michaeltegler
asked on
Web site timing out Error 7 (net::ERR_TIMED_OUT): The operation timed out
This is literally my second day working with a Vyatta firewall so forgive my stupid questions.
I have a website that used to work and now it's putting out this error:
Error 7 (net::ERR_TIMED_OUT): The operation timed out.
By IP address or domain name. I get the same error.
The web server is on a remote network and is up and has no errors. I can browse to the website on the local network no problem.
The Vyatta firewall seems to be the issue.
Version: VSE6.1-2010.08.20
What I believe to be the relevant part of the configuration:
interfaces {
ethernet eth0 {
address xxx.xx.xx.125/28
duplex auto
hw-id 00:xx:xx:xx:xx:xx
smp_affinity auto
speed auto
}
ethernet eth1 {
address 10.94.62.125/24
duplex auto
hw-id 00:xx:xx:xx:xx:xx
smp_affinity auto
speed auto
}
loopback lo {
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server xxx.xx.xx.xx
name-server xxx.xx.xx.xx
}
}
nat {
rule 20 {
destination {
address xxx.xx.xx.117
}
inbound-interface eth0
inside-address {
address 10.94.62.100
}
protocol all
type destination
}
Firewall:
rule 400 {
action accept
destination {
address 10.94.62.100
port http,ssh
}
protocol tcp
source {
address 0.0.0.0/0
}
state {
established enable
new enable
related enable
}
Any help trying to troubleshoot this issue would be greatly appreciated.
Thanks
I have a website that used to work and now it's putting out this error:
Error 7 (net::ERR_TIMED_OUT): The operation timed out.
By IP address or domain name. I get the same error.
The web server is on a remote network and is up and has no errors. I can browse to the website on the local network no problem.
The Vyatta firewall seems to be the issue.
Version: VSE6.1-2010.08.20
What I believe to be the relevant part of the configuration:
interfaces {
ethernet eth0 {
address xxx.xx.xx.125/28
duplex auto
hw-id 00:xx:xx:xx:xx:xx
smp_affinity auto
speed auto
}
ethernet eth1 {
address 10.94.62.125/24
duplex auto
hw-id 00:xx:xx:xx:xx:xx
smp_affinity auto
speed auto
}
loopback lo {
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server xxx.xx.xx.xx
name-server xxx.xx.xx.xx
}
}
nat {
rule 20 {
destination {
address xxx.xx.xx.117
}
inbound-interface eth0
inside-address {
address 10.94.62.100
}
protocol all
type destination
}
Firewall:
rule 400 {
action accept
destination {
address 10.94.62.100
port http,ssh
}
protocol tcp
source {
address 0.0.0.0/0
}
state {
established enable
new enable
related enable
}
Any help trying to troubleshoot this issue would be greatly appreciated.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all this. I tried to just reboot the firewall lastnight and it became unresponsive. Fortunately the backup firewall came online immediately as it's supposed to do. But another tech is going to the datacenter to fix this. So no longer my issue. For the moment anyway.
Thanks again
Thanks again
set system flow-accounting interface <interface name> // This command should be issued for each interface you want to monitor
set system flow-accounting netflow server <Server IP > port 9996 // Specifies a NetFlow collector to which to export Netflow data
set system flow-accounting netflow sampling-rate rate // Specifies the rate at which packets are sampled for statistics.
set system flow-accounting netflow version 9 // Specifies the Netflow format that data will be exported in.
set system flow-accounting netflow timeout expiry-interval 60 // Specifies the interval at which Netflow data will be sent to a Netflow collector.
set system flow-accounting netflow timeout max-active-life life // Use the set form of this command to set the global flow timeout.
set system flow-accounting netflow timeout flow-generic timeout // This parameter defines the amount of time the system continues to wait for data from a generic IP flow before considering the flow complete.
set system flow-accounting netflow timeout tcp-fin timeout
set system flow-accounting netflow timeout tcp-generic timeout
set system flow-accounting netflow timeout tcp-rst timeout
set system flow-accounting netflow timeout icmp timeout
set system flow-accounting netflow timeout udp timeout
Configuration
system {
flow-accounting {
interface <ifname> { // Please apply this on all active interface
netflow {
version 9 # Can use 5 or 9
engine-id <u32> # 0-255
server <Collector IP> {
port 9996 # user configurable
}
timeout {
expiry-interval 60
flow-generic 3600
icmp 300
max-active-life 604800
tcp-fin 300
tcp-generic 3600
tcp-rst 120
udp 300
}
}
}
}
sFlow configuration
system {
flow-accounting {
sflow {
agentid <u32>
server 192.168.1.1 {
port 9996
}
}
Hope the configuration helps. Happy monitoring !!!!!!!!