topic Re: iptables problem in Operating System - Linux

iptables problem

Lukas Grijander — Tue, 04 Jun 2002 10:11:18 GMT

Hi all.

I've a compaq ml330e running RedHat 7.2 and configured as a firewall (iptables).

The ssh port is open only for 2 client IPs to administrate the box.

The linux box has 2 eth interfaces, one for the internet connection and the other connected to a lan with only another box (www server); the access to this box is via NAT.

Everything works fine, but ...

Between 20:00 aprox. and 8:00 there are no connections, and at 8:00 when I try to connect via ssh to the linux box, the connection is refused, and it's impossible to access to the web server.

and ...

Accessing to the linux console, and running few commands (netstat -an, netstat -rn and iptables -L -n), suddenly it begin to work again.

I'm loose ...

I'm thinking about some ideas :

- Advanced Power Management : but it's not configured in linux and I can't find anything about it in the bios-setup
- The iptables modules (ipt_state, ipt_module, ...) are unloaded ?

Any idea?

Thanks in advance and best regards
Rafa

Re: iptables problem

Ron Kinner — Tue, 04 Jun 2002 13:36:03 GMT

Have you checked to make sure you don't have something strange in your crontab? crontab -l will show you your login's cron job.

Ron

Re: iptables problem

Lukas Grijander — Tue, 04 Jun 2002 13:40:30 GMT

Hi Ron.

There's nothing at cron.

Thanks
Rafa

Re: iptables problem

Mark Fenton — Wed, 05 Jun 2002 23:51:56 GMT

Actually, starting with at least RH 7.1 and beyond, there might not be anything in root's crontab, and yet there could be cron jobs that run. Look at /etc/cron.d and it's brothers, /etc/cron.daily, weekly, hourly, etc.

To see if apmd is loading:

# chkconfig --list apmd

Do your logs show anything?

tail -300 /var/log/messages |more

hth.

Mark

Re: iptables problem

Lukas Grijander — Thu, 06 Jun 2002 07:18:20 GMT

Hi Mark.

The only cron proccess that is running periodically is sar, as I can see in /var/log/cron.

chkconfig --list apmd

gives :

apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

but, the script /etc/rc.d/init.d/apmd exits because /proc/apm doesn't exist, so apm isn't configured.

/var/log/messages says nothing ... at least interesting

But I have news ...

I was "pinging" every 10 minutes to 4 box :

- the server behind this firewall (eth1)
- the router whith public IP (eth0) the same segment
- one box behind another firewall (eth0), other net segment (public net)
- another box behind another firewall (eth0), far away than the previous (private net)

everything works fine, but ... every hour and a half (00:10, 01:40, 03:10, 04:40, ...) some packets to the 4th box are been loosing

I've noticed too :

when everything goes :

traceroute this-machine from the 4th box
1 router
2 the other firewall
3 * * *

I think that's ok

when the thing goes wrong :

traceroute this-machine from the 4th box
1 router
2 the other firewall
3 another router
4 * * *

I hope these help you to give light ...

Thanks
Rafa

Re: iptables problem

Justo Exposito — Thu, 06 Jun 2002 09:34:09 GMT

Hi Rafael,

I just read an article about firewalls, perhaps it helps you:

http://www.informaticos.biz/modules.php?name=News&file=article&sid=58&mode=&order=0&thold=0

It's in Spanish.

Regards,

Justo.