On Monday 07 January 2008 10:12, Jay wrote:
> I have dozens of servers, all of them running the most recent Debian
> stable branch and pretty basic iptables instances. All are working well
> except for two of them... On these two problem servers, iptables seems to
> be intermittently stopping and starting. There is nothing in the system
> logs to indicate such, but I can see it when port scanning the servers.
>
> The servers' iptables rules are set to allow connections on TCP 25, 53,
> 80, and 443, then block everything else. When doing a simple nmap scan of
> the servers, and everything is working, the scan takes a few minutes, it
> shows these four ports open, and everything else **filtered**. When
> everything is not working, the nmap scan happens in just a couple of
> seconds, it shows another open port (TCP/111 - I do have this service
> running on the servers), plus the four expected open ports, and everything
> else **closed**.
>
> I can do 10 nmap scans back-to-back, and about half of them will show
> ports filtered, while the other half will show ports closed (and the extra
> open port). This tells me that iptables on these two servers is
> intermittently stopping, then intermittently starting again.
>
> I have watched the logs on the servers - nothing unusual. I have done the
> nmap scans from three different source locations, and all exhibit the same
> intermittent results. Googling for 'iptables intermittent' is not turning
> up anything applicable. I have other servers using the same iptables
> scripts, and they are not exhibiting this problem, plus bad iptables rules
> should make the problem always happen, not be randomly intermittent.
>
> Anybody have any ideas? Seen anything like this before?
are those 2 specific machines running any applications that may not be on the
others?
can you compare processes among the machines?
otherwise, I am not sure what would cause the iptables script to fail/restart
(unless something else is terminating and restarting the entire network).
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss