Very Computer

We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
employees are connected to the Internet services like ftp, smtp, telnet
and http. And http is the most using service. The problem is that
sometimes during the day browsers can't connect to the http proxy port (
nor telnet at this port as well) and we couldn't find any regularity in
it, wht it's done, maybe some buffers are filled. There is only help -
kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
solve it?
TIS firewall is in verrsion fwtk 1.3.
Thanx

: We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
: employees are connected to the Internet services like ftp, smtp, telnet
: and http. And http is the most using service. The problem is that
: sometimes during the day browsers can't connect to the http proxy port (
: nor telnet at this port as well) and we couldn't find any regularity in
: it, wht it's done, maybe some buffers are filled. There is only help -
: kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
: solve it?
: TIS firewall is in verrsion fwtk 1.3.

There were some inted problems with Linux a while back, not sure if that's
the problem or not though.  If you run the new fwtk code (I'm unser of
1.3), you can run the http-gw as a daemon with the -daemon <port>
flag, bypassing inetd completely.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions

                                                                     PSB#9280

I had this problem too on my firewall. I think the solution was to allow
more http-gw processes to start. When you look att web pages with alot of
pictures you start up alot of http-gw. When the limit for this service is
reached it rejects all connections. I think that there is a field in the
inetd.conf that you can specify the maximum number of processes. The
default is pretty smal 20-30?? I have mine to 200.

--
//Fredrik Lautrup

046-2116135

Quote:> We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
> employees are connected to the Internet services like ftp, smtp, telnet
> and http. And http is the most using service. The problem is that
> sometimes during the day browsers can't connect to the http proxy port (
> nor telnet at this port as well) and we couldn't find any regularity in
> it, wht it's done, maybe some buffers are filled. There is only help -
> kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
> solve it?
> TIS firewall is in verrsion fwtk 1.3.
> Thanx

Also, there's a lot of fixing that gets done with FWTK 2.0.  Try that out.

:I had this problem too on my firewall. I think the solution was to allow
:more http-gw processes to start. When you look att web pages with alot of
:pictures you start up alot of http-gw. When the limit for this service is
:reached it rejects all connections. I think that there is a field in the
:inetd.conf that you can specify the maximum number of processes. The
:default is pretty smal 20-30?? I have mine to 200.
:
:--
://Fredrik Lautrup

:046-2116135
:


:> We're running TIS Proxy Firewall on Linux 2.0. Through this firewall our
:> employees are connected to the Internet services like ftp, smtp, telnet
:> and http. And http is the most using service. The problem is that
:> sometimes during the day browsers can't connect to the http proxy port (
:> nor telnet at this port as well) and we couldn't find any regularity in
:> it, wht it's done, maybe some buffers are filled. There is only help -
:> kill -HUP pid inetd. Is there any parameter of the kernel in in Linux to
:> solve it?
:> TIS firewall is in verrsion fwtk 1.3.
:> Thanx
:>
:>

--

 InterNIC WHOIS: MJO | (has my PGP & Geek Code info) | Phone: +1 248-848-4481

: I had this problem too on my firewall. I think the solution was to allow
: more http-gw processes to start. When you look att web pages with alot of
: pictures you start up alot of http-gw. When the limit for this service is
: reached it rejects all connections. I think that there is a field in the
: inetd.conf that you can specify the maximum number of processes. The
: default is pretty smal 20-30?? I have mine to 200.

That's maximum number of processes spawned per minute.  On Linux, the
default is 40.  Please note that the maximum number of processes is still
controlled by the size of the process table and the normal kernel
limitations.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions

                                                                     PSB#9280