| Posted by cat3y3, 03-08-2008, 02:45 PM | | I don't know it anymore. Tried everything. I can not reach my server properly. A lot of time time out.
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
1 127.0.0.1
1 38.99.44.101
1 64.131.90.38
1 78.176.158.75
1 78.179.73.135
1 88.229.70.143
1 88.242.97.204
1 88.247.87.58
1 92.112.211.223
3 78.176.175.136
3 88.229.40.142
3 88.231.180.181
4 78.183.227.146
18 0.0.0.0
348
348 connections from an empty IP??? i have tried syn cookies, let the firewall block all ports without results. Pls advice
|
| Posted by tanfwc, 03-08-2008, 03:31 PM | | Use this instead.
As your box has IPv6, that's why the previous command is not really working for you
|
| Posted by cat3y3, 03-08-2008, 06:46 PM | | But at on other box with exactly the same config, i haven't this behaviour. So this might not be the issue.
Any suggestions how to solve this problem. Because this is really annoying. My server is not reachable for a couple off days now...
|
| Posted by tanfwc, 03-09-2008, 01:42 AM | | Run this on both of the box you have and you will see the difference.
|
| Posted by david510, 03-09-2008, 03:09 AM | | Do this and confirm if it is TIME_WAIT.
netstat -anp |grep TIME_WAIT
netstat -anp |grep TIME_WAIT |awk {'print $5'} | cut -d: -f 1 | sort | uniq -c | sort -n
|
| Posted by cat3y3, 03-09-2008, 05:54 AM | | netstat -anp |grep 'tcp\|udp'|head -n 5
netstat -anp |grep TIME_WAIT
netstat -anp |grep TIME_WAIT |awk {'print $5'} | cut -d: -f 1 | sort | uniq -c | sort -n
It is indeed TIME WAIT.
What is the best way to config this?
|
| Posted by tanfwc, 03-09-2008, 10:40 AM | | cat3y3,
On one of your output above, I see that you have ::ffff:: therefore you need to use this command to see the exact connection per IP.
The command on your first thread, is because the box does not have ::ffff:: which is meant for IPv6
Do the same for another box and you will see a different result.
This happen to one of my customer box, that's why you need a modified command
|
| Posted by cat3y3, 03-09-2008, 11:51 AM | | I think my problem has nothing to do with IPv6 issues.
The server worked like a charm for months, and since a couple of days i can't ping it properly. I get time outs. And when i am able to log in for a couple of minutes, i see that there a lot of connection attemps and i think something is flooding the connection.
Question remains: what are all these connections without a IP address. How can i kill those connections and block them, so i can reach my server again?
|
| Posted by cat3y3, 03-09-2008, 12:23 PM | | I got your point with IPv6 but it doesn't help me
Gives me
What is the best way to limit connections? (like 56 connections from IP 78.183.18.1)
And limit the connections without a ip? (57)
|
| Posted by greg14unix, 03-10-2008, 11:32 PM | | You may also want to make sure its not a network issue by getting trace routes from different sources. I would run one from home and at least 2 from separate free online trace route sites. I have seen great servers seem really slow because they were behind very slow or overworked networks.
|
| Posted by cat3y3, 03-13-2008, 06:38 PM | | Probly these connections are internal. My apache log file is full of:
i have read a couple of things about it:
http://vdachev.net/blog/2007/02/01/a...my-connection/
http://blog.schoko.org/?title=intern...&c=1&tb=1&pb=1
not sure yet about a proper solution. Any suggestions?
(just stop logging it is not a solution, i think - i dont want these connections at all.)
|
|
 Add to Favourites
 Print this Article
|
