Solved

NIC disconnects on public (web server) interface

Posted on 2008-10-28
5
383 Views
Last Modified: 2009-10-28
I have a web server with two network cards, one the "public" nic (connected to a Sonicwall Pro 2040), and another network card (private), plugged into a LAN.
At random times, perhaps once or twice a week, the public network card quits responding. We can no longer access it thru the internet, but I can still use terminal services from the LAN to get to the server.
I've disabled it and reenabled it, and it still doesn't work.
Here's how I finally figured out how to make it work again:
Change the static IP of the NIC to anything other than what it originally was. Then disable it, reenable it, change the IP back to it's original IP. It will then work fine for a few days.
Restarting the server works too.
I've updated the NIC drivers already. The server board is a Intel S5000PSL.
Does anyone have any ideas of why this may be happening?
0
Comment
Question by:thecomputerdocs
  • 3
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22829295
I'm confused. Why do you have a public facing physical interface connected to a firewall? Can you not just NAT to the internal address? What is this hosts default gateway?
0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22837732
The internal address NIC goes through another firewall which houses a back end database.
The public internet goes thru the firewall to the public NIC on the web server, seperating it from the private side.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22838875
OK, that makes things clearer, the server is in a dmz. Some food for thought...

What network connection states are there on the server when you find that the NIC is unresponsive?
Are there other hosts within the dmz that can connect to this server without going through a firewall?
Are you monitoring the system in any way?
Are there any noticeable changes to system activity beforehand?
Increase in memory/cpu/disk utilisation, either gradual or spikes?
What type of requests are coming in?  You say you can no longer access it thru (sic) the internet. Are you trying an HTTP connection? SSH? RDP? ping?
Have you checked for syn floods or some other DoS attack? What do the web logs say? Have you analysed them?

0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22854564
I haven't noticed anything unusual when it happens. It happens at random times.
It is the only device on the network.
I can still access it thru the private network card via RDP. When I connect, it shows as though nothing is wrong with the NIC, yet it's unresponsive.
Intel has told me there is some firmware updates that may need to be installed. I"m planning on doing them on Monday.
The only request that is allowed to come in from the internet is port 80.
How can I prevent a syn flood or Dos attack to the web server?
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22856751
Start with the firmware updates. You can harden/tune your tcp stack to provide you with some protection against malicious syn floods, but unless you're actually a b2c website where vast amounts of money is involved, i wouldn't worry too much about DoS, although thats not to say you still shouldn't tune/harden your systems.

Good article about syn flood attacks here: http://www.securityfocus.com/infocus/1729

Some simple weblog analysis wouldn't hurt either, you should be doing this anyway if you are curious about who is accessing your website and using up your resources.

http://awstats.sourceforge.net/ is probably the most useful free analyser i've used, worth a look although there are a few others out there, most notable being http://www.webalizer.com/

hth.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The 6120xp switches seem to have a bug when you create a fiber port channel when you have a UCS fabric interconnects talking to them.  If you follow the Cisco guide for the UCS, the FC Port channel will never come up and it will say that there are n…
Hyper-convergence systems have taken the IT world by storm and have quickly started to change our point of view of how the data center should and could be architected. In this article, I’ll explain the benefits of employing a hyper-converged system …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now