Opensuse as a router, upload problem, please help

I’m using Opensuse as a router. Configuration method:
I have installed the clean version of tumbleweed.
Disabling services: firewall, apparmor.
I run the iptables script.

#/bin/bash
iptables -F
iptables -Z
iptables -X
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

INTERNET="enp0s3"
LAN="enp0s8"
LANNETWORK="10.0.0.0/16"

iptables -A INPUT -i lo -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE

iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s $LANNETWORK -j ACCEPT
iptables -A INPUT -i $INTERNET -p tcp -m multiport --dport 22 -j ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP
iptables -A FORWARD -i $INTERNET -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $LAN -o $INTERNET -j ACCEPT                                                                                                         

The network is working properly. When he tries to upload on a Windows computer (no matter what page), after a while he disconnects the network connection for some time.
The above configuration works fine on OS DEBIAN, but I like opensuse and don’t want to opt out. I suspect the problem lies in the kernel configuration? Please help

Topology:

(Windows computer)--lan--(opensuse router)--internet

Is the Windows host still able to ping the openSUSE ‘router’ successfully at that time?

When attempting to upload, ping will be aborted.

Can you share the network hardware details?

/usr/sbin/hwinfo --netcard
/usr/sbin/hwinfo --netcard
14: PCI 19.0: 0200 Ethernet controller
  [Created at pci.378]
  Unique ID: DkES.SON+p7ZhsFD
  SysFS ID: /devices/pci0000:00/0000:00:19.0
  SysFS BusID: 0000:00:19.0
  Hardware Class: network
  Model: "Intel 82566DM Gigabit Network Connection"
  Vendor: pci 0x8086 "Intel Corporation"
  Device: pci 0x104a "82566DM Gigabit Network Connection"
  SubVendor: pci 0x103c "Hewlett-Packard Company"
  SubDevice: pci 0x2800
  Revision: 0x02
  Driver: "e1000e"
  Driver Modules: "e1000e"
  Device File: enp0s3
  Memory Range: 0xf0500000-0xf051ffff (rw,non-prefetchable)
  Memory Range: 0xf0525000-0xf0525fff (rw,non-prefetchable)
  I/O Ports: 0x2100-0x211f (rw)
  IRQ: 29 (302978 events)
  HW Address: 00:1c:c4:22:bb:44
  Permanent HW Address: 00:1c:c4:22:bb:44
  Link detected: yes
  Module Alias: "pci:v00008086d0000104Asv0000103Csd00002800bc02sc00i00"
  Driver Info #0:
    Driver Status: e1000e is active
    Driver Activation Cmd: "modprobe e1000e"
  Config Status: cfg=no, avail=yes, need=no, active=unknown

26: PCI 704.0: 0200 Ethernet controller
  [Created at pci.378]
  Unique ID: JNkJ.AlNdtDVdYP9
  Parent ID: 6NW+.kG9pLbu8wu0
  SysFS ID: /devices/pci0000:00/0000:00:1e.0/0000:07:04.0
  SysFS BusID: 0000:07:04.0
  Hardware Class: network
  Model: "D-Link DGE-528T PCI Gigabit Ethernet Adapter"
  Vendor: pci 0x1186 "D-Link System Inc"
  Device: pci 0x4300 "DGE-528T Gigabit Ethernet Adapter"
  SubVendor: pci 0x1186 "D-Link System Inc"
  SubDevice: pci 0x4300 "DGE-528T PCI Gigabit Ethernet Adapter"
  Revision: 0x10
  Driver: "r8169"
  Driver Modules: "r8169"
  Device File: enp0s9
  I/O Ports: 0x1100-0x11ff (rw)
  Memory Range: 0xf0800000-0xf08000ff (rw,non-prefetchable)
  Memory Range: 0xf0600000-0xf061ffff (ro,non-prefetchable,disabled)
  IRQ: 20 (169678 events)
  HW Address: b8:a3:86:7b:e9:92
  Permanent HW Address: b8:a3:86:7b:e9:92
  Link detected: yes
  Module Alias: "pci:v00001186d00004300sv00001186sd00004300bc02sc00i00"
  Driver Info #0:
    Driver Status: r8169 is active
    Driver Activation Cmd: "modprobe r8169"
  Config Status: cfg=no, avail=yes, need=no, active=unknown
  Attached to: #23 (PCI bridge)

