Networking :: Established Connections Not Getting Cleared
Apr 13, 2009
We are having an issue with our application where once we start making a few hundred connections to our Linux server, our connections are staying in the established state. When our app is working fine, the client sends a basically a heartbeat every five minutes. It is all nice and clean, receives the FIN and shuts down and that's that. tcpdump as follows:
Code:
12:53:10.965206 IP serverA.xxx.xxx.com.40315 > serverB.xxx.xxx.com.1234: . ack 2 win 46 <nop,nop,timestamp 3299017001 2043788445>
12:58:10.892878 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: S 494392992:494392992(0) win 5840 <mss 1460,sackOK,timestamp 3299316941 0,nop,wscale 7>
12:58:10.894882 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: . ack 3318963465 win 46 <nop,nop,timestamp 3299316941 2044088355>
12:58:10.894886 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: P 0:78(78) ack 1 win 46 <nop,nop,timestamp 3299316941 2044088355> .....
Then things start getting busy, and it ends up looking like this:
Code:
01:28:10.493760 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: S 774853781:774853781(0) win 5840 <mss 1460,sackOK,timestamp 3344315513 0,nop,wscale 7>
01:28:13.491231 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: S 774853781:774853781(0) win 5840 <mss 1460,sackOK,timestamp 3344318513 0,nop,wscale 7>
01:28:13.491755 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: . ack 3597595480 win 46 <nop,nop,timestamp 3344318513 2089089105> ....
What could be the cause if the fin was received at 01:28:13.492743, but hours later this connection is still established:
gateway 16514 root 111u IPv4 2714750 TCP
serverB.xxx.xxx.com:1234->serverA.xxx.xxx.com:41132 (Established)
There is no corresponding connection in the client's netstat.
I've seen packets coming to my computer through a DD-WRTv24s2 gateway above port 32K several times. I have iptables (using fwbuilder locally) both places. My desktop stops the packets. But I'm guessing the problem is as I described in the title for this post. Yes?If you ESTABLISH a connection to some webpage, and you just accept ESTABLISHED or RELATED datagrams in rule 1 of your iptables, what will keep incoming TCP from that (presumably nefarious) site from going straight to your desktop like the building firewall isn't there?? If the site wants to connect to you above 32k, or portscan you, its RELATED correct? They know your IP. You've ESTABLISHED a connection.If my guess is correct, it would seem wiser to NEVER use these together. Better to ACCEPT all ESTABLISHED. And if something is RELATED, then ACCEPT it only if its the data connection on FTP or individually by service or protocol.
I was wondering, on a GNU/Linux system including but not limited to *ubuntu, how would I go about determining when the network connection is established on any interface, so I can run a shell script only once at that exact time?The idea that comes to mind is polling-and-sleeping, but I'd like to know if there is another, more robust way? Like an onconnectionestablished javascript event or something.
there is an open wireless i can connect it -in ubuntu- but can not browse anything.we tried to connect via mobile it's working fine ,in addition via Windows XP it's fine ,but not in ubuntu why???!!
I just found something "strange" by using netstat tcp 0 0 myhost.deprecated:53719 amaretti.chimfar.:54406 ESTABLISHED How can I check what is the program that is responsible for this line?
I have received a new modem from my provider and installed it. No problem with that except that there is a problem with my internetconnection. The internetconnection is established.But my computer gives an error every time I want to visit a website:
I bought my new Dell inspiron N1401 64bit laptop. It has windows 7 installed in it, I am begineer to linux. I have installed Ubuntu 11.04 64 bit version. I have a wired internet connection which works fine with my windows 7. When I switch to Ubuntu, when internet cable is plugged, the top right corner, network manager shows connection is established, but when I open firefox I cannot access internet. I tried searching on forums, but I could not make it work. If I type ifconfig command in terminal attached is the output I get, I dont know what is the problem. I want to use Ubuntu than Windows
I see something like internet connection is established. Ive established etho connection but I cant open any sites at all. I also have Windows on another hard disk and it works well. About a week ago I had Ubuntu 8.04 and it worked really fine. What�s wrong? Is there any remedy?
