dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
25
HuckWeed
join:2011-09-20

2 edits

HuckWeed to Chair5

Member

to Chair5

Re: DSL Consistently disconnecting every 5 minutes.

Hi there,

I've actually had this problem on a few lines that I service for sonic.net, and it took a few months of steady complaints by my customers before I finally figured out that the firewalls in the routers sitting behind the sonic modem (running tomato or openwrt) were denying a dhcp query coming from sonic's dhcp server based on an IP mismatch, which was forcing the WAN connection to reset. It would take almost no time to re-establish the WAN, but the problem, as I'm sure you noticed, is that every connection you have (vnc, teamviewer, loading a streaming video, poorly coded applications that would crash etc.) would need to be re-established... a huge pain!

The solution is to poke a hole in the router firewall. I use IPTABLES and was able to issue/execute the following command:

iptables -I INPUT -p UDP -i vlan1 --dport 68 --sport 67 --source 110.139.165.56 -j ACCEPT

(The 110.139.165.56 ip is the ip address of the sonic dhcp server in both cases I saw... it's possible that you will have to change this value)

If you tell me which router you have exactly, I may be able to give you step by step instructions on how to view the logs (to pull the dhcp server IP) and to allow your router to include this IPTABLES entry automatically on startup.

I hope this helps! I spent at least 5 hours trying to figure out what the problem was before figuring this out!
Ravenheart
join:2006-02-10
Berkeley, CA

1 edit

Ravenheart

Member

Huckweed, I've had the disconnect problem but am trying your iptables command--thank you. I wonder how I verify the DHCP server address. I can't find it listed in my router settings pages. I have dd-wrt v24-sp2 on a WRT54GL. Thanks.

Edit: Oh, now I get it. It's the same as the default gateway, which for me at present is 70.36.136.1.
Ravenheart

Ravenheart

Member

I remember now that I encountered something like this years ago and came up with a command similar to Huckweed's on a DD-WRT forum.

The same forum thread offered a persistent command that could survive loss of power and soft resets:

telnet the router IP from a Windows command prompt.

Log in, and enter these commands:

nvram set rc_firewall="iptables -I INPUT -p UDP -i vlan1 --dport 68 --sport 67 --source 70.36.136.1 -j accept"
nvram commit

where from the first nvram to the second quote is one line, and the IP in the command is your default gateway.
HuckWeed
join:2011-09-20

HuckWeed

Member

Just be aware that sonic seems to offer subsequent DHCP renewals (after the initial IP given by the broadcast/gateway) from IPs that are often in an entirely different a or b class subnet. This is, in fact, the root of this particular problem for most of the firmwares that i've encountered so far that have had an issue.

To be honest, I don't understand sonic's position here, even after Dane's clarification. I would think that with not too much trouble, a competent network engineer could devise a more elegant and less disruptive solution, especially given the rather weak argument for renewing the IP lease every five minutes. The only logical reason I can see to continue doing things in this manner is to upsell the static ip offerings (that are considerably more expensive) that sonic offers. Not the type of behavior I would expect from an upstanding company like Sonic.net.

Anyhow, I should probably be quiet. I don't see sonic changing this just because of some 'internet forum thread' such as this one, and I'll just alienate myself, or worse yet, get banned in some capacity if I press this issue further.

CCNnorthcali
join:2004-03-07
San Francisco, CA

CCNnorthcali

Member

A single static IP is now free for residential Fushion. You might want to try that out.

DaneJasper
Sonic.Net
Premium Member
join:2001-08-20
Santa Rosa, CA

DaneJasper to HuckWeed

Premium Member

to HuckWeed
You'll see a few changes in the pipeline. One, as noted, was that now we offer static IPs, with a single IP static being free for residential users on Fusion.

The other is a shift to a new DHCP architecture, and a move away from short leases. The short lease was important in our older infrastructure, as the secured-ARP in the Redback SMS didn't work unless it participated in the lease - so a reboot meant an average of 1/2 the lease time until all customers came back online. Short lease, short downtime.

The Adtran platform doesn't have this limitation, it remembers IP security across reboots, so we'll be extending the lease time a lot in the new deployment.

THAT said, your firewall IS broken if it won't allow a renewal. With a longer lease interval, it'll just mean a brief downtime every 12 hours or something, but it'll still cause you an outage.

-Dane
klui
join:2001-11-08
Castro Valley, CA

klui to HuckWeed

Member

to HuckWeed
said by HuckWeed:

Anyhow, I should probably be quiet. I don't see sonic changing this just because of some 'internet forum thread' such as this one, and I'll just alienate myself, or worse yet, get banned in some capacity if I press this issue further.

said by DaneJasper:

The Adtran platform doesn't have this limitation, it remembers IP security across reboots, so we'll be extending the lease time a lot in the new deployment.

Too funny. Hope you're not too disappointed HuckWeed.
Ravenheart
join:2006-02-10
Berkeley, CA

1 edit

Ravenheart to HuckWeed

Member

to HuckWeed
HuckWeed, thanks for that note. (And thanks to CCNNorthcali.)

Here, I'm giving a static IP a try. That looks like one simple solution.