Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 3 subscribers
  • Views 3157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Huge different between concurrent connections in dashboard and ssh shell

Truong Nguyen

Hi all!

I am using Sophos UTM Home edition v9.408 (which is free) with just about 10 users. The concurrent connections reach the limit 32k immediately after that. Checking in ssh shell with "netstat -na | wc -l" shows only 1k4.

Please show me which one is right and if it is actually 32k, how can I drop it.

Any idea would be appreciated!



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Truong, and welcome to the UTM Community!

    I wonder if this isn't just a broken PostgreSQL data base.  The following command will delete the data in Reporting and graphs, but will not affect your log files:

    /etc/init.d/postgresql92 rebuild

    Did that fix the problem?  If not, does this mis-measurement have any effect on your use of the UTM?

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob,

    Thanks very very much for your answer and your contribution to our community. I admire that.

    As I replied, this is right when compared with nf_contrack. I fixed this by decreasing all timeout parameters by half:

    echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
    echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
    echo 86400 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
    echo 15 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
    echo 150 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_max_retrans
    echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_recv
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent2
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait

    Thanks again, Bob!

Reply
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks very very much for your answer and your contribution to our community. I admire that.

    As I replied, this is right when compared with nf_contrack. I fixed this by decreasing all timeout parameters by half:

    echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
    echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
    echo 86400 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
    echo 15 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
    echo 150 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_max_retrans
    echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_recv
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent2
    echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait

    Thanks again, Bob!

Children