Thanks for the tips highlighted below; I will give them all a close look here and see if I can realize some success


On 2016-11-21 11:51 PM, Trevor Cordes wrote:
On 2016-11-21 c0l0nelFlagg wrote:

What I am trying to find out is if the smoothwall is acting as a
local dhcp server, a local dns caching server as well as the gateway
why is everything grinding to a halt whenever the ISP connection goes
down? and what I can do to prevent it from stopping functions in the
future.

You're right, it's almost certainly a DNS problem.

A caching DNS name server (NS) isn't good enough, as many domains have
short-ish TTL timeouts.  In any case, if "local" operations are bogging
down when the net is down, the issue is probably your serving-up of
local DNS names.

Do you use dynamic DNS (usually via DHCP) so that you can use the names
you assign on each computer to access each other on the network?  Or
even assign them statically on the local DNS server.  Are they setup to
update the DNS for your top-level domain, or a subdomain?  Seeing your
DNS zone files might help if you can paste them.
Yes the smoothwall firewall PC runs as a dhcp server. For permanent local LAN connections though it serves up reserved IP addresses based on the MAC address asking to be assigned an IP address when it first connects to the network. Any other temporary visitors with a laptop say get assigned a random IP address from withing the preset range of available addresses that are not in the reserved list.

The local network is not assigned a domain name instead just runs with default localdomain settings. Basically runs in a peer-to-peer workgroup fashion.




I have a similar setup but I use a home-brew linux firewall and have
carefully setup DNS to have both a valid "internal view" for local
computers to register their names with, and a separate "external view"
for outside-world users to use.
do you have a link to a blog or tutor web site on setting this up?


I have no experience with smoothwall, but if you can root ssh into it,
you can check out the DNS conf/zone files to see how it is setup.
OK will take a look at these as well

Oh ya, your problem could also just be that you should not have a 2ndary
or 3rdary DNS set on the clients that point to the outside world.  This
could cause programs to timeout longer than they have to.  They must
suffer 3 timeouts (possibly 30-60s each?) as they step through all DNS
servers.  For clients it is sufficient to specify your firewall as the
only DNS server.


When ISP connection is down the linux boxes are all able to see the
NFS shares by using the host file info but samba and windows boxes just go 
south for some reason.

If you have properly setup local authoritative DNS on the firewall you
should never need to use a host file (long obsolete).  What you write
above further proves that the problem is DNS related.

Samba and Windows (esp older ones) should be using broadcast NMB for
name lookups first, so as long as one box is a DMB/LMB it should still
work.  Newer Windows might try DNS first.  I assume you're NATing on
the firewall (internal addresses are 192.168 or 10...), so one of your
local boxes should be the DMB/LMB.  How are you specifying the other
boxes in Windows?  Just \\workstation2\ ??  Are you using workgroup
mode, or domain mode?
everything is just workgroup mode to avoid need to configure PDC/BDC's


If you can ssh into that smoothwall and run tcpdump you could snarf all
the packets into a file and look at them on a workstation to see what
exactly is being sent (and not getting a reply).

Try getting rid of your 2nd/3rd DNS entries first and you can always
report back with more info.