iptables starts blocking outbound http traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello:

I have a machine running CentOS 5 x86_64.

It is running apache httpd and tomcat.

For some reason, after running for a few days,
web requests stop responding.  It happened again
this morning.  I check the syslog and see a HUGE
number of logs like this:

OUTPUT IN= OUT=eth0 SRC=[MyIP] DST=[OutsideIP] LEN=532 TOS=0x00 PREC=0x00
TTL=64 ID=52669 DF PROTO=TCP SPT=80 DPT=54697 WINDOW=61 RES=0x00 ACK PSH FIN
URGP=0

Here are my iptables commands for http connections (I have the default
policy set to drop):

# Allow http connections from the outside world
/sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p tcp --sport 1024: --dport
http -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p tcp --sport http --dport
1024: -m state --state ESTABLISHED -j ACCEPT

Here are some strange things:
1. I have the exact same rules running on two other servers which do 
	not give me any trouble.
2. If I stop and restart httpd and tomcat, the problem goes away.  This
	suggests the firewall is not a problem.

Any ideas what is going on?

Thanks,
	Neil

--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details. 

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux