On 9/21/06, Steph <stephanie.royle@xxxxxxxxxxxxxx> wrote:
Hi, We have 7 Dell 2850 servers with dual xeon 3 gig processors running the APF firewall version 0.9.6 http://rfxnetworks.com/apf.php They run fine for a day or two, then suddenly lock out all incoming connections, other than the backend IP, sometimes restarting the firewall resolves this, but occasionally we may have to leave it 10 mins or so before restarting where it will actually allow connections again.
Hi Stephanie, I have had problems with apf, as noted in this thread about 5 months ago: http://lists.centos.org/pipermail/centos/2006-May/064517.html However, it would just lock out seemingly random connections for a fairly short period, vs. the 10 min you are seeing. I emailed rfxnetworks, but never heard back. :-( So, although I have recommended APF numerous times on this list, I would now recommend people probably consider another alternative. I am currently "rolling my own" iptables config... if people have a frontend package similar to apf (but without these various "lock out" concerns), I would love to hear any recommendations. One thing I did to find useful in troubleshooting the apf issues I had was to use tcpdump. I used a command such as: nohup tcpdump -p -i any -s 0 -w out_file.enc 'tcp[tcpflags] & tcp-syn != 0 and (port 80 or port 443)' & I was seeing multiple TCP SYN packets come in from the same client (with the same src/dest port numbers) and no response from my CentOS box. You can view the out_file.enc in something like Ethereal (now Wireshark). Because it only captures the SYN packets, you can leave this running without worrying about filling up your hard drive. Also, I should probably mentioned that I was working with a CentOS 3 box. Let me know if you learn anything else. Regards, Kennedy _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos