Re: Problem with conntrack idle connection timeout

All of lore.kernel.org
 help / color / mirror / Atom feed

From: KOVACS Krisztian <hidden@balabit.hu>
To: netfilter@lists.netfilter.org
Cc: Manuel Marquez <Manuel.Marquez@isotrol.com>
Subject: Re: Problem with conntrack idle connection timeout
Date: Fri, 4 Nov 2005 17:03:33 +0100	[thread overview]
Message-ID: <200511041703.34112@nienna> (raw)
In-Reply-To: <436B7BFE.3060807@isotrol.com>

  Hi,

On Friday 04 November 2005 16.19, Manuel Marquez wrote:
> The problem is the use a JDBC connection pool and (I think) the linux
> firewall drops the pool connections after about 600 seconds of idle
> time. They can change the pool to make it reconnect whenever this
> happens, but they are planning to set up another interface (backend
> network) and move the oracle server there. If they did this, sqlplus
> and oracle forms would also get disconnected after this idle period
> (they have made tests with the same results on an oracle server
> connected to the DMZ). It also happens with SSH connections to the
> application (Tomcat 5) server.

  Then there must be some other problem which is not directly related to 
TCP timeout values in Netfilter. If connection tracking is working 
properly, established TCP connections will time out only after five 
days.

  A somewhat more detailed inspection of the firewall ruleset could help 
you identifying the portion of the ruleset where the packets get 
dropped. (A couple of well placed LOG rules can do a wonder.) BTW, you 
did not even mention what version of Linux is running on the firewall.

-- 
 Regards,
  Krisztian Kovacs

     prev parent reply	other threads:[~2005-11-04 16:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-04 15:19 Problem with conntrack idle connection timeout Manuel Marquez
2005-11-04 16:03 ` KOVACS Krisztian [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200511041703.34112@nienna \
    --to=hidden@balabit.hu \
    --cc=Manuel.Marquez@isotrol.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.