can ftp kill the internal interface

hi,
i was just trying to download mysql-source package through asl-masqerading.
it killed my internal interface somehow after 75%.
this repeated 3 times now.....
any idea how this happens?
i cannot ping to and from asl (over this interface)
the traffic to dmz is not affected.

kind regards from germany,
christian

Parents

0 Andy_01 over 23 years ago

sounds strange, what exactly do you mean by killing an interface...

Andy.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Chris_W over 23 years ago in reply to Andy_01

and it feels strange, too..

every time i try to transfer something bigger, it closes the connection on the internal interface.
can't even ping to this interface or behind it.

on console, ifconfig eth0 looks ok to me.
now i tried not to masq on eth2, but give NAT rules for in and outgoing.
it blocked a little later, but still blocks.

then i tried to ftp from outside to inside
- pretty the same thing ...

is it worth to try the new release?

kind regards, christian
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Biffa over 23 years ago in reply to Chris_W

Sounds like a packet storm on the interface.

I take it you have three interfaces (you mentioned eth2) e.g. Internal and DMZ?

Do you two interfaces plugged into the same switch?

You need to separate DMZ and Internal physically
otherwise you can get the symptom you describe.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Biffa over 23 years ago in reply to Chris_W

Sounds like a packet storm on the interface.

I take it you have three interfaces (you mentioned eth2) e.g. Internal and DMZ?

Do you two interfaces plugged into the same switch?

You need to separate DMZ and Internal physically
otherwise you can get the symptom you describe.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 siudak@HES over 23 years ago in reply to Chris_W

We had some simular problems while updating to
3.2... (changing the zones on the nics)

after resetting our switches the problem was
solved.... (if you have two zones on the same
switch you will get enormous numbers of ip-spoof-
warnings on the kernel-log [;)] )

maybe a tip.

greetz

[ 28 May 2002: Message edited by: siudak@HES ]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Chris_W over 23 years ago in reply to Biffa

yes and no ;-)

you'r right, i have 3 NICS,

eth0 = internal,
eth1 = DMZ
eth2 = official, with some IP-aliases.

these all lead to different switches (as far as i know)

when i installed dmz machines (with NAT-rules) there was no such problem doing ftp to sunfreeware.

now trying ftp from eth0, it stops.
and i took eth0 to a separated switch (3com superstack II) which leads to some unix-machines, and on one port leads to a small switch (crossover-cable) to extend to some more machines.
these can talk together with no problem (nfs, nis, etc) but the gateway becomes invisible ....

now i opend webadmin for one machine on outside-interface, maybe it shows something next time .....

and then i'll try the new version .....
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel