Maximum active connections

Home Page Forums Network Management ZeroShell Maximum active connections

  • This topic is empty.
Viewing 4 posts - 16 through 19 (of 19 total)
  • Author
    Posts
  • #49518
    AtroposX
    Member

    I have successfully compiled it.

    1: Mounted a usb flash drive to hold the binutils, glibc, etc…, gunzip’d them
    2: added precompiled kernel source directory to /Database/
    3: added “ln -s /Database/linux-2.6.25.20 /lib/modules/2.6.25.20/build” to point the make path to the kernel source.

    Had trouble with some “linux/unistd.h” file, that wasn’t being found, when compiling with “make all”. Edited the “n2265_util.c” file to point to “/Database/linux-2.6.25.20/include/asm/unistd.h” instead of “.

    Then, compilation is successful. This was done on schoopy’s devel vdmk image on a devel box, then i gunzip’d the folder, and put on the production box, and insmod the .ko. Bypass card is working now. Thanks.

    #49519
    AtroposX
    Member

    Looks like the default tcp timeout established of a default install is 432000, which is why the active connections kept going up, and crashing the system. the ram would get all used up, OOM killer kept killing named, sshd, httpd, telnetd, so no management.

    From here:
    http://www.zeroshell.net/eng/forum/viewtopic.php?t=489&highlight=swap

    “echo “600” > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established”

    This seems to time them out quite well now, ram is kept way down now.

    Somehow also before, after having to hard reset it, and connected to a monitor, the startup services would hang at LDAP, then next line recovering LDAP DB, and wouldn’t go past. Reinstalled, and set tcp timeout lower, and all is fine so far.

    #49520
    ppalias
    Member

    Yes indeed 5 days is too much time for a TCP connection. I would suggest the Cisco ASA TCP timeout of 1 hour = “3600”

    #49521
    AtroposX
    Member

    600 seemed to do alright, steady around 650,000 connections, and 275meg ram, 0.3% load. 1 day just makes more sense; I will test that out today. Thank you.

Viewing 4 posts - 16 through 19 (of 19 total)
  • You must be logged in to reply to this topic.