Linux falls off DMZ

Discussion in 'Cisco' started by Rick Wezowicz, Apr 12, 2004.

  1. We are totally baffled by a problem we have been having ... here is
    what is happening ...

    - We have a Dell PowerEdge 650 running Redhat Linux 7.3
    - And a CISCO firewall

    That's the only standard I can say ... OK ... now after about 15
    minutes the computer just disappears from beyond the firewall. But
    from within the network in the firewall, it is just fine. After is
    drops, the server can still be pinged from within the firewall AND
    once the server is SSHed to from a "nearby" machine, it immediately
    pops back up online outside the firewall without difficulty.

    Here is what we have used to debug:
    1) Is it the network card dropping?
    - initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
    replaced it with another Intel Pro 1000MT Dual Card ... same problem
    .... so we replaced it again with a D-Link 10/100 card ... problem
    still occurs ... THUS it isn't NIC card related

    2) Is it Dell PowerEdge related?
    - we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
    Optiplex GX100. In Linux the problem still occurs ... it falls off the
    network if communication thru the firewall doesn't occur. THUS it
    isn't the physical server.

    3) Is the Linux install bad?
    - we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
    .... we installed 8.0, no luck ... we reinstalled 7.3, still no luck
    .... THUS it isn't Linux 7.3 causing the problem

    4) Is the OS the problem?
    - obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
    PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it
    has something to do with Linux.

    5) Is the problem a network cable ... nope

    6) Does the problem occur outside the firewall?
    - we moved our server to outside the firewall ... and ran it in RH
    Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
    firewall

    7) We contacted CISCO and they suggested checking ARP tables ... no
    problem, our server is still there

    8) We even tried moving the server directly next to the firewall
    physically ... no luck

    9) All the basics too ... new cables have been tried, new switches
    have been tried, new IP addresses and domains have been tried.

    THE ONLY solution we have found is to ping the box from an "outside
    the firewall" box every 30 seconds or so ... this keeps it up and
    running wihtout difficulty ... but it is only a semi-solution, we
    would like it to just run without problem.

    Any ideas?
    Rick
    Rick Wezowicz, Apr 12, 2004
    #1
    1. Advertising

  2. Rick Wezowicz

    Rik Bain Guest

    On Mon, 12 Apr 2004 09:38:34 -0500, Rick Wezowicz wrote:

    > We are totally baffled by a problem we have been having ... here is what
    > is happening ...
    >
    > - We have a Dell PowerEdge 650 running Redhat Linux 7.3 - And a CISCO
    > firewall
    >
    > That's the only standard I can say ... OK ... now after about 15 minutes
    > the computer just disappears from beyond the firewall. But from within
    > the network in the firewall, it is just fine. After is drops, the server
    > can still be pinged from within the firewall AND once the server is
    > SSHed to from a "nearby" machine, it immediately pops back up online
    > outside the firewall without difficulty.
    >
    > Here is what we have used to debug:
    > 1) Is it the network card dropping?
    > - initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
    > replaced it with another Intel Pro 1000MT Dual Card ... same problem ...
    > so we replaced it again with a D-Link 10/100 card ... problem still
    > occurs ... THUS it isn't NIC card related
    >
    > 2) Is it Dell PowerEdge related?
    > - we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
    > Optiplex GX100. In Linux the problem still occurs ... it falls off the
    > network if communication thru the firewall doesn't occur. THUS it isn't
    > the physical server.
    >
    > 3) Is the Linux install bad?
    > - we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
    > ... we installed 8.0, no luck ... we reinstalled 7.3, still no luck ...
    > THUS it isn't Linux 7.3 causing the problem
    >
    > 4) Is the OS the problem?
    > - obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
    > PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it has
    > something to do with Linux.
    >
    > 5) Is the problem a network cable ... nope
    >
    > 6) Does the problem occur outside the firewall?
    > - we moved our server to outside the firewall ... and ran it in RH
    > Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
    > firewall
    >
    > 7) We contacted CISCO and they suggested checking ARP tables ... no
    > problem, our server is still there
    >
    > 8) We even tried moving the server directly next to the firewall
    > physically ... no luck
    >
    > 9) All the basics too ... new cables have been tried, new switches have
    > been tried, new IP addresses and domains have been tried.
    >
    > THE ONLY solution we have found is to ping the box from an "outside the
    > firewall" box every 30 seconds or so ... this keeps it up and running
    > wihtout difficulty ... but it is only a semi-solution, we would like it
    > to just run without problem.
    >
    > Any ideas?
    > Rick


    I am not sure I understand what you mean by "disappear". When it does
    this can the pix ping the host? Can the RH box ping the pix? What does
    your nat config look like (show nat, show static)?

