Linux Web Server

15 pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Network security
Networking
Tech support
VPN
Wireless
I've inherited this Network that is comprise of a mixed Windows and Linux Servers. The Webserver is Linux based, which is on a DMZ. Lately, this Linux based Web Server is hanging and I am unable to reboot it the proper way. My question is, when the Linux Webserver hangs the internet connection for the entire company hangs as well. No one can access the internet while the web server is out of commission. This puzzles me as it is the first time I've seen this issue? I am not familiar with Linux and also DMZ, but I am sure it is one of those two. Any help will be greatly appreciated...

Answer Wiki

Thanks. We'll let you know when a new response is added.

Sounds to me like the LINUX box is doing more than just being a WEB server. What are the other servers doing? It might help if you could provide more specific details as to the setup of the network. I hope for your sake the thing is documented….Okay all you guys…quit laughing.

Paul

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Amigus
    My guess is that the server is also serving as a web proxy and the loss of connectivity is do to that fact. The most common web proxy software for Linux machines that I know of is "squid." Have a look and see if it's running on the box. As for the lockups, have a look at the dmesg output as well as /var/log/messages to see if there's any hints on the source of the instability.
    0 pointsBadges:
    report
  • Bobkberg
    When you say DMZ, the term usually means either a network between two routers or firewalls, OR a network hanging off of a third interface on a router or firewall. So, first off, how many network interfaces does the Linux system have. Second, if only one - where does it (what equipment) connect to other things. Objective of those questions is to find out if the Linux box IS your firewall, or is connected to some other device that functions that way. DrillO and amigus are pointing you in the right direction, but without more information, we're all playing a guessing game - not that we can't have fun with those, but every bit of information helps to clear up the picture. Bob
    1,070 pointsBadges:
    report
  • Paul144hart
    All the other replies are good direction - you should also look at you disk space when you reboot again. If it is running out of space from log messages, some versions of linux will hang. Example: 'df -a' look for volumes that are at 99 / 100 percent used.
    0 pointsBadges:
    report
  • Sdr0715
    When you say DMZ, the term usually means either a network between two routers or firewalls, OR a network hanging off of a third interface on a router or firewall. So, first off, how many network interfaces does the Linux system have. Second, if only one - where does it (what equipment) connect to other things. Objective of those questions is to find out if the Linux box IS your firewall, or is connected to some other device that functions that way. DrillO and amigus are pointing you in the right direction, but without more information, we're all playing a guessing game - not that we can't have fun with those, but every bit of information helps to clear up the picture. Bob ....Thanks for the response Bob ....Yes the DMZ is coming out of the Firewall..., Currently here's the network setup. The Main Router is connected to a small netgear hub. The hub has 2 connection going out, one is to the Mail Server and the other is to the Linux Firewall (running Astaro v3.216). The Firewall has 3 interfaces, one is going to the main switch for the network...one is from the netgear the hub (mentioned previously)and the last going to another small netgear hub. The last netgear hub has 2 connection going out...one is from the Firewall (mentioned previously) the other is going to a switch. The switch has a connection to the Linux Web Server. I am still trying to figure out how to make this network to be as simple as it is now as soon as I can make everythng running first. Thanks for the help...
    15 pointsBadges:
    report
  • This213
    Is there a reason your mail server isn't in the DMZ? Is there a reason you have a hub between the firewall and the switch going to the web server? If it were mine, I'd connect the mail server to the switch that the web server is connected to (making sure to set up access rules on the firewall first) and I'd take out the hub between the firewall and that switch (it's just another component that can go bad). Your internal network should be off the other switch connected to the firewall (the one NOT connected to the web server). From the sound of things, it's not, at least not if the web server going down is taking out the whole network. If the web server is indeed acting as your internal network proxy (or NAT or however you do things) you should move that service to a machine off the other switch. If the internal network is connected to the other switch, and the network only goes down until the moment you shutdown the web server (the network comes back online before the web server comes back up), then the web server is probably flooding your network. You can use ethereal to capture any incoming or outgoing packets from either the firewall or the web server and see just what's going on. If either the firewall or the web server has X installed (hey, I've seen it before) get a program called etherape - it will give you a live snapshot of all of the network traffic it can see. I wouldn't use this for serious analysis though as it does no logging and the view window gets incoherent with a few thousand concurrent connections. However, it's great for spotting flood traffic quickly.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following