This is literally my second day working with a Vyatta firewall so forgive my stupid questions.
I have a website that used to work and now it's putting out this error:
Error 7 (net::ERR_TIMED_OUT): The operation timed out.
By IP address or domain name. I get the same error.
The web server is on a remote network and is up and has no errors. I can browse to the website on the local network no problem.
The Vyatta firewall seems to be the issue.
Version: VSE6.1-2010.08.20
What I believe to be the relevant part of the configuration:
interfaces {
ethernet eth0 {
address xxx.xx.xx.125/28
duplex auto
hw-id 00:xx:xx:xx:xx:xx
smp_affinity auto
speed auto
}
ethernet eth1 {
address 10.94.62.125/24
duplex auto
hw-id 00:xx:xx:xx:xx:xx
smp_affinity auto
speed auto
}
loopback lo {
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server xxx.xx.xx.xx
name-server xxx.xx.xx.xx
}
}
nat {
rule 20 {
destination {
address xxx.xx.xx.117
}
inbound-interface eth0
inside-address {
address 10.94.62.100
}
protocol all
type destination
}
Firewall:
rule 400 {
action accept
destination {
address 10.94.62.100
port http,ssh
}
protocol tcp
source {
address 0.0.0.0/0
}
state {
established enable
new enable
related enable
}
Any help trying to troubleshoot this issue would be greatly appreciated.
Thanks
set system flow-accounting interface <interface name> // This command should be issued for each interface you want to monitor
set system flow-accounting netflow server <Server IP > port 9996 // Specifies a NetFlow collector to which to export Netflow data
set system flow-accounting netflow sampling-rate rate // Specifies the rate at which packets are sampled for statistics.
set system flow-accounting netflow version 9 // Specifies the Netflow format that data will be exported in.
set system flow-accounting netflow timeout expiry-interval 60 // Specifies the interval at which Netflow data will be sent to a Netflow collector.
set system flow-accounting netflow timeout max-active-life life // Use the set form of this command to set the global flow timeout.
set system flow-accounting netflow timeout flow-generic timeout // This parameter defines the amount of time the system continues to wait for data from a generic IP flow before considering the flow complete.
set system flow-accounting netflow timeout tcp-fin timeout
set system flow-accounting netflow timeout tcp-generic timeout
set system flow-accounting netflow timeout tcp-rst timeout
set system flow-accounting netflow timeout icmp timeout
set system flow-accounting netflow timeout udp timeout
Configuration
system {
flow-accounting {
interface <ifname> { // Please apply this on all active interface
netflow {
version 9 # Can use 5 or 9
engine-id <u32> # 0-255
server <Collector IP> {
port 9996 # user configurable
}
timeout {
expiry-interval 60
flow-generic 3600
icmp 300
max-active-life 604800
tcp-fin 300
tcp-generic 3600
tcp-rst 120
udp 300
}
}
}
}
sFlow configuration
system {
flow-accounting {
sflow {
agentid <u32>
server 192.168.1.1 {
port 9996
}
}
Hope the configuration helps. Happy monitoring !!!!!!!!