I am using a Raspberry PI 3B with Raspbian OS 10 as a home router/firewall/pihole/dphcd/reverse proxy. I have connected a USB ethernet adapter (eth1) used as WAN interface. The internal NIC (eth0) is used for LAN. Router and firewall settings are done via iptables:
#!/bin/bash # Define command variables ipt="/sbin/iptables" # Define multiple network interfaces wan="eth1" lan="eth0" # Flush all rules and delete all chains $ipt -F $ipt -X $ipt -t nat -F $ipt -t nat -X $ipt -t mangle -F $ipt -t mangle -X # Zero out all counters, again for # a clean start $ipt -Z $ipt -t nat -Z $ipt -t mangle -Z # Default policies: deny all incoming # Unrestricted outgoing $ipt -P INPUT DROP $ipt -P FORWARD DROP $ipt -P OUTPUT ACCEPT $ipt -t nat -P OUTPUT ACCEPT $ipt -t nat -P PREROUTING ACCEPT $ipt -t nat -P POSTROUTING ACCEPT # Required for the loopback interface $ipt -A INPUT -i lo -j ACCEPT # Enable IP masquerading, which necessary for NAT $ipt -t nat -A POSTROUTING -o $wan -j MASQUERADE # Forwarding between wan/lan and lan/vpn $ipt -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT $ipt -A FORWARD -i $lan -o $wan -j ACCEPT # Accept important ICMP messages $ipt -A INPUT -p icmp --icmp-type echo-request -j ACCEPT $ipt -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT $ipt -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT #Incoming connections - only local $ipt -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT #Incoming lan connections $ipt -A INPUT -i $lan -s 192.168.0.0/24 -j ACCEPT
Pihole is taking care of dns and dhcpd. For the most part everything works fine, but often after a couple of days of use the connection to my WAN connection becomes slower. It is a significant drop from 100Mbps to 10Mbps. When I restart the WAN interface by running following commands:
sudo ifconfig eth1 down sudo ifconfig eth1 up
everything goes back to normal speed (100Mbps). I can run above commands via a cron script on a daily basis, but would like to figure out what is wrong. Any help would be greatly appreciated.