intermittent network/firewall failure

Hi all,

I've recently tried setting up a firewall for our office and tried
shorewall/iptables on CentOS. Installation and setup was easy and
everything works fine except i've been getting intermittent network
failure. During the interruption, the firewall can't ping its gateway
(our dsl provider), although when I do a "service network reload"
everything is normal again (except when the network failure randomly
strikes again).

Now i've tried the redwall livecd fireall (i think its also
redhat-based), and the same problem comes back. When I plug the network
to our old linksys dsl router, the intermittent failure don't appear
anymore.

I want to know what's going on but I don't know where to start. You may
want to suggest that I use another distro/os/firewall but I really,
really want to know what went on in there. Any help on locating the
problem is really appreciated.

btw, this is the setup: the box has 3 nics (1 for net, local and dmz),
we have a block of 5 static ip addresses. the box is built is on a
celeron 1.7 (right, whoa!) and 256mb ram

On 17 Sep 2005 23:26:12 -0700, (E-Mail Removed) wrote:
> Hi all,
>
> I've recently tried setting up a firewall for our office and tried
> shorewall/iptables on CentOS. Installation and setup was easy and
> everything works fine except i've been getting intermittent network
> failure. During the interruption, the firewall can't ping its gateway
> (our dsl provider), although when I do a "service network reload"
> everything is normal again (except when the network failure randomly
> strikes again).

> I want to know what's going on but I don't know where to start. You may

Is the time truly random, or is it failing when your dhcp lease expires.
cat /var/lib/dhcp/dhclient-eth0.leases if eth0 is the nic to WAN
and you are using dhcp as your dhcp client.

Any messages in /var/log/messages when you get the outage.
How about any error found with ifconfig eth0

Yes, the time is random, from as soon as 5 mins (to the next outage) to
4 hours on the next outage. I don't think it has something to do with
dhcp, we're using static ip addresses.

As for /var/log/messages, I can't seem to find any problem, (or i don't
know what i'm looking for).

ifconfig eth0 also shows the usual.

Is it possible that our network may be under attack and I haven't
configured the firewall properly? I've configured the firewall's policy
to block all incoming (the dmz can wait until the crisis is over).

On 17 Sep 2005 23:54:43 -0700, (E-Mail Removed) wrote:

>Yes, the time is random, from as soon as 5 mins (to the next outage) to
>4 hours on the next outage. I don't think it has something to do with
>dhcp, we're using static ip addresses.
>
>As for /var/log/messages, I can't seem to find any problem, (or i don't
>know what i'm looking for).
>
>ifconfig eth0 also shows the usual.
>
>Is it possible that our network may be under attack and I haven't
>configured the firewall properly? I've configured the firewall's policy
>to block all incoming (the dmz can wait until the crisis is over).

firewall configuration error, been there done that, but you wouldn't
recognise the answer if I told you, keep watching it )

Cheers.

Come on, try me I'm just looking for "where to start". Is it that my
packets are going out, they're just not returning? Are there ip
configuration conflicts? Are there ARP problems? I think I have enough
to know, I just don't know where or how to start looking. You can ask
me to use tcpdump, I just don't know what to look for. Also, I can't
watch /var/log/messages again, I've just installed openbsd on it.

And i'm running out of time.

btw, if openbsd does the job then good for me, if not, i still want to
know what happened (and how to find out what happened).

thanks!

Grant wrote:
>
> firewall configuration error, been there done that, but you wouldn't
> recognise the answer if I told you, keep watching it )
>
> Cheers.