Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2002
    Posts
    77

    server unacessible - apf/ip_conntrack

    hello,

    our server is continually going unaccessible.

    the support where we host told us it is the firewall's iptable being full -- i kinda agree with them -- its logged all over in /var/log/messages

    however, why does that ip_conntrack table get full and what is correct solution to this? just increasing ip_conntrack_max limit ?

    we increased ip_conntrack_max limit and it seemed to work for a while...today server was unaccessible again... funny is MRTG still show some traffic... they disabled the firewall (cant verify atm) and http seem to work but cant ssh or ftp in.

    any ideas ?

    if u have any further ideas or experience what else this cud be feel free to PM me... i can pay you if you can help us solve this. please note u wont be given access to server.

    thank you.
    Every line ends in rhyme

  2. #2
    Join Date
    Apr 2002
    Posts
    77
    btw. i'm using apf firewall.

    hm is there really need for firewall ? we just run apache / ftp / cpanel on that server and access is only for totaly trusted ppl.

    only thing i like about apf is antidos, that is kinda helpful. tho have mod_dosevasive at apache...
    Every line ends in rhyme

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    there is a setting in apf to increase ip_contrack
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Apr 2002
    Posts
    77
    thx. yep we've increased that along with /proc/sys/net/ipv4/ip_conntrack_max -- tho i think apf change this according to its setting.

    atm there seem to be other problem, i'm unable to log in and via whm it show server load 620 (heh). tho access to ftp/whm/http is is fast. but am not able to verify via top. processes shown in whm are usual ones, none show any big cpu load. how ever theres hundreds of CROND...willl look after this.. maybe this is something u know about ?
    Every line ends in rhyme

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •