Daniel F. Chief Security Engineer - wrote: >I have my firewalls sandwitched beteen two routers. And every once in a while >it will drop sginal from the internal interface, all I have to do get on the >router and reset the interface. and it comes backup. it kind of weird and I >have yet to figure it out. > >On Friday 22 February 2002 09:23 am, Les Barstow wrote: > >>Does anyone have a pair of iptables boxes set up for failover? I don't >>think I need anything which mirrors the conntrack table, but it would be >>nice if I had a second box to take over when the first one disappears... >> >>Any sample configurations/scripts would be helpful. >> >> >>Also, has anyone had any experiences with iptables locking up (ie >>disallowing traffic)? I've checked conntrack tables and it appears I >>still have quite a bit of space there. Pings and TCP traffic both >>originating at the firewall and passing through it disappear. This only >>seems to happen on my external interface - I can ping internal address >>space. Been really annoying. Intel Pro dual 100Mbps ports. >>
Funny you should say that. I just had iptables begin blocking one of my VPN ports for no reason at all; flushing the chains and restarting cleared that problem.... This happens very rarely - about 1/week, but even that is too much.... Not a bandwith issue; I am running 384kb/sec - 6 ISDN 64K channels bundled together using mppp, and two internal eth interfaces at 100mbps. The blockage happens on the ppp if. generic kernel 2.4.17, iptables 1.2.5, RedHat 7.2 distro w/ all updates. >> >> >>It never used to happen, so it's either a hardware/network issue or a >>bandwidth-related problem (we were pushing 20Mbps through it the other >>day...) >> >
