current connection [solved] [INACTIVE]

To discuss and report ONLY Bugs

current connection [solved]

Mensagempor abdopcnet » Sáb Out 03, 2009 7:21 am

in Diagnostic Tools>>current connection
there is (2600)time_wait connections for an some ips
and that is make alot requests when make pings on any site
when i disconnection these ip the ping returns fast repleys
Imagem

Imagem

Imagem

Imagem

Imagem
abdopcnet
 

Re: current connection

Mensagempor abdopcnet1 » Sex Out 09, 2009 10:59 am

it was time_wait bug on BFW 2.30.10 that clears old connections after long period
it solved by that commands
in webadmin
Configuration Files
Local Commands Init Script
copy the folloing commands and past under here:>>>>

#!/bin/sh
# Brazilfw Local Command Init Script
echo 64000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 50 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

>then make backup
(if you have ipaccounting open it to read latest accounts)before backup
reload firewall
restart
>>>>after restart you will notice that
old completed connections wil be deleted after 5 seconds
time_wait
colse_wait
fin_wait
timeout
you can increase what you want but you must backup and reboot to take effect


thanks all..best wishes..
abdopcnet1
 

Re: current connection

Mensagempor Marcos do Vale » Sex Out 09, 2009 1:08 pm

abdopcnet1 escreveu:echo 64000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max #
echo 50 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established #
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

Value in /etc/rc.d/rc.inet:
Código: Selecionar todos
[ -n "$MAX_CONNTRACK" ] && echo $MAX_CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max
# Set the idle connection timeout to 1 hour
echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

others:
/proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout > default 600
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close > default 10
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait > default 60
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait > default 120
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait > default 120
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout > default 30
Marcos do Vale
 

Re: current connection

Mensagempor abdopcnet1 » Sex Out 09, 2009 7:52 pm

you mean
#!/bin/sh
# Brazilfw Local Command Init Script
echo 600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

all this is ok and works 100% but what is the mean of:
[ -n "$MAX_CONNTRACK" ] && echo $MAX_CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max
abdopcnet1
 

Re: current connection

Mensagempor Marcos do Vale » Sáb Out 10, 2009 8:25 am

abdopcnet1 escreveu:you mean
#!/bin/sh
# Brazilfw Local Command Init Script
echo 600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

No ... it's my comparison list wich default values.
abdopcnet1 escreveu:all this is ok and works 100% but what is the mean of:
[ -n "$MAX_CONNTRACK" ] && echo $MAX_CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max

You set this in Administrative Config -> Max Conntrack Table Size (Not Recommended) field.
Marcos do Vale
 

Re: current connection

Mensagempor abdopcnet1 » Sáb Out 10, 2009 3:38 pm

thanks Solved?
But i cant add(solved to my post because i cant access my account?>>abdopcnet
abdopcnet1
 

Re: current connection

Mensagempor gamba47 » Sáb Out 10, 2009 7:07 pm

abdopcnet1 escreveu:thanks Solved?
But i cant add(solved to my post because i cant access my account?>>abdopcnet


Done.

You will use the new account ?
Avatar do usuário
gamba47
BFW Beneméritos
 
Mensagens: 7243
Registrado em: Ter Dez 27, 2005 1:51 pm
Localização: Buenos Aires, Argentina
BrazilFW Box: Pentium4 1256mb RAM HD 200gb
BrazilFW 3.0.237 without Squid
3 ADSLs & 1 Cablemodem
50 Users & more!


Voltar para Bug Reports

Quem está online

Usuários navegando neste fórum: Nenhum usuário registrado e 1 visitante

cron