Fighting Firewalls

Some of you may have noticed that OCMS has been down off-and-on for the past day or so… that is because I installed a hardware firewall.

I’ve had the hardware for a while, but it didn’t want to cooperate with several distributions… and installing drivers on Linux is nowhere as easy as it is on Windows… at least for me.  I had a friend help me with it and just needed to configure it.

Over the past few years, I have learned how to lock down Windows servers just as well as any good Linux server… learning as the need arises when the server becomes compromised.  Long story short… never put ActiveDirectory on a web server.

Several events prompted me to push the firewall project to the top of my priority list.

Everything was running fine.  I finally configured the firewall properly, and everything was running smoothly.  Then everything just stopped… it rebooted hard.

It sounded like a hardware issue, but which one?  Was there inadequate cooling?  Was the memory bad?  Or was it the new plugins I just installed?  It was hard to determine, but I figure I’d reinstall clean.

After a clean reinstall and configuration, everything was running fine again.  I was very satisfied.  Then my wife wakes me up that the Internet is down.  I looked at the graphs, and everything stopped around 6:00 am.  Something was wrong again.


I reinstalled several times, and noticed a pattern. The Orange (DMZ) and green (internal) networks could see everything just fine, but went into a black hole when going out to the internet… I couldn’t even ping the gateway.

It looked like the third network interface was bad.  I reinstalled and configured as a Red + Green (internet and local only), and it was fine.  Really looks like the third network card at this point… I would have to replace the entire board, because this is a special 3-port network card specifically made for this motherboard).

Just for kicks and giggles… I reconfigured a 3-network firewall as before, but switched the interfaces the red and orange networks were on.  If the card were really bad, then Internet would work, but I wouldn’t be able to get to the DMZ.  Well… everything worked perfectly.

It could also be a heat issue.  I felt the network chips, and they get very hot to the touch.  I’m going to put some ram sinks on them and a blower to make sure this isn’t the issue.

So, for now, everything is running fine, but I am keeping a close eye on it.  It absolutely doesn’t make sense… the network card works one minute, and then doesn’t the next.

Alan is a web architect, stand-up comedian, and your friendly neighborhood Grammar Nazi. You can stalk him on the Interwebs via Google+, Facebook and follow his ass on Twitter @ocmodshop.