Re: The oh so stable Linux - Linux

This is a discussion on Re: The oh so stable Linux - Linux ; On Mon, 20 Oct 2008 06:30:06 -0500, Terry Porter wrote: >> No, there is no way to reset iptables in this case. I've tried all the >> normal solutions and they don't work. I have to unload all rules and ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Re: The oh so stable Linux

  1. Re: The oh so stable Linux

    On Mon, 20 Oct 2008 06:30:06 -0500, Terry Porter wrote:

    >> No, there is no way to reset iptables in this case. I've tried all the
    >> normal solutions and they don't work. I have to unload all rules and
    >> reload them, it's the only way i've been able to make it recover. This
    >> kills all net connections that are using those rules.

    >
    > This stuff is iptables 101 Eric, WHAT are you doing messing around with
    > this stuff when you have NO CLUE ?


    I know what i'm doing.

    > You can't even SPECIFY the problem properly!
    >
    > There is no 'UNLOAD' command there is only flushing the iptables rulesets
    > and naturally this BLOCKS everything.


    I didn't say there was. I said I had to unload the rules, i didn't say i
    issued an unload command. To be specific, I *DELETE* the rules. I don't
    flush them, otherwise i risk losing ssh and other functions as well.

    Firewall terminology is rich with conflicting terminology. Some firewalls
    use terms like reset, reload, dump, clear, etc.. So please don't get all
    high and mighty because you're an anal asshat.

    > Loading a new ruleset over an existing is pretty much instant and
    > doesn't interfere with things (unless it removes important rulesets), I
    > know as I do this a lot myself.


    reloading the ruleset doesn't fix the problem. I have to delete the rules
    first, then reload them for it to work again. But if you had ever
    expereience these kinds of problems, you'd know that.

    > But then I use FWbuilder http://www.fwbuilder.org/ to remotely admin
    > iptables rulesets via a SSH upload, which makes the job quite fast and
    > easy.


    I don't use FWbuilder, because it doesn't support what I need. I also
    don't like the interface very much as it's confusing and buggy.

    >
    >> The solution works, and it works fine for a period of time. It's setup
    >> correctly.

    >
    > Yeah, sure it is, it just *DOESN'T* work.


    Then explain why it will work pefectly for an arbitrary amount of itme.. a
    day, a week, sometimes 2.. then just randomly start rejecting data, or no
    longer forwarding it?

    This is the sort of thing that either works or it doesn't. Working for a
    period of time before it stops is a sure sign of a bug in the kernel.

    Unless you'd care to explain how a wrong configuration can cause something
    to randomly fail after a period of time.

    No?

    Didn't think you could explain it.

    >> I can't look for answers. I can't troubleshoot. When the problem
    >> occurs, I have to get the system working again immediately, leaving no
    >> time to troubleshoot the problem.

    >
    > Your total lack of Linux design expertise has painted YOU into a corner,
    > and it's YOUR problem.
    > You seem incapable of utilizing Linux tools to solve this problem, but
    > again, no surprises there.


    Which linux tool might that be, out of the 10's of thousands of them?

    I'm waiting, you should be able to simply tell me which tools you're
    referring to. tcpdump? Nope, tshark? sorry. All of those only work on
    solving the problem AFTER it has occurred, but i can't do that because i
    need to keep the system up and running. I can't leave the system down to
    troubleshoot it.

    >> I can't reproduce the problem on test machines because it doesn't get
    >> the same load or traffic.

    >
    > You seem unaware of the Linux apps designed to simulate network traffic
    > but as your primary occupation is that of Wintroll, I'm not really
    > surprised.


    The fact that you flippantly say this proves how little you really know
    about complex network environments.

    >> Now of course every platform has bugs. It just seems that I always run
    >> into them in Linux.

    >
    > And you always post them here on Cola for everyone to see, however I'm
    > not buying as always.


