jablonka.czprosek.czf

czfcentos

Subversion Repositories:
[/] [trunk/] [router/] [usr/] [local/] [bin/] [checknat] - Blame information for rev 3

 

Line No. Rev Author Line
13czfcentos#!/bin/bash
2# Kontrola poctu spojeni a pripadne zvetseni limitu
3#
4 
5#now we 3times try clean all unused iptables modules
6/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null
7/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null
8/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null
9 
10#test for conntrack and if no one is find then we exit the script
11if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established ]
12 then
13 if [ "$1 x" = "-status x" ]
14 then
15 echo "No NAT detected"
16 fi
17 exit 0
18fi
19 
20#when this place was reached then we are usin conntrack table
21#filling all constants to get optimal timeouts
22#the most important is ip_conntrack_tcp_timeout_established
23echo 50 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
24echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
25echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
26echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
27echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
28echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
29echo 21600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
30 
31#now we check the size of conntrack table and if it is too tight to the
32#limit then we increase this limit
33ipc=`cat /proc/sys/net/ipv4/ip_conntrack_max`
34ipc=`expr $ipc - 4000`;
35 
36if [ `cat /proc/net/ip_conntrack | wc -l` -gt $ipc ]
37then
38 if [ $ipc -lt 56000 ]
39 then
40 date | tr '\n' ' ' >> /var/log/checknat.log
41 echo "Increasing conntrack table size to $ipc + 8000" >> /var/log/checknat.log
42 ipc=`expr $ipc + 8000`;
43 echo "Increasing conntrack table size to $ipc" >> /var/log/checknat.log
44 echo $ipc > /proc/sys/net/ipv4/ip_conntrack_max
45 else
46 date | tr '\n' ' ' >> /var/log/checknat.log
47 echo "Conntrack table upper limit reached" >> /var/log/checknat.log
48 fi
49fi
50 
51if [ "$1 x" = "-status x" ]
52then
53 echo "Conntrack TBL = "`cat /proc/net/ip_conntrack | wc -l`
54 echo "Conntrack MAX = "`cat /proc/sys/net/ipv4/ip_conntrack_max`
55 tail /var/log/checknat.log
56fi
57 

Powered by WebSVN 2.2.1