Debian server loses default gateway sporadically
I'm unsure of what's causing my instability but here's what I know:
The server is running Debian with no GUI.
I have a static IP, and /etc/network/interfaces is configured with a 'gateway x.x.x.1' entry.
Periodically, my server loses all internet connectivity, and when I can get to it for access, the default gateway is missing from the routing table.
Because this error halts all traffic to my server, I've set up a cronjob to periodically attempt to 'route add default gw x.x.x.1' so that I don't have to keep physically returning to the machine. I'd like a better solution...
/etc/network/interfaces:
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.121
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
up route add default gw 192.168.0.1
dns-nameservers 192.168.0.1
dns-search domain.com
Why doesn't the entry: up route add default gw x.x.x.1 work in /etc/network/interfaces to keep the gateway in the routing table? Moreover, shouldn't the 'gateway x.x.x.1' entry already make sure that the default gateway stays in the routing table?
Also, what log files should I be looking at in order to track down this reoccurring error?
Side question: could a DoS type attack cause eth0 to go down?
The ifconfig
command is not intended to setup anything other than the interface itself, so no gateway is involved.
When you run ifconfig down
, the gateway is removed by the kernel because it sees it is no longer valid.
When you run ifconfig up
, the kernel can't guess anything about the gateway.
You should use your distro specific command to up
the interface (for example with Debian this is ifup eth0
), or explicitly use the route
command.
I am not sure about debian but redhat requires the sysconfig scripts to be configured in order to keep the gateway settings. I am not sure how relevant this is to debian but it drove me nuts on redhat.
Okay, first off, why are you using ifconfig
? On a normal server, you wouldn't touch that unless you were changing IP addresses.
I suspect you have a copy of the DHCP client running somewhere. I've seen intermittent issues like this when dhclient
wakes up near the end of the lease expiration time. Make sure this is fully disabled (you can probably go so far as chmod -x
or even removing it, as it has no real purpose on production servers). Check ps aux
and make sure you don't see anything relating to DHCP.
Last, a DoS attack will not have any effect on your system's gateway address. It's possible it could cause the gateway to go down (if it overwhelms the router), but it would not cause your system to suddenly remove it from your routing table.