[Sidewinder] [Fwd: RE: ESXi in a DMZ - can't keep a console going]
Sidewinder moderated discussion list
sidewinder at adeptech.com
Mon Oct 26 06:38:53 EDT 2009
---------------------------- Original Message ----------------------------
Subject: RE: [Sidewinder] ESXi in a DMZ - can't keep a console going Date:
Sun, October 25, 2009 7:57 pm
To: "sidewinder at adeptech.com" <sidewinder at adeptech.com>
--------------------------------------------------------------------------
tcpdump is your friend
you can determine if the firewall is dropping packets straight away simply
by monitoring inbound and outbound interfaces
get 2 shells running:
tcpdump -n -i <inbound interface> host <source IP address> and port
<destination port>
the -n flag simply shows IP, not hosts
repeat for outbound
IMO the GUI is really cludgy for monitoring traffic.
We send all our logs to a separate syslog server and just tail and grep.
There used to be a KB article on how to set this up somewhere. From memory
it's just an edit to /etc/sidewinder/auditd.conf
log(syslog local7 NULL sef)
sef being the readable log format
then your syslog.conf should be edited to look like this
local7.* @<IP address of your syslog server>
then cf server restart auditd
and restart syslogd
gurus correct me if I'm wrong somewhere, been a long time
David Harris
Unisys, Level 5, 20 Lee Street
SYDNEY NSW 2000
PH: 61 2 9032 4855
MB: 0416 231 024
-----Original Message-----
From: sidewinder-bounces at adeptech.com
[mailto:sidewinder-bounces at adeptech.com] On Behalf Of Sidewinder moderated
discussion list
Sent: Saturday, 24 October 2009 10:42 AM
To: sidewinder at adeptech.com
Subject: Re: [Sidewinder] ESXi in a DMZ - can't keep a console going
On Tue, Oct 20, 2009 at 13:30, Sidewinder moderated discussion list
<sidewinder at adeptech.com> wrote:
> Hello:
> Check the resource utilization on the box. If the CPU is running too
high, your firewall could be dropping connections.
> Ben
Good thought. But, I don't think that's the issue.
I just connected, and waited for the connection to drop while I monitored
top.
The following is representative of what I saw:
last pid: 61622; load averages: 0.04, 0.03, 0.01
up 59+10:20:24 16:41:36
111 processes: 1 running, 110 sleeping
CPU states: 0.4% user, 0.0% nice, 1.1% system, 0.0% interrupt, 98.5% idle
Mem: 310M Active, 33M Inact, 123M Wired, 21M Cache, 60M Buf, 2764K Free
Swap: 5120M Total, 1325M Used, 3795M Free, 25% Inuse
I'm beginning to wonder if a tcpdump trace might help with this - but I'm
certainly no expert with that.
Kurt
_______________________________________________
Sidewinder mailing list
Sidewinder at adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
More information about the Sidewinder
mailing list