    Rik Bain
    Rik Bain, Apr 12, 2004
    #2
    1. Advertising

  3. Rick Wezowicz

    James Guest

    Rick Wezowicz wrote:
    > We are totally baffled by a problem we have been having ... here is
    > what is happening ...
    >
    > - We have a Dell PowerEdge 650 running Redhat Linux 7.3
    > - And a CISCO firewall
    >
    > That's the only standard I can say ... OK ... now after about 15
    > minutes the computer just disappears from beyond the firewall. But
    > from within the network in the firewall, it is just fine. After is
    > drops, the server can still be pinged from within the firewall AND
    > once the server is SSHed to from a "nearby" machine, it immediately
    > pops back up online outside the firewall without difficulty.
    >
    > Here is what we have used to debug:
    > 1) Is it the network card dropping?
    > - initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
    > replaced it with another Intel Pro 1000MT Dual Card ... same problem
    > ... so we replaced it again with a D-Link 10/100 card ... problem
    > still occurs ... THUS it isn't NIC card related
    >
    > 2) Is it Dell PowerEdge related?
    > - we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
    > Optiplex GX100. In Linux the problem still occurs ... it falls off the
    > network if communication thru the firewall doesn't occur. THUS it
    > isn't the physical server.
    >
    > 3) Is the Linux install bad?
    > - we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
    > ... we installed 8.0, no luck ... we reinstalled 7.3, still no luck
    > ... THUS it isn't Linux 7.3 causing the problem
    >
    > 4) Is the OS the problem?
    > - obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
    > PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it
    > has something to do with Linux.
    >
    > 5) Is the problem a network cable ... nope
    >
    > 6) Does the problem occur outside the firewall?
    > - we moved our server to outside the firewall ... and ran it in RH
    > Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
    > firewall
    >
    > 7) We contacted CISCO and they suggested checking ARP tables ... no
    > problem, our server is still there
    >
    > 8) We even tried moving the server directly next to the firewall
    > physically ... no luck
    >
    > 9) All the basics too ... new cables have been tried, new switches
    > have been tried, new IP addresses and domains have been tried.
    >
    > THE ONLY solution we have found is to ping the box from an "outside
    > the firewall" box every 30 seconds or so ... this keeps it up and
    > running wihtout difficulty ... but it is only a semi-solution, we
    > would like it to just run without problem.
    >
    > Any ideas?
    > Rick


    Hello Rick A few basics:

    netstat -nr <will show you your routing
    table on your linux system>

    ifconfig -a <will show you your ethernet
    interfaces and how they are configured>

    ethereal is the most robust sniffer you
    can have. Find a machine and install it.
    Ethereal will sniff your ethernet I/O
    on on your linux system. Frequently, I
    install 10mbps flat hubs between
    machines to sniff (analyze) data traffic.

    Is the machine a web servers? What the
    topology, i.e. the connection between
    the RH system and the cisco router?

    keepalive can be used on the cisco's
    ethernet interface as well as 'ip route
    cache'.

    If you can ping (see) the linux system
    from other machines, it's up on the
    network. You may be passing 'bad routes'
    to the linux system, and not be aware
    of it. What routing software/deamons are
    your running (if any) on the RH machine?

    If this machine is in your DMZ, are your
    other DMZ machines seen by the outside
    internet?

    More specifics are useful. Here is my
    BEST suggestion,

    RUN, not walk to Debian from RedHat.
    You'll find LOTS more support....
    Besides, RH is dying. As a server only
    product now. Debian is easy to install,
    upgrade, and get support on.


    James
    James, Apr 12, 2004
    #3
  4. Rick Wezowicz

    Mark Green Guest

    (Rick Wezowicz) wrote in message news:<>...
    > We are totally baffled by a problem we have been having ... here is
    > what is happening ...
    >
    > - We have a Dell PowerEdge 650 running Redhat Linux 7.3
    > - And a CISCO firewall
    >
    > That's the only standard I can say ... OK ... now after about 15
    > minutes the computer just disappears from beyond the firewall. But
    > from within the network in the firewall, it is just fine. After is
    > drops, the server can still be pinged from within the firewall AND
    > once the server is SSHed to from a "nearby" machine, it immediately
    > pops back up online outside the firewall without difficulty.
    >
    > Here is what we have used to debug:
    > 1) Is it the network card dropping?
    > - initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
    > replaced it with another Intel Pro 1000MT Dual Card ... same problem
    > ... so we replaced it again with a D-Link 10/100 card ... problem
    > still occurs ... THUS it isn't NIC card related
    >
    > 2) Is it Dell PowerEdge related?
    > - we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
    > Optiplex GX100. In Linux the problem still occurs ... it falls off the
    > network if communication thru the firewall doesn't occur. THUS it
    > isn't the physical server.
    >
    > 3) Is the Linux install bad?
    > - we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
    > ... we installed 8.0, no luck ... we reinstalled 7.3, still no luck
    > ... THUS it isn't Linux 7.3 causing the problem
    >
    > 4) Is the OS the problem?
    > - obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
    > PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it
    > has something to do with Linux.
    >
    > 5) Is the problem a network cable ... nope
    >
    > 6) Does the problem occur outside the firewall?
    > - we moved our server to outside the firewall ... and ran it in RH
    > Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
    > firewall
    >
    > 7) We contacted CISCO and they suggested checking ARP tables ... no
    > problem, our server is still there
    >
    > 8) We even tried moving the server directly next to the firewall
    > physically ... no luck
    >
    > 9) All the basics too ... new cables have been tried, new switches
    > have been tried, new IP addresses and domains have been tried.
    >
    > THE ONLY solution we have found is to ping the box from an "outside
    > the firewall" box every 30 seconds or so ... this keeps it up and
    > running wihtout difficulty ... but it is only a semi-solution, we
    > would like it to just run without problem.
    >
    > Any ideas?
    > Rick


    Try disable proxy arp on the Internal leg of the pix
    (the sysopt noproxyarp inside_interface).
    Mark Green, Apr 12, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JohnC
    Replies:
    9
    Views:
    853
    Walter Roberson
    Dec 7, 2004
  2. Network-Guy

    Cisco PIX DMZ to DMZ Access

    Network-Guy, Sep 23, 2005, in forum: Cisco
    Replies:
    7
    Views:
    3,893
    Walter Roberson
    Sep 25, 2005
  3. Daniel

    Gates falls on his face...

    Daniel, Jan 8, 2005, in forum: Computer Support
    Replies:
    8
    Views:
    405
  4. morten
    Replies:
    4
    Views:
    1,214
    Tilman Schmidt
    Sep 4, 2007
  5. Jack
    Replies:
    0
    Views:
    672
Loading...

Share This Page