Find the answer to your Linux question:
Results 1 to 10 of 10
When I run my shell script which loads numerous rules into iptables, it works for about 5min then looks like it just starts dropping all incoming packets. Now I have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994

    Strange iptable problem


    When I run my shell script which loads numerous rules into iptables, it works for about 5min then looks like it just starts dropping all incoming packets. Now I have this script running on my own box and another server I admin. I can't figure out why it is doing it on this server. Has anyone ever had a problem like this?

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Are you sure that it's iptables that's dropping the packets? A lot of people have been having trouble lately with network cards that just stop functioning (in that it doesn't receive or drop the packets) after a few minutes.

  3. #3
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Well this only occurs when I run the iptables script.

  4. #4
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    You don't say? Well, I can't say I've ever experienced anything like it, but I can take a look at the script if you want. Two pair of eyes is always better than one, right?

  5. #5
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    http://www.vitalspeeds.com/iptables.rules
    I just don't understand why it works on 2 computer but not this one. Hmm, maybe I should try to test it on some others and see how it runs.

  6. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Now that is strange indeed. What would happen if you were to put a universal LOG target at the top of the INPUT chain? Would packets still be logged when they come in?

  7. #7
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Yeah they would. The only problem is this box cannot have any downtime since its a production box. It went down twice yesterday from the iptables and the owner probably wouldn't be to happy if he lost customers from downtime. This is a remote box as well so I have to submit a helpticket to the datacenter just for them to come and reboot it. So I am trying to figure out what is wrong without having to add debugging to the rules and run it so it takes down the box. I was thinking maybe I could try running the script on other computers and see if it happens then and try to figure out what is wrong. Trying to get someone to let me run my iptables script on their box is a pain though. And just about all the servers I have access to are production servers I work on and unfortunately this script works on my box.

  8. #8
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I could try on mine. Is there anything I should know except the /etc/firewall stuff? (Kernel config, files, etc.)

  9. #9
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    It should run just how it is as long as you have the needed modules. It will complain about a few files there but they are not needed. Just extra options to config the firewall.

  10. #10
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Sorry, to tell you, but it has been working on my box for 1 h 15 min right now.
    Maybe some other program is tinkering with your rules? I know that you don't want to debug it, but just a slight suggestion:
    Code:
    crontab <<<"* * * * * iptables -L -n | md5sum"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •