Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-23-2015, 11:10 AM   #1
LQ Newbie
Registered: Aug 2015
Posts: 1

Rep: Reputation: Disabled
Talking set firewall/iptables to drop packet if inactive for specific time


I got an interesting problem. My customer found the SQL query request (made by the connection from jdbc driver to Oracle db server) is hanging for 15 minutes and finally the driver reports an error like (I/O and socket time out). Before this SQL query, the connection is INACTIVE for about 20 minutes. There is no Oracle server error(ORA-XXXXX) returned.

I suspect that the request did not reach to the Oracle server but was dropped by something which is possible a firewall. So the requster is keeping waiting for the response which will never come until the jdbc client is timed out. I need to prove it.
My thought is:
1) Using traceroute $oracle_server_address from the jdbc client.
2) Check each machine returned by 1) to see if there is any firewall deployed then check the configuraiton.

But for point 2, I am not an expert for iptables or other firewall product. But iptables seems one of the most popular options.

My question is
1) ps -ef to see the process on those machines....(Assuming iptables is running)
1) Does iptables support that it will drop(not reject) the packet if the network session(jdbc connection) is idled for x minutes?
2) If it supports, What's the syntax of the configuration?
3) How do I check the configuration, iptables --list>firewall_config.txt , right?

Old 08-25-2015, 11:10 AM   #2
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
If this server is not directly connected to the internet then there should be no need for a firewall running on it unless you are paranoid. Is the client connecting through the internet or is everything on the local LAN?

To see if there is a process running for iptables
ps -ef | grep iptables
If there is then to see what firewall rule are being used then
 iptables -nvL
IPTABLES will reject a packet if configured to do so but if you don't really understand what you are doing you could make the entire box unreachable. For this reason I'm not going to post here the command.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Drop or Block Incoming Access From Specific IP Address Using Iptables jaydul Linux - Newbie 1 10-17-2013 09:10 PM
IPTABLES (drop) dmz, lan, firewall NOT WORKING serendipity77 Linux - Networking 5 06-23-2013 10:58 AM
Is it necessary to drop specific flags in IPTABLES with an INPUT DROP policy? rootaccess Linux - Networking 5 08-22-2012 08:10 PM
drop packets for specific port with iptables ohcarol Linux - Security 1 07-03-2005 10:48 AM
iptables - drop all -> allow needed OR allow all -> drop specific lucastic Linux - Security 5 12-21-2004 02:07 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration