Router locking up? help...

I have 5 sun ultra 10's running solaris 8 and 9, one intel running
slackware 10 and one intel running windows 2000 all going into an 8
port linksys hub and then into a 11s4 v.2 (802.11b) wireless linksys
router (along with a windows 98 box on the way). I am running an
apache webserver. swbell dsl. Here is my problem:

within my LAN, I never have any problems. From the outside, My ssh
sessions will just lock up on me at random times. I won't be able to
ssh into any of my boxes for about 10 minutes and then I can again.
My http traffic is doing the same thing. My website will just lock up
for about 10 minutes. If I am in the LAN, I can still access
everything even while it is locked externally.

I googled this problem and did the following:

I upgraded the firmware on my router.

I set the router MTU to 1492 along with all of the servers (the
windows boxes are set to auto).

I have played with various other MTU settings to no avail...

Does anyone have any suggestions as to where I should be concentrating
my efforts? I am assuming this to be a router config problem, but I'm
out of ideas.

Any help would be appreciated.

Thanks!

AvidFan

 

I changed routers to the linksys befsr41 and even after firmware
upgrades on it also, I have the same problem... Any suggestions?

Thanks,

 

Use 1.45.7 firmware... most stable

KK

 

Does this mean you can initiate a new connection from one of the LAN
hosts to something out in the world? Or are you only able to connect
within your LAN, and there is a problem externally in either/both
directions> In that case, what are the error messages? While the link
is wedged, what do traceroutes show from both directions? You may have
to alter your firewall rules to permit these tests - and they could have
something to do with your problem.

Generally, MTU only effects "full sized" packets, and doesn't effect
small packets, like DNS queries, or FTP sessions where the data transfer
is limited (such as changing directories). There should be nothing
that knows about time (i.e. ten minutes). Set your MTU to a sane
value, and leave it alone. Make sure you are not blocking ICMP type 3
code 4. TEMPORARILY allow ICMP echo in both directions, and use 'ping'
with varying sized packets up to 1500 octets while monitoring the
wires using tcpdump. Note that ping is blocked/dropped by many systems
now due to abuse of that protocol, so you may need a cooperative
external site to ping to/from. The point of the ping test is to see
if there is a MSS limitation - look to see when the packets start
getting fragmented.

A frequent problem is people configuring their firewalls to block all
ICMP packets. Study http://www.iana.org/assignments/icmp-parameters
and understand the purpose of each message. For troubleshooting at this
time, make sure ICMP Types 0, 3, 8 and 11 are open in both directions.
Later, you can kill type 8 inbound of you wish. If you are truly
paranoid, you could also block 0, 3, and 11 outbound - but in that
case you will likely break things, and would probably be better served
by returning your computers to the dealer and getting your money back.

Old guy