that could interface with the 'netstat' command, or if you are using squid or whatever for the proxy, find out what kind of log files are available for the proxy program and how to turn on logging.

matt_richards · 05-12-2002, 04:49 PM

Cheers MS,

I will find out more about the logging options as it would be helpful if I could provide a bit more information. The problem is that whilst I am very comfortable with windows, I'm not too hot on the alternative OS's. In fact using linux machines as proxies is about the extent of my knowledge. With this in mind could you elaborate a bit on your ideas about remote access.

Disconnecting the machines could be tricky, there are quite a few of them and they are spread over a pretty wide area - with people using them most of the time - I think it would prove too disruptive if I start systematically unplugging them from the network.

Matt.

MaXimum SMOKE · 05-12-2002, 07:29 PM

It would probably be an uncommon thing, but I thought that maybe one of the other machines on the network, might have a modem, and it's user had a program, that allows him to dial in from home and take command of his machine at work. If you are in a country that the phone company charges by the minute for local calls, this would be unlikely. Just pulling at straws, trying to figure out why a machine could be up with no one in the building.

Netstat is a good command, only it just lets you look at things in 'real time'. You can look at the connections your machine is making, but as far as I know it has no way to set up logging. That's why I kind of hoped that logging was an option on your proxy server program. I have no Idea why your proxy would seek a connection, if a client wasn't calling for it, unless maybe it thought it needed a DNS server for ?something? and dialed the isp for it. Usually a dedicated proxy has the bare minimum of other programs running on it. No other good ideas, however.

05-07-2002, 08:52 PM	#1
matt_richards Member (8 bit) Join Date: Apr 2002 Posts: 144	linux/smoothwall - expensive ICS problem Hello there, I have recently setup a local area network comprising a number of win98 desktop machines, a couple of winxp laptops and a windows 2000 server. We needed internet access for the two laptops and the server and so experimented with a few ICS options. The initial setup with a win98 machine as proxy running wingate and connected to an ISDN modem proved extremely unreliable. We settled on a linux proxy with smoothwall and aside from the occasional reinitialisation after power interruptions it has proven incredibly stable. However, upon receipt of the first phone bill we were alarmed to see that the machine had been dialling in spontaneously at regular intervals and staying online for periods which were often brief, but sometimes up to two hours. There are a few things that we can rule out from the beginning: it is not an anti-virus program checking for new definitions, it is not people accessing their email because it often happens when noone could possibly be in the building, the xp machines are all disconnected and the win98 machines switched off. This leaves only the server machine – after the screensaver kicks in, that is effectively logged out, but whether other (net-accessing) programs could be invisibly running in the background I do not know. Aside from that the only possible culprits are the linux machine and smoothwall, but I do not know what element of the configuration could be causing this. Does anyone know why this happens and also how it can be avoided. I would be very grateful for some feedback, as this problem is proving as perplexing as it is expensive. Thanks in advance. Share Share this post on Digg Del.icio.us Technorati Twitter

05-08-2002, 05:29 PM	#2
OOPS! Member (9 bit) Join Date: Jan 2000 Location: Atwater Mn. USA Posts: 429	Just a WAG, but do you have anything set to run as a cron job? OOPS! Share Share this post on Digg Del.icio.us Technorati Twitter

05-08-2002, 08:11 PM	#3
matt_richards Member (8 bit) Join Date: Apr 2002 Posts: 144	At the risk of seeming ignorant here, what exactly is a cron job? Cheers. Share Share this post on Digg Del.icio.us Technorati Twitter

05-08-2002, 09:45 PM	#4
OOPS! Member (9 bit) Join Date: Jan 2000 Location: Atwater Mn. USA Posts: 429	Hi, Cron is a utility that will run tasks at a specified time. It might be possible that your server is being activated by some job that is set up to run under cron. But as I said, I'm just WAGging. OOPS! Share Share this post on Digg Del.icio.us Technorati Twitter

05-11-2002, 12:11 PM	#5
MaXimum SMOKE Member (8 bit) Join Date: Mar 2002 Posts: 229	Does your server, or any other 'active' machine on your network allow remote access? Like is it dial-up available, or made available by another LAN, in any manner? Otherwise you may be to the point of physically disconnecting machines to find the culprit. There may be a way to log connections made to the Firewall server using something that could interface with the 'netstat' command, or if you are using squid or whatever for the proxy, find out what kind of log files are available for the proxy program and how to turn on logging. Share Share this post on Digg Del.icio.us Technorati Twitter

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter

05-12-2002, 04:49 PM	#6
matt_richards Member (8 bit) Join Date: Apr 2002 Posts: 144	Cheers MS, I will find out more about the logging options as it would be helpful if I could provide a bit more information. The problem is that whilst I am very comfortable with windows, I'm not too hot on the alternative OS's. In fact using linux machines as proxies is about the extent of my knowledge. With this in mind could you elaborate a bit on your ideas about remote access. Disconnecting the machines could be tricky, there are quite a few of them and they are spread over a pretty wide area - with people using them most of the time - I think it would prove too disruptive if I start systematically unplugging them from the network. Matt. Share Share this post on Digg Del.icio.us Technorati Twitter

05-12-2002, 07:29 PM	#7
MaXimum SMOKE Member (8 bit) Join Date: Mar 2002 Posts: 229	It would probably be an uncommon thing, but I thought that maybe one of the other machines on the network, might have a modem, and it's user had a program, that allows him to dial in from home and take command of his machine at work. If you are in a country that the phone company charges by the minute for local calls, this would be unlikely. Just pulling at straws, trying to figure out why a machine could be up with no one in the building. Netstat is a good command, only it just lets you look at things in 'real time'. You can look at the connections your machine is making, but as far as I know it has no way to set up logging. That's why I kind of hoped that logging was an option on your proxy server program. I have no Idea why your proxy would seek a connection, if a client wasn't calling for it, unless maybe it thought it needed a DNS server for ?something? and dialed the isp for it. Usually a dedicated proxy has the bare minimum of other programs running on it. No other good ideas, however. Share Share this post on Digg Del.icio.us Technorati Twitter

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Subscribe to THE INSIDER

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter