Is there a reason you have a hub between the firewall and the switch going to the web server?

If it were mine, I’d connect the mail server to the switch that the web server is connected to (making sure to set up access rules on the firewall first) and I’d take out the hub between the firewall and that switch (it’s just another component that can go bad).

Your internal network should be off the other switch connected to the firewall (the one NOT connected to the web server). From the sound of things, it’s not, at least not if the web server going down is taking out the whole network. If the web server is indeed acting as your internal network proxy (or NAT or however you do things) you should move that service to a machine off the other switch.

If the internal network is connected to the other switch, and the network only goes down until the moment you shutdown the web server (the network comes back online before the web server comes back up), then the web server is probably flooding your network. You can use ethereal to capture any incoming or outgoing packets from either the firewall or the web server and see just what’s going on. If either the firewall or the web server has X installed (hey, I’ve seen it before) get a program called etherape – it will give you a live snapshot of all of the network traffic it can see. I wouldn’t use this for serious analysis though as it does no logging and the view window gets incoherent with a few thousand concurrent connections. However, it’s great for spotting flood traffic quickly.

So, first off, how many network interfaces does the Linux system have.

Second, if only one – where does it (what equipment) connect to other things.

Objective of those questions is to find out if the Linux box IS your firewall, or is connected to some other device that functions that way.

DrillO and amigus are pointing you in the right direction, but without more information, we’re all playing a guessing game – not that we can’t have fun with those, but every bit of information helps to clear up the picture.

Bob

….Thanks for the response Bob
….Yes the DMZ is coming out of the Firewall…, Currently here’s the network setup. The Main Router is connected to a small netgear hub. The hub has 2 connection going out, one is to the Mail Server and the other is to the Linux Firewall (running Astaro v3.216). The Firewall has 3 interfaces, one is going to the main switch for the network…one is from the netgear the hub (mentioned previously)and the last going to another small netgear hub. The last netgear hub has 2 connection going out…one is from the Firewall (mentioned previously) the other is going to a switch. The switch has a connection to the Linux Web Server.

I am still trying to figure out how to make this network to be as simple as it is now as soon as I can make everythng running first.

Thanks for the help…

So, first off, how many network interfaces does the Linux system have.

Second, if only one – where does it (what equipment) connect to other things.

Objective of those questions is to find out if the Linux box IS your firewall, or is connected to some other device that functions that way.

DrillO and amigus are pointing you in the right direction, but without more information, we’re all playing a guessing game – not that we can’t have fun with those, but every bit of information helps to clear up the picture.

Bob

As for the lockups, have a look at the dmesg output as well as /var/log/messages to see if there’s any hints on the source of the instability.