I am trying to connect to a windows 2000 VPN server at work, with my current settings in DOES connect to the VPN and i can ping the domain server which is 10.1.1.2 but the first issue is i cannot ping the other computers on the network(via hostnames) can't remember the ip address of the other machines . second issue is when the connection is established and i RDP into 10.1.1.2 ok great i am connected to the server but any interaction in the RDP session even moving the mouse on the screen kills the session and the VPN connection fails.
Running Ubuntu 10.04 LTS 64Bit
Image of current settings in network manager:
Syslog:
Code: May 11 12:08:04 oliver-desktop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'... May 11 12:08:04 oliver-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started
have a problem with my network-manager in ubuntu 10.10.when I dial one of my vpn connections, my other vpn connections be disabled and I can't use them!I tried to restart network-manager and gnome-panel, but it does't seem to solve this problem.
when I quit Ubuntu Forums, I getvBulletin MessageAll cookies cleared! When I restart, I have to LogIn againWhere do I fix it, so that Cookies are not cleared on LogOut?(I'm using Win2K and FireFox 3.6.3)nFireFox Privacy Clear History when FireFox closes.ccept cookies from Third Party is checked
I installed 11.04 server and had samba share /tmp (as advised by the server pdf doc) shared to my windows 7 laptop, which was all well and good, so copied some files to it and rebooted the server, and they had been removed.i guess i shouldnt have put anything in /tmp as i presume this is cleared on reboot, so why did the documentation advise to create /tmp share?
I use full encryption on this net-book, with the help of LUKS. One key part of the setup is to configure /etc/sysconfig/bootloader with the initial boot options (along the lines of
Code: root=/dev/mapper/root luks_root=/dev/sda5 luks_home=/dev/sda5 luks_swap=/dev/sda2 luks="root home swap" ). That way a kernel update is installed properly, usually...
On a fresh karmic install, I have a user account with ecryptfs enabled home directory. I want that directory to be secured when I log out.
I have two administrator accounts, user1 and user2. I log in as user1 (with ssh, will test regular logins tomorrow), /home/user1/.Private gets mounted to /home/user1, everything is fine. I log out.
I log in as user2, and /home/user1/.Private is indeed unmounted. But I can do
Code: sudo su - user1 which will ask me for the password of user2, and then I am logged in as user1, /home/user1/.Private is again mounted, without ever typing the password of user1. On the other hand if I invoke Code: ecryptfs-umount-private
I am running Red Hat Enterprise Linux AS release 4 (Nahant Update 7). The server was recently rebooted and wouldn't come up. After some investigation we found that the system would not boot because several files had been zero'd out (not deleted):
* All of these files had a date of March 11, 2010 with a time 03:46 * A zero byte file called /halt was also found with a date of 08:46
We could manually boot to the latest kernel, but none of the startup scripts would run. We analyzed the system looking for any file created on March 11 that were also 0 bytes. Once we had a list, we were able to determine that the system could be recovered without a full blown reinstallation of the OS.
We did a rescue boot from the installation CD, mounted the system volume privately, and edited the grub.conf file. We then brought up the network and copied the needed files from another RHEL v4.7 system. Rebooted the server and check the OS, databases, and apps.
My question is - Has anyone seen this behavior before? I seems like we may have been cracked or at the very least someone has cleared the files needed to recover the system smoothly.
Ubuntu 11.04, wireless adapter BCM4312.The connection works for a while, for a random length of time from a few minutes to a few hours, then stops working. The laptop says it's connected, and the router says it's connected, but the browser can't find any Web pages, it can't find the router, and there is no response to pings from the router or any other device on the local network or on the Internet. "Host unreachable." When I try to ping to the laptop from another one, it times out.If I shut down the computer and try again a few hours later, it works fine again for a while, then after a while it stops working again.
In case it's relevant, sometimes when I restart networking from the command line, it says "ignoring unknown interface eth1=eth1," even though ifconfig -a lists eth1 as up with an ip address. eth1 is the wireless adapter. Another laptop with Ubuntu 11.04 connects to the same router with no problems.Using a fixed IP address doesn't change anything.
My wired network dead which i used before 1hr. I seen my firestar firewall application blocked a hit from my internet provider gateway address. I allowed all the connection from my provider gateway after that hit. It did not work. I installed a new OS ubuntu 10.04 tls. and assigned the IP address but still I cant acess the internet. It says connection was established but i cant browse net. Some one pls help me. I tried configuring fire fox. no use.I am using Internet dish. I configure it by browser by entering dish IP.
