Hi all,
I have limited users on my network to 100 connections. Problem is p2p users who set too many open conenctions block their conenction with p2p open connections. Problem is they have a timeout of like 72 hours so they will take too long to go.
Is this timeout governed by the p2p app in question or can it be manipulated by MT. Can I cut the open connections somehow without rebooting?
Problem is p2p users who set too many open conenctions block their conenction with p2p open connections. Problem is they have a timeout of like 72 hours so they will take too long to go.
this problem should be solved since 2.9.8 - in this version we improved handling of such connections
Bugger.. I don’t want to upgrade because my rules are too complex I know it wont work smoothly.
Oh well.
upgrade from 2.8 or 2.9? Can you jsut change your connection tracking for tcp established to something like 4 hours instead of 3 days ?
Yes. What would be the downside of setting it too low? The default is 120.00 hours.
We use 30 minutes without any issues
Just testing that now. I tried 3 mins but p2p would not work at all then. 30 mins seems good so far.
Thanks.
Why the default so high?
I am using 1 hour without any problems.
Cheers…
we use 3 hours with emulers and work fine
if you support large ftp downloads (to or from) or p2p or anything else that requires a long connection time you will want to be at 4 hours or so. Under normal circumstances a client will kill their connection when they disconnect so it won’t be stuck in the table for days. The tradeoff becomes when you need to handle a larger attack and/or want to provide long running tcp services, ie ftp, some vpns, etc…
Sam
I agree, 3 or 4 hours should be ok for most of normal applications
Gianluca
What do you think the reason this user has the emule connections open so long? I have quite a few users on p2p but I don’t normally see this kind of problem. Basically he was calling me saying he could not browse or anything. I could ping his site fine and all seemed fine from my end but because the emule connections were up to 100 (my limit) he was not able to browse. I informed him of this and he switched off his pc for 24hrs (so he says). After 24hrs still he has the problem.
Is that normal even for emule?
on the forward chain you can limit just emule connections to 80 and then all other to 100. so a customer will always have 20 free connections.
I had already done that?
It seems that established connections doing nothing but created by P2P are not detected by the MT P2P tracking and just fill up as TCP connections.
Thanks to the advice of users above with a 4 hr timeout on established TCP connections the problem seems to be solved.
The user said “I don’t know what you did but everything seems normal now”
good. take care.