Possible problem with netfilter / shorewall?
I hope this is the
right place to post this.
I have a debian box
out in a datacenter that (amongst other things) is used as a mail server.
On particular office (behind a NAT firewall) access' user email relatively often
(about 20 users imapd-ssl).
Every so often these
users from that site stop being able to access their email (and web services
hosted on the same box sharing the same IP address). The frequency of
failures ranges from a couple of days to a couple of weeks.
It happened again
this morning. On a previous occasion I was able to determine that the
problem ONLY occurs if accessing from this office (i.e. from behind the office's
NAT router), accessing the box from other IP address's (even from the same ISP
and same subnet) continued fine. The problem was also NOT the office NAT
router (confirmed by rebooting the NAT router). Then I resolved the
problem by rebooting our box in the data centre.
With todays problem
I had a little more time to investigate the problem and was able to tie it down
to the firewall on the datacentre box (shorewall running on debian etch kernel
2.6.18-4-amd64). Restarting shorewall caused the problem to go
My gut feeling is
that there is a problem with shorewall / net filter. Specifically to do
with multiple simultaionious sessions FROM a given IP address (i.e. the NAT
firewall at the office in question - which by the way is another debian
box). I suspect the problem is caused by too many open connections from a
given IP (perhaps to a specific port)?
logging information should I be looking at to test this
2) Has anyone
come across a similar problem, and if so how did you overcome