Mailing List Archive: mod_perl crashes with ipchains firewall?

mod_perl crashes with ipchains firewall?

Feb 28, 2000, 6:14 AM

Post #1 of 7 (1679 views)

Well I got my leased line at the weekend and duely installed a very tight
firewall (Godot's gShield - definitely recommended for ipchains novices).
However when I have the firewall running mod_perl requests crash out with
"illegal instruction". Has anyone else come across this? Normal apache
requests execute just fine.

This does seem to be an intermittent problem too - only occuring if I stop
and start the firewall and httpd in a certain order. Its working right now
for example.

I guess the question is - what's mod_perl doing that normal requests
aren't? Do I need to open up UDP or ICMP or something?

--
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

Re: mod_perl crashes with ipchains firewall? [ In reply to ]

sbekman at iname

Feb 28, 2000, 6:27 AM

Post #2 of 7 (1623 views)

Permalink

> Well I got my leased line at the weekend and duely installed a very tight
> firewall (Godot's gShield - definitely recommended for ipchains novices).
> However when I have the firewall running mod_perl requests crash out with
> "illegal instruction". Has anyone else come across this? Normal apache
> requests execute just fine.
>
> This does seem to be an intermittent problem too - only occuring if I stop
> and start the firewall and httpd in a certain order. Its working right now
> for example.
>
> I guess the question is - what's mod_perl doing that normal requests
> aren't? Do I need to open up UDP or ICMP or something?

a non-80 port number?

_______________________________________________________________________
Stas Bekman mailto:sbekman@iname.com http://www.stason.org/stas
Guide http://perl.apache.org/guide mod_perl http://perl.apache.org
Perl,CGI,Apache,Linux,Web,Java,PC http://www.stason.org/stas/TULARC
http://modperl.sourcegarden.org http://perlmonth.com http://perl.org
single o-> + single o-+ = singlesheaven http://www.singlesheaven.com

Re: mod_perl crashes with ipchains firewall? [ In reply to ]

matt at sergeant

Feb 28, 2000, 6:31 AM

Post #3 of 7 (1634 views)

Permalink

On Mon, 28 Feb 2000, Stas Bekman wrote:
> > Well I got my leased line at the weekend and duely installed a very tight
> > firewall (Godot's gShield - definitely recommended for ipchains novices).
> > However when I have the firewall running mod_perl requests crash out with
> > "illegal instruction". Has anyone else come across this? Normal apache
> > requests execute just fine.
> >
> > This does seem to be an intermittent problem too - only occuring if I stop
> > and start the firewall and httpd in a certain order. Its working right now
> > for example.
> >
> > I guess the question is - what's mod_perl doing that normal requests
> > aren't? Do I need to open up UDP or ICMP or something?
>
> a non-80 port number?

Nope. No mod_proxy setup "yet" - I haven't had time to do it.

Actually on another subject, has anyone tried the lightweight "oops" proxy
server? It's configuration is similar to squid, but it's a multi-threaded
proxy server and seems really quite quick. I'll probably try that as my
frontend and let people know if/how it works.

--
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

RE: mod_perl crashes with ipchains firewall? [ In reply to ]

cholet at logilune

Feb 28, 2000, 6:36 AM

Post #4 of 7 (1604 views)

Permalink

> Well I got my leased line at the weekend and duely installed a very tight
> firewall (Godot's gShield - definitely recommended for ipchains novices).
> However when I have the firewall running mod_perl requests crash out with
> "illegal instruction". Has anyone else come across this? Normal apache
> requests execute just fine.
>
> This does seem to be an intermittent problem too - only occuring if I stop
> and start the firewall and httpd in a certain order. Its working right now
> for example.
>
> I guess the question is - what's mod_perl doing that normal requests
> aren't? Do I need to open up UDP or ICMP or something?

mod_perl isn't doing anything that low level, Apache is the one handling
requests, and that's TCP. You do need to let some ICMP trafic through, if
you block all ICMP trafic it breaks path MTU discovery. But that's very
off-topic...

--
Eric

Re: mod_perl crashes with ipchains firewall? [ In reply to ]

jwbaker at acm

Feb 28, 2000, 9:09 AM

Post #5 of 7 (1625 views)

Permalink

Matt Sergeant wrote:
>
> Well I got my leased line at the weekend and duely installed a very tight
> firewall (Godot's gShield - definitely recommended for ipchains novices).
> However when I have the firewall running mod_perl requests crash out with
> "illegal instruction". Has anyone else come across this? Normal apache
> requests execute just fine.

Overclocked?

Re: mod_perl crashes with ipchains firewall? [ In reply to ]

matt at sergeant

Feb 28, 2000, 9:12 AM

Post #6 of 7 (1605 views)

Permalink

On Mon, 28 Feb 2000, Jeffrey W. Baker wrote:
> Matt Sergeant wrote:
> >
> > Well I got my leased line at the weekend and duely installed a very tight
> > firewall (Godot's gShield - definitely recommended for ipchains novices).
> > However when I have the firewall running mod_perl requests crash out with
> > "illegal instruction". Has anyone else come across this? Normal apache
> > requests execute just fine.
>
> Overclocked?

My computer? I wish :)

I'll keep people informed. It's kindof intermittent (more off than on right
now). I think it's probably a kernel bug - my ipchains tables are very
large and that may be causing problems. Who knows... :)

--
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

RE: mod_perl crashes with ipchains firewall? [ In reply to ]

ged at jubileegroup

Feb 28, 2000, 10:08 AM

Post #7 of 7 (1612 views)

Permalink

Hi there,

Objective (1:) [Desperate attempt to get back on-topic]

On Mon, 28 Feb 2000, Eric Cholet wrote to Matt S:

> > Well I got my leased line at the weekend and duely installed a very tight
> > firewall (Godot's gShield - definitely recommended for ipchains novices).
> > However when I have the firewall running mod_perl requests crash out with
> > "illegal instruction". Has anyone else come across this? Normal apache
> > requests execute just fine.
> >
> > This does seem to be an intermittent problem too - only occuring if I stop
> > and start the firewall and httpd in a certain order. Its working right now
> > for example.
> >
> > I guess the question is - what's mod_perl doing that normal requests
> > aren't? Do I need to open up UDP or ICMP or something?
>
> mod_perl isn't doing anything that low level, Apache is the one handling
> requests, and that's TCP. You do need to let some ICMP trafic through, if
> you block all ICMP trafic it breaks path MTU discovery. But that's very
> off-topic...

This is *interesting*

As Matt appears to have no problem with Apache but *only* when the
firewall is running and *only* with mod_perl, which happens to be a
single heavy server (am I right Matt?), well I guess objective (1) is
achieved anyway.

As for supposed objective (2), what is it that's giving you this error
and what are the other symptoms? You say `crash out' but I don't know
if that means an Apache core dump (I guess so) or a message in the
firewall error log closely followed by Error 400. Not that I expect
to be able to help at all, but I feel sure it's going to find its way
into some doc or other when it's fixed:)

I'd just wonder out loud when you last tested your RAM? You maybe
reaching the parts that other programs don't reach...

73,
Ged.