    No, i don't. Only when i'm exceptionally frustrated. And of course you're
    not buying, because you're one of those people that can't possibly believe
    there's anything wrong with Linux, until someone like Linus admits to the
    problem. Remember the Mindcraft benchmarks? The ones that so many people
    said were false. But when Linus admitted to the problem, nobody ate crow.

    > Erick, so far you read like 15 year old school kid, and you seem to have
    > the same lack of Linux experience.


    I'd challenge you to show your experience in solving this sort of problem,
    but i know you won't take me up on it.

  2. Re: The oh so stable Linux

    On Mon, 20 Oct 2008 17:15:30 -0400, Erik Funkenbusch wrote:

    > On Mon, 20 Oct 2008 06:30:06 -0500, Terry Porter wrote:
    >
    >>> No, there is no way to reset iptables in this case. I've tried all the
    >>> normal solutions and they don't work. I have to unload all rules and
    >>> reload them, it's the only way i've been able to make it recover. This
    >>> kills all net connections that are using those rules.

    >>
    >> This stuff is iptables 101 Eric, WHAT are you doing messing around with
    >> this stuff when you have NO CLUE ?

    >
    > I know what i'm doing.
    >
    >> You can't even SPECIFY the problem properly!
    >>
    >> There is no 'UNLOAD' command there is only flushing the iptables rulesets
    >> and naturally this BLOCKS everything.

    >
    > I didn't say there was. I said I had to unload the rules, i didn't say i
    > issued an unload command. To be specific, I *DELETE* the rules. I don't
    > flush them, otherwise i risk losing ssh and other functions as well.
    >
    > Firewall terminology is rich with conflicting terminology. Some firewalls
    > use terms like reset, reload, dump, clear, etc.. So please don't get all
    > high and mighty because you're an anal asshat.
    >
    >> Loading a new ruleset over an existing is pretty much instant and
    >> doesn't interfere with things (unless it removes important rulesets), I
    >> know as I do this a lot myself.

    >
    > reloading the ruleset doesn't fix the problem. I have to delete the rules
    > first, then reload them for it to work again. But if you had ever
    > expereience these kinds of problems, you'd know that.
    >
    >> But then I use FWbuilder http://www.fwbuilder.org/ to remotely admin
    >> iptables rulesets via a SSH upload, which makes the job quite fast and
    >> easy.

    >
    > I don't use FWbuilder, because it doesn't support what I need. I also
    > don't like the interface very much as it's confusing and buggy.
    >
    >>
    >>> The solution works, and it works fine for a period of time. It's setup
    >>> correctly.

    >>
    >> Yeah, sure it is, it just *DOESN'T* work.

    >
    > Then explain why it will work pefectly for an arbitrary amount of itme.. a
    > day, a week, sometimes 2.. then just randomly start rejecting data, or no
    > longer forwarding it?
    >
    > This is the sort of thing that either works or it doesn't. Working for a
    > period of time before it stops is a sure sign of a bug in the kernel.
    >
    > Unless you'd care to explain how a wrong configuration can cause something
    > to randomly fail after a period of time.
    >
    > No?
    >
    > Didn't think you could explain it.
    >
    >>> I can't look for answers. I can't troubleshoot. When the problem
    >>> occurs, I have to get the system working again immediately, leaving no
    >>> time to troubleshoot the problem.

    >>
    >> Your total lack of Linux design expertise has painted YOU into a corner,
    >> and it's YOUR problem.
    >> You seem incapable of utilizing Linux tools to solve this problem, but
    >> again, no surprises there.

    >
    > Which linux tool might that be, out of the 10's of thousands of them?
    >
    > I'm waiting, you should be able to simply tell me which tools you're
    > referring to. tcpdump? Nope, tshark? sorry. All of those only work on
    > solving the problem AFTER it has occurred, but i can't do that because i
    > need to keep the system up and running. I can't leave the system down to
    > troubleshoot it.
    >
    >>> I can't reproduce the problem on test machines because it doesn't get
    >>> the same load or traffic.