27: PCI 709.0: 0200 Ethernet controller
  [Created at pci.378]
  Unique ID: mY_N.AlNdtDVdYP9
  Parent ID: 6NW+.kG9pLbu8wu0
  SysFS ID: /devices/pci0000:00/0000:00:1e.0/0000:07:09.0
  SysFS BusID: 0000:07:09.0
  Hardware Class: network
  Model: "D-Link DGE-528T PCI Gigabit Ethernet Adapter"
  Vendor: pci 0x1186 "D-Link System Inc"
  Device: pci 0x4300 "DGE-528T Gigabit Ethernet Adapter"
  SubVendor: pci 0x1186 "D-Link System Inc"
  SubDevice: pci 0x4300 "DGE-528T PCI Gigabit Ethernet Adapter"
  Revision: 0x10
  Driver: "r8169"
  Driver Modules: "r8169"
  Device File: enp0s8
  I/O Ports: 0x1200-0x12ff (rw)
  Memory Range: 0xf0800100-0xf08001ff (rw,non-prefetchable)
  Memory Range: 0xf0620000-0xf063ffff (ro,non-prefetchable,disabled)
  IRQ: 21 (7381791 events)
  HW Address: b8:a3:86:7b:e7:5b
  Permanent HW Address: b8:a3:86:7b:e7:5b
  Link detected: yes
  Module Alias: "pci:v00001186d00004300sv00001186sd00004300bc02sc00i00"
  Driver Info #0:
    Driver Status: r8169 is active
    Driver Activation Cmd: "modprobe r8169"
  Config Status: cfg=no, avail=yes, need=no, active=unknown
  Attached to: #23 (PCI bridge)


Monitor the journal

sudo journalctl -f

while browsing etc on the Windows host. Anything unusual reported?

It would be interesting to see if “connectivity issues” are encountered with data transfers between the router and the Windows host. You could do this with iperf (or similar).

When trying to upload from Windows

sudo journalctl -f

Jun 03 12:36:24 hp sudo[18658]:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMA                                                                                                             ND=/usr/bin/journalctl -f
Jun 03 12:36:24 hp sudo[18658]: pam_unix(sudo:session): session opened for user                                                                                                              root by USERNAME(uid=0)
Jun 03 12:36:24 hp sudo[18658]: pam_systemd(sudo:session): Cannot create session                                                                                                             : Already running in a session
Jun 03 12:37:44 hp kernel: e1000e 0000:00:19.0 enp0s3: Detected Hardware Unit Hang:
                             TDH                  <cc>
                             TDT                  <ff>
                             next_to_use          <ff>
                             next_to_clean        <cc>
                           buffer_info[next_to_clean]:
                             time_stamp           <105f66f6f>
                             next_to_watch        <ce>
                             jiffies              <105f67252>
                             next_to_watch.status <0>
                           MAC Status             <802a3>
                           PHY Status             <792d>
                           PHY 1000BASE-T Status  <3800>
                           PHY Extended Status    <3000>
                           PCI Status             <10>
Jun 03 12:37:46 hp kernel: e1000e 0000:00:19.0 enp0s3: Detected Hardware Unit Hang:
                             TDH                  <cc>
                             TDT                  <ff>
                             next_to_use          <ff>
                             next_to_clean        <cc>
                           buffer_info[next_to_clean]:
                             time_stamp           <105f66f6f>
                             next_to_watch        <ce>
                             jiffies              <105f67446>
                             next_to_watch.status <0>
                           MAC Status             <802a3>
                           PHY Status             <792d>
                           PHY 1000BASE-T Status  <3800>
                           PHY Extended Status    <3000>
                           PCI Status             <10>
Jun 03 12:37:48 hp kernel: e1000e 0000:00:19.0 enp0s3: Detected Hardware Unit Hang:
                             TDH                  <cc>
                             TDT                  <ff>
                             next_to_use          <ff>
                             next_to_clean        <cc>
                           buffer_info[next_to_clean]:
                             time_stamp           <105f66f6f>
                             next_to_watch        <ce>
                             jiffies              <105f6763a>
                             next_to_watch.status <0>
                           MAC Status             <802a3>
                           PHY Status             <792d>
                           PHY 1000BASE-T Status  <3800>
                           PHY Extended Status    <3000>
                           PCI Status             <10>
Jun 03 12:37:49 hp kernel: e1000e 0000:00:19.0 enp0s3: Reset adapter unexpectedly
Jun 03 12:37:52 hp kernel: e1000e: enp0s3 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
Jun 03 12:37:52 hp wickedd[30783]: route ipv4 0.0.0.0/0 via PUBLICIP dev enp0s3#4 type unicast table main scope universe protocol boot covered by a ipv4:static lease


Lots of results turn up when searching e1000e and the Kernel errors reported. A known bug
https://bugzilla.kernel.org/show_bug.cgi?id=205047

which is likely impacting here.

Late here, so bedtime for me. Let’s see what others advise.

I tried to add

pcie_aspm = off

to the kernel - it didn’t help.

ethtool -K enp0s3 gso off gro off tso off
  • connection is broken for a short period of time, some upload-sites are working

The problem is not solved

I didn’t expect that to work - it didn’t for others either.

ethtool -K enp0s3 gso off gro off tso off
  • connection is broken for a short period of time, some upload-sites are working

The problem is not solved

You may need to add to the bug report.

journalctl -f - shows no error.

Disabling TSO (via ‘ethtool -K enp0s3 gso off gro off tso off’) wuill help with the hanging/resetting of the interface, but
Examine

dmesg | grep e1000e
ethtool -i enp0s3
ethtool --show-eee enp0s3

Ultimately, a bug report is likely needed to help progress this.

The problem was omitted by changing the function of network adapters. enp0s3 as dmz, enp0s9 as the internet

Previously, it partly helped

ethtool -K enp0s3 gso off gro off tso off

Thank you, it wouldn’t have been possible without your help

Thanks for the update. Glad to have been of guidance.