Tuesday, June 09, 2009

1 out of 5 my IPCops Behaved Very Oddly Since Sunday NIght

I run somewhere around 25 IPCops in my organization, and one at home. Five of them, including my personal unit, exhibited an odd behavior. On Monday morning Four customers called and said that their Internet did not work. I checked their systems and the IPCop was up and running, VPN's were on. HTTPS worked, but not HTTP. I could ping remote hosts by hostname or IP with no issues from desktops in the Green Zone. Rebooting the IPCop fixed the issue in 3 cases. The fourth case that day I fixed it by unchecking Enabled and Transparent under the Advanced Proxy, save/restart, tested HTTP worked, reenabled the Advanced Proxy and Transparent settings, save/restart, and tested - HTTP worked. This morning my personal unit exhibited the same behavior - rebooting did not fix it, but clearing the Advanced Proxy and Transparent check boxes, save/restart, then re-enabling them, save/restart, and it works.

Since this happened on 1/5 of my boxes during the same time period, and all boxes are on independant public IP's from disparate carriers, I suspect that this was either caused by some function of date and time, by some type of port scanning/probing from the outside, or by a malformed (or maligned) http communication that breaks Squid.

No comments: