Hello guys, there's a fedora server (really high load) which has two interfaces, one with public and one with private ip.

lately it happens quite often to lose its internet connection. i can reach him only by the privete interface, after a shutdown the server is working properly again.

The strange thing is that there is another server too with a public ip on the same subnetwork as the one with the problem. while it's unreachable through the internet, i can ping the other server but not the gateway.

I don't see anything strange on the /var/log/messages.

What do you think of that situation???

Hello guys again, that just happen again. this time i didn't restart the server but i gave:

service network restart

and it all went back to normal.
as i told you before i don't see anything weird on the /var/log/messages.......
what might be the problem?

You might want to look at the interface with ifconfig, and ethtool when the internet connection goes down.
What does the internet side interface connect to? A router? Could you check that as well?

You might try some intermittent logging in your firewall to check for some kind of denial of service attack, which is trying to use up your bandwidth, or a resource on the NIC or your router.

What is the gateway device? Is it the first server or something else.

~$cat /etc/resolv.conf #check the output of this on your server
#and compare it to the dns addresses in your router.

Intermittent internet connections are often (not always, of course) related to dns problems.

hello again i sent a ticket to the datacenter and they replied that a device is grabbing the server's ip. that device is also ours, is a cisco asa for vpn connections with the server. it performs some nat with the server ip, that's why the saw cisco's mac using the serve's ip.

cat /etc/resolv.conf it has the dns server we use for years so i don't think that that's the problem.

what logs do you suggest i should check except /var/log/messages???

hello guys this is what i get during the problem

ifconfig:

eth1 Link encap:Ethernet HWaddr 000:B7
inet addr:x.x.x.x Bcast:x.x.x.x Mask:x.x.x.x
inet6 addr: b7ff:febe:11bb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:140641034 errors:0 dropped:0 overruns:0 frame:0
TX packets:90452668 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20444614426 (19.0 GiB) TX bytes:27221357030 (25.3 GiB)

and the ethtool eth1:

Settings for eth1:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: g
Current message level: 0x00000007 (7)
Link detected: yes

hello guys

the problem just happened. this time before i restart the network service i gave "ip neighbor stale" and for the gateway x.x.x.1
the entry was like this:

x.x.x.1 dev eth1 lladdr 46:7c:00 STALE

after the service restart it changed to REACHABLE

I thing a cisco asa tha performs vpn on the server is grabbing its ip.
this cisco has three nat policy rules to translate the private servers ip to its public because i had to use that one for the interested traffic.

do you think that happened because of the nat rules? how can i fix that?

i asked the datacenter support to add a manual arp entry and that solved my problem.

It solved your symptom. The problem and its cause are still present. Static ARP is a workaround that can cause new problems later on.

yes I know but i had to do something to prevent downtime.