Results 1 to 10 of 10
When I run my shell script which loads numerous rules into iptables, it works for about 5min then looks like it just starts dropping all incoming packets. Now I have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-28-2003 #1Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
Strange iptable problem
When I run my shell script which loads numerous rules into iptables, it works for about 5min then looks like it just starts dropping all incoming packets. Now I have this script running on my own box and another server I admin. I can't figure out why it is doing it on this server. Has anyone ever had a problem like this?
- 04-28-2003 #2Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
Are you sure that it's iptables that's dropping the packets? A lot of people have been having trouble lately with network cards that just stop functioning (in that it doesn't receive or drop the packets) after a few minutes.
- 04-28-2003 #3Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
Well this only occurs when I run the iptables script.
- 04-28-2003 #4Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
You don't say? Well, I can't say I've ever experienced anything like it, but I can take a look at the script if you want. Two pair of eyes is always better than one, right?
- 04-28-2003 #5Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
http://www.vitalspeeds.com/iptables.rules
I just don't understand why it works on 2 computer but not this one. Hmm, maybe I should try to test it on some others and see how it runs.
- 04-28-2003 #6Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
Now that is strange indeed. What would happen if you were to put a universal LOG target at the top of the INPUT chain? Would packets still be logged when they come in?
- 04-28-2003 #7Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
Yeah they would. The only problem is this box cannot have any downtime since its a production box. It went down twice yesterday from the iptables and the owner probably wouldn't be to happy if he lost customers from downtime. This is a remote box as well so I have to submit a helpticket to the datacenter just for them to come and reboot it. So I am trying to figure out what is wrong without having to add debugging to the rules and run it so it takes down the box. I was thinking maybe I could try running the script on other computers and see if it happens then and try to figure out what is wrong. Trying to get someone to let me run my iptables script on their box is a pain though. And just about all the servers I have access to are production servers I work on and unfortunately this script works on my box.
- 04-28-2003 #8Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
I could try on mine. Is there anything I should know except the /etc/firewall stuff? (Kernel config, files, etc.)
- 04-28-2003 #9Linux Engineer
- Join Date
- Jan 2003
- Location
- Lebanon, pa
- Posts
- 994
It should run just how it is as long as you have the needed modules. It will complain about a few files there but they are not needed. Just extra options to config the firewall.
- 04-29-2003 #10Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
Sorry, to tell you, but it has been working on my box for 1 h 15 min right now.
Maybe some other program is tinkering with your rules? I know that you don't want to debug it, but just a slight suggestion:
Code:crontab <<<"* * * * * iptables -L -n | md5sum"
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
