Solved

NIC disconnects on public (web server) interface

Posted on 2008-10-28
5
398 Views
Last Modified: 2009-10-28
I have a web server with two network cards, one the "public" nic (connected to a Sonicwall Pro 2040), and another network card (private), plugged into a LAN.
At random times, perhaps once or twice a week, the public network card quits responding. We can no longer access it thru the internet, but I can still use terminal services from the LAN to get to the server.
I've disabled it and reenabled it, and it still doesn't work.
Here's how I finally figured out how to make it work again:
Change the static IP of the NIC to anything other than what it originally was. Then disable it, reenable it, change the IP back to it's original IP. It will then work fine for a few days.
Restarting the server works too.
I've updated the NIC drivers already. The server board is a Intel S5000PSL.
Does anyone have any ideas of why this may be happening?
0
Comment
Question by:thecomputerdocs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22829295
I'm confused. Why do you have a public facing physical interface connected to a firewall? Can you not just NAT to the internal address? What is this hosts default gateway?
0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22837732
The internal address NIC goes through another firewall which houses a back end database.
The public internet goes thru the firewall to the public NIC on the web server, seperating it from the private side.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22838875
OK, that makes things clearer, the server is in a dmz. Some food for thought...

What network connection states are there on the server when you find that the NIC is unresponsive?
Are there other hosts within the dmz that can connect to this server without going through a firewall?
Are you monitoring the system in any way?
Are there any noticeable changes to system activity beforehand?
Increase in memory/cpu/disk utilisation, either gradual or spikes?
What type of requests are coming in?  You say you can no longer access it thru (sic) the internet. Are you trying an HTTP connection? SSH? RDP? ping?
Have you checked for syn floods or some other DoS attack? What do the web logs say? Have you analysed them?

0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22854564
I haven't noticed anything unusual when it happens. It happens at random times.
It is the only device on the network.
I can still access it thru the private network card via RDP. When I connect, it shows as though nothing is wrong with the NIC, yet it's unresponsive.
Intel has told me there is some firmware updates that may need to be installed. I"m planning on doing them on Monday.
The only request that is allowed to come in from the internet is port 80.
How can I prevent a syn flood or Dos attack to the web server?
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22856751
Start with the firmware updates. You can harden/tune your tcp stack to provide you with some protection against malicious syn floods, but unless you're actually a b2c website where vast amounts of money is involved, i wouldn't worry too much about DoS, although thats not to say you still shouldn't tune/harden your systems.

Good article about syn flood attacks here: http://www.securityfocus.com/infocus/1729

Some simple weblog analysis wouldn't hurt either, you should be doing this anyway if you are curious about who is accessing your website and using up your resources.

http://awstats.sourceforge.net/ is probably the most useful free analyser i've used, worth a look although there are a few others out there, most notable being http://www.webalizer.com/

hth.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question