Comcast to CenturyLink network fails
January 23, 2017 11:23 AM   Subscribe

We switched from Comcast business Internet to CenturyLink IQ Networking and now our Internet sessions are terminating unexpectedly.

We are the first on our block to get fiber+/Enterprise lite to our LAN. Seemed like a good idea at the time. We have a two-NIC server running PF as our firewall. It seems as if many Internet services are terminating with a RST packets, doing this frequently and intermittently. Browser based sessions, SSH, cloud services....working, then not working. We see this as timeouts, slow access, not available or other strange problems.
Great consternation is accompanying this. CenturyLink is somewhat helpful though nothing has helped so far. It seems as if the problem disappears outside our firewall, though we are far from being pro network geeks and are having problems getting a clue. The best we've managed so far is running Wireshark and testing one service that fails inside the LAN (RST packet) and works normally outside, so it seems that maybe it's our firewall but that's far from being a sure thing. We're invested in the firewall and the questions arises, why can a Comcast packet traverse our LAN and a CenturyLink packet cannot?
We've done a couple of tweaks to our firewall, CTL has done a couple of tweaks to their edge routers and on site equipment. Nothing has helped.
CTL consistently tells us it's all green, you're good to go.
We are doing everything we can reasonably do given we have actual jobs to do other than testing network problems. I'm looking for suggestions how to proceed. Short of pointing fingers at CTL, we're running out of options and may have to revert to Comcast. What resources might we utilize (forums, consultants, web sites) to help us figure this out?
posted by diode to Computers & Internet (2 answers total)
I don't know if this is the cause of your issues, but it sounds very familiar to some issues a while ago with my ISP (Sonic), who have a very short DHCP lease interval time of 5 minutes. Most firewalls are are locked down and block the renewal request from the DHCP server, causing the DHCP client on the router to fall back to requesting an IP via broadcast, which means any open connections then drop. The solution to this particular issue is to allow UDP traffic with a source port of 67 and a destination port of 68 through the firewall.
posted by zsazsa at 11:44 AM on January 23, 2017

I don't know PFSense very well, but if you're getting RST's from behind the firewall but not outside it that makes me think maybe the firewall state table is overflowing. If someone is aggressively scanning Centurylink's IP space, perhaps those scans are generating entries in the firewall table which are pushing out the table entries for your sessions - then when a packet comes in for the session there's no table entry, and the RST is sent.

If this is the case I would expect the RST to happen more frequently with applications that are idle some of the time - if you get RST's in the middle of an active file download or a media stream, that would indicate something else.

Sorry I can't be more specific, but there should be a "show firewall table" option where you could see that sort of activity. To mitigate it you would have to identify the scans and then drop that traffic on ingress, which would keep it from generating a state table entry.
posted by five toed sloth at 12:48 PM on January 23, 2017

« Older which forms of weed are useful for sex?   |   Home Organizing YouTube Channels for a Childless... Newer »
This thread is closed to new comments.