I hope this is the right place to post this.
Background
-----------------
I have a debian box out in a datacenter that (amongst other things) is used as a mail server. On particular office (behind a NAT firewall) access' user email relatively often (about 20 users imapd-ssl).
Every so often these users from that site stop being able to access their email (and web services hosted on the same box sharing the same IP address). The frequency of failures ranges from a couple of days to a couple of weeks.
It happened again this morning. On a previous occasion I was able to determine that the problem ONLY occurs if accessing from this office (i.e. from behind the office's NAT router), accessing the box from other IP address's (even from the same ISP and same subnet) continued fine. The problem was also NOT the office NAT router (confirmed by rebooting the NAT router). Then I resolved the problem by rebooting our box in the data centre.
With todays problem I had a little more time to investigate the problem and was able to tie it down to the firewall on the datacentre box (shorewall running on debian etch kernel 2.6.18-4-amd64). Restarting shorewall caused the problem to go away.
Hypothesis
-----------------
My gut feeling is that there is a problem with shorewall / net filter. Specifically to do with multiple simultaionious sessions FROM a given IP address (i.e. the NAT firewall at the office in question - which by the way is another debian box). I suspect the problem is caused by too many open connections from a given IP (perhaps to a specific port)?
Questions
--------------
1) What logging information should I be looking at to test this hypothesis?
2) Has anyone come across a similar problem, and if so how did you overcome it?
Kind regards
Andy
No comments:
Post a Comment