    >>
    >> You seem unaware of the Linux apps designed to simulate network traffic
    >> but as your primary occupation is that of Wintroll, I'm not really
    >> surprised.

    >
    > The fact that you flippantly say this proves how little you really know
    > about complex network environments.
    >
    >>> Now of course every platform has bugs. It just seems that I always run
    >>> into them in Linux.

    >>
    >> And you always post them here on Cola for everyone to see, however I'm
    >> not buying as always.

    >
    > No, i don't. Only when i'm exceptionally frustrated. And of course you're
    > not buying, because you're one of those people that can't possibly believe
    > there's anything wrong with Linux, until someone like Linus admits to the
    > problem. Remember the Mindcraft benchmarks? The ones that so many people
    > said were false. But when Linus admitted to the problem, nobody ate crow.
    >
    >> Erick, so far you read like 15 year old school kid, and you seem to have
    >> the same lack of Linux experience.

    >
    > I'd challenge you to show your experience in solving this sort of problem,
    > but i know you won't take me up on it.


    Ouch......
    Scathing.............

    I think Terry is probably still recovering from his wounds.

    One thing I do notice about Linux is that sometimes, for some odd reason,
    things just stop working.
    I have a printer that is doing that right now.
    It's NOT the hardware BTW.

    I did some hunting and it appears that people in the Ubuntu groups are
    complaining of the same thing.
    One minute it works, and may work for days, all of a sudden it doesn't
    work.
    No logs, nothing to troubleshoot with.

    What I do know is it appears to have something to do with CUPS.
    I shared the printer via Samba, no easy trick BTW, and it seems to be
    holding up.
    I'll know in a day or so.

    Not meant to hijack.....
    Return....

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/
    Please Visit www.linsux.org

  3. Re: The oh so stable Linux

    After takin' a swig o' grog, Erik Funkenbusch belched out
    this bit o' wisdom:

    > I don't use FWbuilder, because it doesn't support what I need. I also
    > don't like the interface very much as it's confusing and buggy.


    http://www.webhostingtalk.com/showthread.php?t=676548

    Old 03-08-2008, 10:22 AM
    mgphoto

    I went from the Watchguard to a Sonicwall to a linux based firewall
    (and some other top secret devices).

    I found the Watchguard a very poor performer and not very flexiable.

    Right now I'm using a Xeon and a raid 5 setup with 2 Gb of ram and 1
    Gb NICs. It's very fast and provides more than enough for up to about
    140 Mbs.

    I'd suggest you look at something like fwbuilder for your software.

    --
    Laura's Law:
    No child throws up in the bathroom.

  4. Re: The oh so stable Linux

    On Mon, 20 Oct 2008 17:15:30 -0400, Erik Funkenbusch wrote:

    > On Mon, 20 Oct 2008 06:30:06 -0500, Terry Porter wrote:
    >
    >>> No, there is no way to reset iptables in this case. I've tried all
    >>> the normal solutions and they don't work. I have to unload all rules
    >>> and reload them, it's the only way i've been able to make it recover.
    >>> This kills all net connections that are using those rules.

    >>
    >> This stuff is iptables 101 Eric, WHAT are you doing messing around with
    >> this stuff when you have NO CLUE ?

    >
    > I know what i'm doing.


    Yeah, of course you do ... and I'm the Easter Bunny.

    >
    >> You can't even SPECIFY the problem properly!
    >>
    >> There is no 'UNLOAD' command there is only flushing the iptables
    >> rulesets and naturally this BLOCKS everything.

    >
    > I didn't say there was.


    You bring a whole meaning to the words "bold faced liar"

    You wrote :-
    --- I have to unload all rules and
    --- reload them, it's the only way i've been able to make it recover.
    --- This kills all net connections that are using those rules.

    Seeing as you lead into your rebuttal with a blatant lie, I'm not going
    to even bother to read the rest of your post.

    Be honest, or don't waste my time Erik.



    --
    Linux full time, on the desktop, since August 1997

+ Reply to Thread