I have problem in making connection to my vpn server I can make connection from windows xp to that but can not open any website and I can not ping 172.16.10.1 when connection established.
These are my configuration files:
server config file:
Quote:
client configuration file:
Quote:
And this is my server syslog tailed file:
Quote:
And I added this routing to /etc/rc.d:
Quote:
And this is my iptable:
Quote:
And vpn connection is lost after establishing a lot.
Is it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?
I recently installed Fedora 15 now, and during installation I set the internet connection manually, then did update and after reboot, the internet connection settings have been removed. Now I can not set because the network connection to the Internet Connection is inactive. I mention that before the update was functional internet connection.
I am running a Debian server, with 2.6.30 kernel and everything standard.I have two ethernet cards (eth1 is the external, eth0 the internal) and I use the server as backup server, firewall, https for email reading with squirrelmail, Samba server, email server and that's it.If I understood correctly IPTABLES, the following OUTPUT rules should allow my server to establish communications with an http server (for dselect), an imaps server (for fetchmail) and an ssh server.However, it does not work, it only works when I allow all OUTPUT (adding "NEW" to "ESTABLISHED,RELATED")).Could anyone let me know what is wrong and how I can fix it (not opening my OUTPUT to any communication)?My IPTABLES script is pretty long, so I only copy/paste the OUTPUT lines unless anyone requests the rest.uote:
Neither of my wired network connections are listed in the network manager applet. I know that networking seems to be functional since I can ping local devices on the network. I can't resolve DNS names however. I suppose this is because network manager usually handles DNS? I've posted the outputs of various configurations below.
Code:
/etc/NetworkManager/nm-system-settings.cfg # This file is installed into /etc/NetworkManager, and is loaded by # NetworkManager by default. To override, specify: '--config file' # during NM startup. This can be done by appending to DAEMON_OPTS in
I am new to ubuntu, just installed it a few hours a go. I've managed to get it hooked up to my wireless connection but still the internet doesnt work. What I can do to get it working?
i have just installed ubuntu 10.04 on my laptop hp 550.after i finished installation i connected to internet via eth0 wired connection normally and everything was fine...after about 1 hour i had no internet....i try restart but is the same problem....this is strange because my eth0 says connection established and when i open mozilla i cant open google either..when i ping [URL] it says "cant resolve "
my internet works fine in windows so what should i do to have back my internet on ubuntu...i cant do anything else in ubuntu if i have not internet and i like very much ubuntu so
switched from OpenSUSE to Ubuntu, largely to make things consistent with my netbook running Ubuntu 9.10 Netbook Remix I replaced the / partition but left /home intact I was wondering how to make Thunderbird use the profile already established rather than set up a new one?
copied /home/user/.thunderbird directory to /home/user/.mozilla-thunderbird
I'm a bit confused about how ssh encrypts connections. I've read a few articles on ssh and they talk about 'keys pairs' (that is public and private keys) on the server and client computers. However, ssh doesn't seem to use these keys for encryption. What are the keys it uses? This question occurred to me when I was trying to make a remote login to an Ubuntu machine. From a remote login perspective, I haven't generated keys on my client machine and haven't enabled key based logins in ssh. (I use the default password based login). If there aren't any keys on my client, then how does encryption work?
I just installed Fedora 14 in a hard disk of my PC. I installed MySQL also. I dontt know if this is the correct site for my question, but nobody MySQL related, have an answer yet. For MySQL accepting remote connections, my.cnf file must be edited (bind-address line or skip-networking line in that file). Well, that file in my Fedora-MySQL installation does not have such lines, so i assume, TCP/IP connections are allowed in MySQL. When i try to connect to the MySQL server it refuses the connection with the error 2003, that in short, means no TCP/IP connections are allowed. I disabled the firewall and retried but with no success, enabled the firewall again, and nothing happen. Is Fedora not accepting TCP/IP connections?
Is there a way to restrict access for some users to connections from local network through SSH, and have other users that's permitted to log on from connections over the Internet?
E.g. John's laptop only have permissions to access the server on the local network, while Lucy can access the server both on the local network and from the Internet. (Through SSH in both cases)
