BFW Firewall & Router

A powerful network security tool, easy, safe and totally free.
https://www.brazilfw.com.br/forum/

current connection [solved] [INACTIVE]

https://www.brazilfw.com.br/forum/viewtopic.php?f=22&t=71260

Página 1 de 1

current connection [solved]

MensagemEnviado: Sáb Out 03, 2009 7:21 am
por abdopcnet
in Diagnostic Tools>>current connection
there is (2600)time_wait connections for an some ips
and that is make alot requests when make pings on any site
when i disconnection these ip the ping returns fast repleys
Imagem

Imagem

Imagem

Imagem

Imagem

Re: current connection

MensagemEnviado: Sex Out 09, 2009 10:59 am
por abdopcnet1
it was time_wait bug on BFW 2.30.10 that clears old connections after long period
it solved by that commands
in webadmin
Configuration Files
Local Commands Init Script
copy the folloing commands and past under here:>>>>

#!/bin/sh
# Brazilfw Local Command Init Script
echo 64000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 50 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

>then make backup
(if you have ipaccounting open it to read latest accounts)before backup
reload firewall
restart
>>>>after restart you will notice that
old completed connections wil be deleted after 5 seconds
time_wait
colse_wait
fin_wait
timeout
you can increase what you want but you must backup and reboot to take effect


thanks all..best wishes..

Re: current connection

MensagemEnviado: Sex Out 09, 2009 1:08 pm
por Marcos do Vale
abdopcnet1 escreveu:echo 64000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max #
echo 50 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established #
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

Value in /etc/rc.d/rc.inet:
Código: Selecionar todos
[ -n "$MAX_CONNTRACK" ] && echo $MAX_CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max
# Set the idle connection timeout to 1 hour
echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

others:
/proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout > default 600
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close > default 10
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait > default 60
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait > default 120
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait > default 120
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout > default 30

Re: current connection

MensagemEnviado: Sex Out 09, 2009 7:52 pm
por abdopcnet1
you mean
#!/bin/sh
# Brazilfw Local Command Init Script
echo 600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

all this is ok and works 100% but what is the mean of:
[ -n "$MAX_CONNTRACK" ] && echo $MAX_CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max

Re: current connection

MensagemEnviado: Sáb Out 10, 2009 8:25 am
por Marcos do Vale
abdopcnet1 escreveu:you mean
#!/bin/sh
# Brazilfw Local Command Init Script
echo 600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout

No ... it's my comparison list wich default values.
abdopcnet1 escreveu:all this is ok and works 100% but what is the mean of:
[ -n "$MAX_CONNTRACK" ] && echo $MAX_CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max

You set this in Administrative Config -> Max Conntrack Table Size (Not Recommended) field.

Re: current connection

MensagemEnviado: Sáb Out 10, 2009 3:38 pm
por abdopcnet1
thanks Solved?
But i cant add(solved to my post because i cant access my account?>>abdopcnet

Re: current connection

MensagemEnviado: Sáb Out 10, 2009 7:07 pm
por gamba47
abdopcnet1 escreveu:thanks Solved?
But i cant add(solved to my post because i cant access my account?>>abdopcnet


Done.

You will use the new account ?
Todos os horários são GMT - 3 horas
Página 1 de 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/