LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Strange iptables firewall problem.
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-13-2002, 10:23 PM   #1
Bomber
LQ Newbie
 
Registered: Jan 2002
Location: Melbourne, Australia
Distribution: Debian
Posts: 13

Rep: Reputation: 0
Angry Strange iptables firewall problem.

Okay, I have a wierd problem and I've no idea where to start looking to fix it.
Bascially, when I start my firewall script everything loads fine and everything works. Machines on the network can access what the firewall allows them to and it is also denying illegal access and logging all correctly.

However, after about an hour (sometimes more or sometimes less), everything stops working. The machines on the network have no access to the firewall computer, yet I get nothing in the logs. If I unload the firewall rules and then load them again, everything works fine again for another hour or so.

I've never seen anything like this before, anyone have any ideas?

I am using Kernel 2.4.3 with iptables 1.2.2
 
Old 01-14-2002, 06:09 AM   #2
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Ok as it's an intermittent problem we need more info:

What does this tell you:
type:
sysctl -a | grep "net.ipv4.tcp_fin_timeout"

-----------
Next time it stops type:
netstat -na | grep tcp

also:
ifconfig -a
Do you have any overrun or errors on any of the NIC's ?

Try this for now.
I haven't seen iptables do this before.

Raz
 
Old 01-14-2002, 03:52 PM   #3
Bomber
LQ Newbie
 
Registered: Jan 2002
Location: Melbourne, Australia
Distribution: Debian
Posts: 13

Original Poster
Rep: Reputation: 0
This command: sysctl -a | grep "net.ipv4.tcp_fin_timeout"
gives me: net.ipv4.tcp_fin_timeout = 360

This command (while everthing is working): netstat -na |grep tcp
gives me:

tcp 0 0 0.0.0.0:2789 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 48 192.168.8.3:22 192.168.4.92:1105 ESTABLISHED


I'll have to redo that when the problem starts next.

I am getting no overrun errors on either nic.

Just on a side note......what would be the service that is causing port 8200 to be open??

Thanks Raz.
Last edited by Bomber; 01-14-2002 at 03:55 PM.
 
Old 01-14-2002, 11:36 PM   #4
Bomber
LQ Newbie
 
Registered: Jan 2002
Location: Melbourne, Australia
Distribution: Debian
Posts: 13

Original Poster
Rep: Reputation: 0
well, this strange phenomina seems to have stopped and to be perfectly honest I've no idea of what I did to correct the problem...

But oh well, it all seems to be working nicely now.
 
Old 01-15-2002, 09:12 AM   #5
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Good to know, I don't think it was anything I told you to do.
The timeout of 360 is correct.

anyway type:
netstat -natp | grep 8200
This will show you what service has started on this port.

/Raz
 
Old 01-15-2002, 06:33 PM   #6
Bomber
LQ Newbie
 
Registered: Jan 2002
Location: Melbourne, Australia
Distribution: Debian
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks again Raz.

Your help is greatly appriciated.

Regards
Bomber
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
strange x server problem with my iptables def. Metaloid Linux - Networking 3 07-15-2004 02:31 PM
iptables firewall seems to work but strange output in dmesg. ldp Linux - Networking 3 04-17-2004 02:00 PM
IPtables/Firewall problem guygriffiths Linux - Security 2 11-21-2003 07:16 AM
Strange problem about iptables DNAT. zufeng Linux - Networking 1 06-28-2003 11:09 AM
strange firewall/DNS problem marsonist Linux - Networking 8 01-03-2003 01:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:40 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration