TIS Proxy Firewall - httpd

TIS Proxy Firewall - httpd

Post by Vaclav Pavelk » Wed, 30 Jul 1997 04:00:00



We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
employees are connected to the Internet services like ftp, smtp, telnet
and http. And http is the most using service. The problem is that
sometimes during the day browsers can't connect to the http proxy port (
nor telnet at this port as well) and we couldn't find any regularity in
it, wht it's done, maybe some buffers are filled. There is only help -
kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
solve it?
TIS firewall is in verrsion fwtk 1.3.
Thanx

 
 
 

TIS Proxy Firewall - httpd

Post by Paul D. Roberts » Wed, 30 Jul 1997 04:00:00



: We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
: employees are connected to the Internet services like ftp, smtp, telnet
: and http. And http is the most using service. The problem is that
: sometimes during the day browsers can't connect to the http proxy port (
: nor telnet at this port as well) and we couldn't find any regularity in
: it, wht it's done, maybe some buffers are filled. There is only help -
: kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
: solve it?
: TIS firewall is in verrsion fwtk 1.3.

There were some inted problems with Linux a while back, not sure if that's
the problem or not though.  If you run the new fwtk code (I'm unser of
1.3), you can run the http-gw as a daemon with the -daemon <port>
flag, bypassing inetd completely.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions

                                                                     PSB#9280

 
 
 

TIS Proxy Firewall - httpd

Post by Fredrik Lautru » Thu, 31 Jul 1997 04:00:00


I had this problem too on my firewall. I think the solution was to allow
more http-gw processes to start. When you look att web pages with alot of
pictures you start up alot of http-gw. When the limit for this service is
reached it rejects all connections. I think that there is a field in the
inetd.conf that you can specify the maximum number of processes. The
default is pretty smal 20-30?? I have mine to 200.

--
//Fredrik Lautrup

046-2116135



Quote:> We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
> employees are connected to the Internet services like ftp, smtp, telnet
> and http. And http is the most using service. The problem is that
> sometimes during the day browsers can't connect to the http proxy port (
> nor telnet at this port as well) and we couldn't find any regularity in
> it, wht it's done, maybe some buffers are filled. There is only help -
> kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
> solve it?
> TIS firewall is in verrsion fwtk 1.3.
> Thanx

 
 
 

TIS Proxy Firewall - httpd

Post by Mike O'Conno » Fri, 01 Aug 1997 04:00:00


Also, there's a lot of fixing that gets done with FWTK 2.0.  Try that out.


:I had this problem too on my firewall. I think the solution was to allow
:more http-gw processes to start. When you look att web pages with alot of
:pictures you start up alot of http-gw. When the limit for this service is
:reached it rejects all connections. I think that there is a field in the
:inetd.conf that you can specify the maximum number of processes. The
:default is pretty smal 20-30?? I have mine to 200.
:
:--
://Fredrik Lautrup

:046-2116135
:


:> We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
:> employees are connected to the Internet services like ftp, smtp, telnet
:> and http. And http is the most using service. The problem is that
:> sometimes during the day browsers can't connect to the http proxy port (
:> nor telnet at this port as well) and we couldn't find any regularity in
:> it, wht it's done, maybe some buffers are filled. There is only help -
:> kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
:> solve it?
:> TIS firewall is in verrsion fwtk 1.3.
:> Thanx
:>
:>

--

 InterNIC WHOIS: MJO | (has my PGP & Geek Code info) | Phone: +1 248-848-4481

 
 
 

TIS Proxy Firewall - httpd

Post by Paul D. Roberts » Sun, 03 Aug 1997 04:00:00



: I had this problem too on my firewall. I think the solution was to allow
: more http-gw processes to start. When you look att web pages with alot of
: pictures you start up alot of http-gw. When the limit for this service is
: reached it rejects all connections. I think that there is a field in the
: inetd.conf that you can specify the maximum number of processes. The
: default is pretty smal 20-30?? I have mine to 200.

That's maximum number of processes spawned per minute.  On Linux, the
default is 40.  Please note that the maximum number of processes is still
controlled by the size of the process table and the normal kernel
limitations.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions

                                                                     PSB#9280

 
 
 

1. TIS firewall toolkit application proxies

I think I know the answer to this.  I just want to confirm it before I make the
connection.  Are the true application proxies (telnet, ftp, http, etc.) included
with the TIS firewall toolkit truely retransmitting the connection?  I.e., does
the connection outside the firewall appear to be with the firewall to the
remote host?  I believe that's what's happening, but need confirmation.  I
know that the news proxy doesn't do this, but don't plan to use it (Anyone
know where a news proxy, possible similar to TIS's smap/smapd, might be
located?).

The reason I ask is that we have a CIPR class C address from our network
provider that is the net outside the firewall.  Several years ago, we acquired
2 class C addresses for our private LAN.  If the proxies are not regerenating the
traffic, I'll be in hell with the provider.  I can get CIPR class Cs from the provider,
but would rather not reconfigure the 120+ systems on our LAN.

Thanks,
Eric

2. Modem port configuration problem

3. https ssl proxy with TIS firewall?

4. 'Maximize' command in cfdisk make my box unbootable!

5. https throught linux firewall/proxy using TIS

6. How to resize a LINUX partition?

7. Regarding the TIS firewall ftp proxy

8. SPARCompiler Floating Licence Problems

9. does anyone have the ssl proxy patch for the tis firewall toolkit?

10. Best Choice of Proxy Server: MS Proxy / Linux TIS

11. ftp client proxy ms proxy firewall http proxy unix

12. cern-httpd - proxy-cache - httpd.conf WANTED ???!!!

13. YQ¨ CERN httpd proxy : can't find in cache - goes to another proxy