I have dozens of servers, all of them running the most recent Debian 
stable branch and pretty basic iptables instances. All are working well 
except for two of them... On these two problem servers, iptables seems to 
be intermittently stopping and starting. There is nothing in the system 
logs to indicate such, but I can see it when port scanning the servers.

The servers' iptables rules are set to allow connections on TCP 25, 53, 
80, and 443, then block everything else. When doing a simple nmap scan of 
the servers, and everything is working, the scan takes a few minutes, it 
shows these four ports open, and everything else **filtered**. When 
everything is not working, the nmap scan happens in just a couple of 
seconds, it shows another open port (TCP/111 - I do have this service 
running on the servers), plus the four expected open ports, and everything 
else **closed**.

I can do 10 nmap scans back-to-back, and about half of them will show 
ports filtered, while the other half will show ports closed (and the extra 
open port). This tells me that iptables on these two servers is 
intermittently stopping, then intermittently starting again.

I have watched the logs on the servers - nothing unusual. I have done the 
nmap scans from three different source locations, and all exhibit the same 
intermittent results. Googling for 'iptables intermittent' is not turning 
up anything applicable. I have other servers using the same iptables 
scripts, and they are not exhibiting this problem, plus bad iptables rules 
should make the problem always happen, not be randomly intermittent.

Anybody have any ideas? Seen anything like this before?

-- 
~Jay


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss