On 1/7/08, Jay wrote: > > I have dozens of servers, all of them running the most recent Debian > stable branch and pretty basic iptables instances. All are working well > except for two of them... On these two problem servers, iptables seems to > be intermittently stopping and starting. There is nothing in the system > logs to indicate such, but I can see it when port scanning the servers. > > The servers' iptables rules are set to allow connections on TCP 25, 53, > 80, and 443, then block everything else. When doing a simple nmap scan of > the servers, and everything is working, the scan takes a few minutes, it > shows these four ports open, and everything else **filtered**. When > everything is not working, the nmap scan happens in just a couple of > seconds, it shows another open port (TCP/111 - I do have this service > running on the servers), plus the four expected open ports, and everything > else **closed**. > > I can do 10 nmap scans back-to-back, and about half of them will show > ports filtered, while the other half will show ports closed (and the extra > open port). This tells me that iptables on these two servers is > intermittently stopping, then intermittently starting again. That is not really a safe assumption. Nmap is not really that accurate of an instrument. If you are concerned for some other reason, I would try logging your packets with iptables an see if you get anything interesting. If your network is not exhibiting any problems, then I wouldn't assume that you have one just because Nmap is giving a wierd readout. You can also try other monitoring tools like SATAN and SAINT and see if they give you similar results. http://www-arc.com/sara/ -jmz > > I have watched the logs on the servers - nothing unusual. I have done the > nmap scans from three different source locations, and all exhibit the same > intermittent results. Googling for 'iptables intermittent' is not turning > up anything applicable. I have other servers using the same iptables > scripts, and they are not exhibiting this problem, plus bad iptables rules > should make the problem always happen, not be randomly intermittent. > > Anybody have any ideas? Seen anything like this before? > > -- > ~Jay > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss