Solved

NIC disconnects on public (web server) interface

Posted on 2008-10-28
5
389 Views
Last Modified: 2009-10-28
I have a web server with two network cards, one the "public" nic (connected to a Sonicwall Pro 2040), and another network card (private), plugged into a LAN.
At random times, perhaps once or twice a week, the public network card quits responding. We can no longer access it thru the internet, but I can still use terminal services from the LAN to get to the server.
I've disabled it and reenabled it, and it still doesn't work.
Here's how I finally figured out how to make it work again:
Change the static IP of the NIC to anything other than what it originally was. Then disable it, reenable it, change the IP back to it's original IP. It will then work fine for a few days.
Restarting the server works too.
I've updated the NIC drivers already. The server board is a Intel S5000PSL.
Does anyone have any ideas of why this may be happening?
0
Comment
Question by:thecomputerdocs
  • 3
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22829295
I'm confused. Why do you have a public facing physical interface connected to a firewall? Can you not just NAT to the internal address? What is this hosts default gateway?
0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22837732
The internal address NIC goes through another firewall which houses a back end database.
The public internet goes thru the firewall to the public NIC on the web server, seperating it from the private side.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22838875
OK, that makes things clearer, the server is in a dmz. Some food for thought...

What network connection states are there on the server when you find that the NIC is unresponsive?
Are there other hosts within the dmz that can connect to this server without going through a firewall?
Are you monitoring the system in any way?
Are there any noticeable changes to system activity beforehand?
Increase in memory/cpu/disk utilisation, either gradual or spikes?
What type of requests are coming in?  You say you can no longer access it thru (sic) the internet. Are you trying an HTTP connection? SSH? RDP? ping?
Have you checked for syn floods or some other DoS attack? What do the web logs say? Have you analysed them?

0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22854564
I haven't noticed anything unusual when it happens. It happens at random times.
It is the only device on the network.
I can still access it thru the private network card via RDP. When I connect, it shows as though nothing is wrong with the NIC, yet it's unresponsive.
Intel has told me there is some firmware updates that may need to be installed. I"m planning on doing them on Monday.
The only request that is allowed to come in from the internet is port 80.
How can I prevent a syn flood or Dos attack to the web server?
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22856751
Start with the firmware updates. You can harden/tune your tcp stack to provide you with some protection against malicious syn floods, but unless you're actually a b2c website where vast amounts of money is involved, i wouldn't worry too much about DoS, although thats not to say you still shouldn't tune/harden your systems.

Good article about syn flood attacks here: http://www.securityfocus.com/infocus/1729

Some simple weblog analysis wouldn't hurt either, you should be doing this anyway if you are curious about who is accessing your website and using up your resources.

http://awstats.sourceforge.net/ is probably the most useful free analyser i've used, worth a look although there are a few others out there, most notable being http://www.webalizer.com/

hth.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question