Solved

NIC disconnects on public (web server) interface

Posted on 2008-10-28
5
393 Views
Last Modified: 2009-10-28
I have a web server with two network cards, one the "public" nic (connected to a Sonicwall Pro 2040), and another network card (private), plugged into a LAN.
At random times, perhaps once or twice a week, the public network card quits responding. We can no longer access it thru the internet, but I can still use terminal services from the LAN to get to the server.
I've disabled it and reenabled it, and it still doesn't work.
Here's how I finally figured out how to make it work again:
Change the static IP of the NIC to anything other than what it originally was. Then disable it, reenable it, change the IP back to it's original IP. It will then work fine for a few days.
Restarting the server works too.
I've updated the NIC drivers already. The server board is a Intel S5000PSL.
Does anyone have any ideas of why this may be happening?
0
Comment
Question by:thecomputerdocs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22829295
I'm confused. Why do you have a public facing physical interface connected to a firewall? Can you not just NAT to the internal address? What is this hosts default gateway?
0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22837732
The internal address NIC goes through another firewall which houses a back end database.
The public internet goes thru the firewall to the public NIC on the web server, seperating it from the private side.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22838875
OK, that makes things clearer, the server is in a dmz. Some food for thought...

What network connection states are there on the server when you find that the NIC is unresponsive?
Are there other hosts within the dmz that can connect to this server without going through a firewall?
Are you monitoring the system in any way?
Are there any noticeable changes to system activity beforehand?
Increase in memory/cpu/disk utilisation, either gradual or spikes?
What type of requests are coming in?  You say you can no longer access it thru (sic) the internet. Are you trying an HTTP connection? SSH? RDP? ping?
Have you checked for syn floods or some other DoS attack? What do the web logs say? Have you analysed them?

0
 
LVL 5

Author Comment

by:thecomputerdocs
ID: 22854564
I haven't noticed anything unusual when it happens. It happens at random times.
It is the only device on the network.
I can still access it thru the private network card via RDP. When I connect, it shows as though nothing is wrong with the NIC, yet it's unresponsive.
Intel has told me there is some firmware updates that may need to be installed. I"m planning on doing them on Monday.
The only request that is allowed to come in from the internet is port 80.
How can I prevent a syn flood or Dos attack to the web server?
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22856751
Start with the firmware updates. You can harden/tune your tcp stack to provide you with some protection against malicious syn floods, but unless you're actually a b2c website where vast amounts of money is involved, i wouldn't worry too much about DoS, although thats not to say you still shouldn't tune/harden your systems.

Good article about syn flood attacks here: http://www.securityfocus.com/infocus/1729

Some simple weblog analysis wouldn't hurt either, you should be doing this anyway if you are curious about who is accessing your website and using up your resources.

http://awstats.sourceforge.net/ is probably the most useful free analyser i've used, worth a look although there are a few others out there, most notable being http://www.webalizer.com/

hth.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question