#!/bin/bash # Kontrola poctu spojeni a pripadne zvetseni limitu # #now we 3times try clean all unused iptables modules /sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null /sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null /sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null #test for conntrack and if no one is find then we exit the script if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established ] then if [ "$1 x" = "-status x" ] then echo "No NAT detected" fi exit 0 fi #when this place was reached then we are usin conntrack table #filling all constants to get optimal timeouts #the most important is ip_conntrack_tcp_timeout_established echo 50 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout echo 21600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established #now we check the size of conntrack table and if it is too tight to the #limit then we increase this limit ipc=`cat /proc/sys/net/ipv4/ip_conntrack_max` ipc=`expr $ipc - 4000`; if [ `cat /proc/net/ip_conntrack | wc -l` -gt $ipc ] then if [ $ipc -lt 56000 ] then date | tr '\n' ' ' >> /var/log/checknat.log echo "Increasing conntrack table size to $ipc + 8000" >> /var/log/checknat.log ipc=`expr $ipc + 8000`; echo "Increasing conntrack table size to $ipc" >> /var/log/checknat.log echo $ipc > /proc/sys/net/ipv4/ip_conntrack_max else date | tr '\n' ' ' >> /var/log/checknat.log echo "Conntrack table upper limit reached" >> /var/log/checknat.log fi fi if [ "$1 x" = "-status x" ] then echo "Conntrack TBL = "`cat /proc/net/ip_conntrack | wc -l` echo "Conntrack MAX = "`cat /proc/sys/net/ipv4/ip_conntrack_max` tail /var/log/checknat.log fi WebSVN - czfcentos - Blame - Rev 3 - /trunk/router/usr/local/bin/checknat
  jablonka.czprosek.czf

czfcentos

 Subversion Repositories:
[/] [trunk/] [router/] [usr/] [local/] [bin/] [checknat] - Blame information for rev 3

 

Line No. Rev Author Line

Powered by WebSVN 2.2.1