I have dozens of servers, all of them running the most recent Debian
stable branch and pretty basic iptables instances. All are working well
except for two of them... On these two problem servers, iptables seems to
be intermittently stopping and starting. There is nothing in the system
logs to indicate such, but I can see it when port scanning the servers.
The servers' iptables rules are set to allow connections on TCP 25, 53,
80, and 443, then block everything else. When doing a simple nmap scan of
the servers, and everything is working, the scan takes a few minutes, it
shows these four ports open, and everything else **filtered**. When
everything is not working, the nmap scan happens in just a couple of
seconds, it shows another open port (TCP/111 - I do have this service
running on the servers), plus the four expected open ports, and everything
else **closed**.
I can do 10 nmap scans back-to-back, and about half of them will show
ports filtered, while the other half will show ports closed (and the extra
open port). This tells me that iptables on these two servers is
intermittently stopping, then intermittently starting again.
I have watched the logs on the servers - nothing unusual. I have done the
nmap scans from three different source locations, and all exhibit the same
intermittent results. Googling for 'iptables intermittent' is not turning
up anything applicable. I have other servers using the same iptables
scripts, and they are not exhibiting this problem, plus bad iptables rules
should make the problem always happen, not be randomly intermittent.
Anybody have any ideas? Seen anything like this before?
--
~Jay
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)