Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm a linux network newbie so please bear with me. Also, if this isn't the right forum, please let me know.
My RH7.3 server is located in a DMZ. Access to the server is via SSH and HTTPS. I don't believe the server has any firewall rules set up as another machine on the DMZ does all that for me.
A couple of times per day access via SSH / HTTPS suddenly stops. There's nothing in the system log that indicates why.
The strange thing is, restarting the SSH server doesn't make it work. Rebooting does, as does restarting the network.
Any ideas what could be the cause? I'm not sure what sort of other info I can provide.
Regards
Mark
The server is access through a firewall - apparently we use Checkpoint Firewall 1 software.
The DMZ is on a different network segment (I'm told).
Does this answer your question?
I've double-checked with the IT team and the firewall is not being modified during the periods where I can and cannot gain access to our server so I'm trying to the firewall from the equation.
I'd start by placing a LOG entry in the firewall rules of your server.
Try,
iptables -t nat -A PREROUTING -j LOG --log-level 6 --log-prefix "incoming "
and look for the messages in /var/log/messages.
Look for a period of no activity. This means netfilter didn't get any packets from the nic. If this is the case, set up a cronttab entry to run every hour (or less) to scan yourself with nmap or similar, and look for these in your own pc log files.
cronttab -e
0 * * * * /usr/bin/nmap -sS -p 22,80,110 -P0 -r -n yr.ip.num.ber > /var/log/scan
to check the path outward. (man cronttab)
If you find your server isn't sending, check the connection with another server on the DMZ, and if it works ok, get another patch cord or NIC.
(if you can get the permission, try the nmap thing on some known open ports on servers inside the DMZ as well to cross reference what is & isn't working)
Regards,
Peter
Last edited by peter_robb; 10-07-2002 at 10:58 AM.
Hi Peter
I've set up the logging as mentioned. There is no period of activity reported. There's network activity for every minute of every day for the last 2 days.
Also, when ssh and https "hung" I was able to access other machines via the console.
Hi Peter,
Sorry it's taken a bit of time to reply...
Here's the output from a "netstat -punta" command performed at the point when it failed.
Regards
Mark
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.