Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 01 December 2024, 04:05:23 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  EFW does not terminate disconnected connections
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW does not terminate disconnected connections  (Read 12058 times)
vlongjvc
Full Member
***
Offline Offline

Posts: 27


« on: Wednesday 30 June 2010, 07:01:32 pm »

I connect to a Webpage through EFW (upgraded from 2.3 to 2.4) and when I disconnected the connection is still in ESTABLISHED status  Angry

****************************************************************************

Legend:     LAN     INTERNET     DMZ     Wireless     Endian Firewall     VPN (IPsec)

Source IP    Source port    Destination IP    Destination port    Protocol    Status    Expires
10.x.x.x    29707           72.14.254.100    80 (HTTP)            tcp       ESTABLISHED 67:09:03

*****************************************************************************

I do not know why EFW still keep that connection, is there anyone has this problem?  Huh
Logged
DFen
Full Member
***
Offline Offline

Posts: 46


« Reply #1 on: Wednesday 30 June 2010, 07:07:49 pm »

ESTABLISHED status meand the firewall has not "seen" a close socket request coming through from the web browser.

Unclosed TCP connections may stay around for a long time (up to 72 hours?)

Web access sockets remain open if the server allows "keepalive" - which they normally do!
Logged
vlongjvc
Full Member
***
Offline Offline

Posts: 27


« Reply #2 on: Wednesday 30 June 2010, 07:23:24 pm »

Dear DFen,

Thanks for your reply, it means that EFW does not set the time out for the connection? Is it a problem if EFW wastes time to wait for close socket signal? 

With best regards,
Logged
DFen
Full Member
***
Offline Offline

Posts: 46


« Reply #3 on: Wednesday 30 June 2010, 08:12:42 pm »

This is only a problem if you have too many connections - this is defined by TCP, not by Endian.

On my system (2GB memory)  I have capacity for 6500 connections
try:
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max

I believe it is possible to tune the TCP timeout values but I have not tried this.

Logged
vlongjvc
Full Member
***
Offline Offline

Posts: 27


« Reply #4 on: Thursday 01 July 2010, 04:02:22 pm »

Dear DFen,

I have seen this problem on EFW 2.3 and I hope that it will be resolved in EFW 2.4 with new Linux kernel, maybe I should report this issue and hope that Endian team will tune TCP/IP and recompile Linux kernel.

With best regards,

Long
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com