Solved

NIC disconnects on public (web server) interface

Posted on 2008-10-28
5
380 Views
Last Modified: 2009-10-28
I have a web server with two network cards, one the "public" nic (connected to a Sonicwall Pro 2040), and another network card (private), plugged into a LAN.
At random times, perhaps once or twice a week, the public network card quits responding. We can no longer access it thru the internet, but I can still use terminal services from the LAN to get to the server.
I've disabled it and reenabled it, and it still doesn't work.
Here's how I finally figured out how to make it work again:
Change the static IP of the NIC to anything other than what it originally was. Then disable it, reenable it, change the IP back to it's original IP. It will then work fine for a few days.
Restarting the server works too.
I've updated the NIC drivers already. The server board is a Intel S5000PSL.
Does anyone have any ideas of why this may be happening?
0
Comment
Question by:thecomputerdocs
  • 3
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
Comment Utility
I'm confused. Why do you have a public facing physical interface connected to a firewall? Can you not just NAT to the internal address? What is this hosts default gateway?
0
 
LVL 5

Author Comment

by:thecomputerdocs
Comment Utility
The internal address NIC goes through another firewall which houses a back end database.
The public internet goes thru the firewall to the public NIC on the web server, seperating it from the private side.
0
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
OK, that makes things clearer, the server is in a dmz. Some food for thought...

What network connection states are there on the server when you find that the NIC is unresponsive?
Are there other hosts within the dmz that can connect to this server without going through a firewall?
Are you monitoring the system in any way?
Are there any noticeable changes to system activity beforehand?
Increase in memory/cpu/disk utilisation, either gradual or spikes?
What type of requests are coming in?  You say you can no longer access it thru (sic) the internet. Are you trying an HTTP connection? SSH? RDP? ping?
Have you checked for syn floods or some other DoS attack? What do the web logs say? Have you analysed them?

0
 
LVL 5

Author Comment

by:thecomputerdocs
Comment Utility
I haven't noticed anything unusual when it happens. It happens at random times.
It is the only device on the network.
I can still access it thru the private network card via RDP. When I connect, it shows as though nothing is wrong with the NIC, yet it's unresponsive.
Intel has told me there is some firmware updates that may need to be installed. I"m planning on doing them on Monday.
The only request that is allowed to come in from the internet is port 80.
How can I prevent a syn flood or Dos attack to the web server?
0
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
Start with the firmware updates. You can harden/tune your tcp stack to provide you with some protection against malicious syn floods, but unless you're actually a b2c website where vast amounts of money is involved, i wouldn't worry too much about DoS, although thats not to say you still shouldn't tune/harden your systems.

Good article about syn flood attacks here: http://www.securityfocus.com/infocus/1729

Some simple weblog analysis wouldn't hurt either, you should be doing this anyway if you are curious about who is accessing your website and using up your resources.

http://awstats.sourceforge.net/ is probably the most useful free analyser i've used, worth a look although there are a few others out there, most notable being http://www.webalizer.com/

hth.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
Know what services you can and cannot, should and should not combine on your server.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now