Search This Blog

Tuesday, May 29, 2007

Re: Possible problem with netfilter / shorewall?

hi!

I have a similar problem: my Router runs OpenWRT. When i have too many
connections open (~500) the router "hangs", i.e. no other connections are
accepted. the problem vanishes when the number of connections decreases (by
timeout). I can reduce the problem by setting short timeout (10 minutes
insted of 60) for NAT connections - but I can't get rid of it. It doesn't
look like a memory problem, as there is enough free (~5MB from ~13).

n.

Am Dienstag, 29. Mai 2007 15:27 schrieb Andy Simpkins:
> I hope this is the right place to post this.
>
> Background
> -----------------
> I have a debian box out in a datacenter that (amongst other things) is used
> as a mail server. On particular office (behind a NAT firewall) access'
> user email relatively often (about 20 users imapd-ssl).
>
> Every so often these users from that site stop being able to access their
> email (and web services hosted on the same box sharing the same IP
> address). The frequency of failures ranges from a couple of days to a
> couple of weeks.
>
> It happened again this morning. On a previous occasion I was able to
> determine that the problem ONLY occurs if accessing from this office (i.e.
>
> >from behind the office's NAT router), accessing the box from other IP
>
> address's (even from the same ISP and same subnet) continued fine. The
> problem was also NOT the office NAT router (confirmed by rebooting the NAT
> router). Then I resolved the problem by rebooting our box in the data
> centre.
>
> With todays problem I had a little more time to investigate the problem and
> was able to tie it down to the firewall on the datacentre box (shorewall
> running on debian etch kernel 2.6.18-4-amd64). Restarting shorewall caused
> the problem to go away.
>
>
> Hypothesis
> -----------------
>
> My gut feeling is that there is a problem with shorewall / net filter.
> Specifically to do with multiple simultaionious sessions FROM a given IP
> address (i.e. the NAT firewall at the office in question - which by the way
> is another debian box). I suspect the problem is caused by too many open
> connections from a given IP (perhaps to a specific port)?
>
>
> Questions
> --------------
>
> 1) What logging information should I be looking at to test this
> hypothesis?
> 2) Has anyone come across a similar problem, and if so how did you
> overcome it?
>
> Kind regards
>
> Andy


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: