[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: port blocking? oracle problem? Other?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: port blocking? oracle problem? Other?
- From: Matt Simonsen <matt_lists_(_at_)_careercast_(_dot_)_com>
- Date: Fri, 15 Feb 2002 14:51:59 -0800
- Reply-to: matt_lists_(_at_)_careercast_(_dot_)_com
Without your rules, I can only guess, but if I had to guess I'd say the
firewall is having its state table filled up with the increase in traffic
(coming from quearys to the oracle box which are now having to go through the
firewall). When that happens, it flushes the table and packets relying on
state would get blocked on their way back in or out.
On Friday 15 February 2002 02:44 pm, john abbott wrote:
> OK, here is the deal, I had one firewall, HP Vectra XU 150 Pent. Pro
> running openbsd 2.8 and ipf. Behind it I had four web servers and an
> oracle server. Everything was running great.
> But, because of some other software that was running on the oracle
> server, it seemed like a really great idea to move the oracle server and
> setup firewall #2, also a HP Vectra XU with only the oracle server
> behind it. Troubles.
> The web servers behind firewall #1 and are making queries (and replies?)
> via port 1521 to the oracle server and everything is working great.
> ...for a few hours. Then something happens, and I don't know quite
> what, but suddenly port 53 and 1521 starts being blocked.
> Nov 29 12:50:39 webwall ipmon: 12:50:38.533470 fxp0
> @0:58 b 188.8.131.52,53 -> 184.108.40.206,10007 PR udp len 20 150 IN
> Nov 29 12:50:54 webwall ipmon: 12:50:53.648449 fxp0
> @0:58 b 220.127.116.11,1521 -> 18.104.22.168,10008 PR tcp len 20 44 -AS
> (yeah, ok, I need to set the date on my firewall :-) The web servers can
> no longer find the oracle servers and 1521 is getting blocked too.
> Other stuff continues to work just fine, port 80 keeps getting passed
> just fine, I can still ssh into the machines just fine.
> I guess my questions are, what could be causing this? Why would it only
> be causing trouble with just these ports? Are the firewalls getting
> overloaded or something and is that what causes these ports to become
Visit your host, monkey.org