[TriLUG] iptables - sometimes stops working

Corey Mutter mutterc at nc.rr.com
Thu Apr 10 22:50:18 EDT 2003 

Is the firewall doing NAT? Maybe connections are aging-out of that table...

Also, another way you can debug this (if you think a rule is getting 
traffic dropped) is to make every traffic-dropping rule log the packets
(easy to do by creating a chain that logs the packet then drops it, then
jumping to that chain everywhere that you would do -j DROP). That way,
you get insight into what's being dropped when and why.

Corey

On Wed, Apr 09, 2003 at 06:58:41AM -0700, Turnpike Man wrote:
> I have an interesting thing I've noticed working with iptables.  I have
> recently converted my home network to use a linux machine with iptables, and
> that is going very well as far as I can tell.  My corporate network is next in
> line.  The anomaly I'm having is this:  I have a training lab setup in the
> corporate office.  That lab is separated from the production network by a linux
> machine running iptables.  That way folks can create their own domains, cross
> platform talk, etc. without affecting corp network but still have internet
> access.  Well, when that firewall goes unused for a certain amount of time, not
> sure how long that is, could be 24 hours, could be 72 hours - ish - the next
> time I boot up a lab machine, it cannot access the internet until I restart the
> iptables service.  Anyone familiar with this?  At home, iptables never needs to
> be restarted, of course, there is constant activity there, particularly bogus
> crap floating around the RR network, plus my accessing the network any given
> number of times in a day and surfing at home.
> 
> I've experienced this with RH 7.3 and RH 8.0.
> 
> Thanks,
> David M.
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more
> http://tax.yahoo.com
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html

More information about the TriLUG mailing list