jablonka.czprosek.czf

czfcentos

Subversion Repositories:
[/] [trunk/] [router/] [usr/] [local/] [bin/] [checknat] - Rev 3

Compare with Previous - Blame - Download


#!/bin/bash
# Kontrola poctu spojeni a pripadne zvetseni limitu
#

#now we 3times try clean all unused iptables modules
/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT  2&> /dev/null
/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT  2&> /dev/null
/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT  2&> /dev/null

#test for conntrack and if no one is find then we exit the script
if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established ]
  then
    if [ "$1 x" = "-status x" ]
      then
        echo "No NAT detected"
    fi
    exit 0
fi

#when this place was reached then we are usin conntrack table
#filling all constants to get optimal timeouts
#the most important is ip_conntrack_tcp_timeout_established
echo 50  > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 5   > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 60  > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 60  > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 10  > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
echo 21600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

#now we check the size of conntrack table and if it is too tight to the
#limit then we increase this limit
ipc=`cat /proc/sys/net/ipv4/ip_conntrack_max`
ipc=`expr $ipc - 4000`;

if [ `cat /proc/net/ip_conntrack | wc -l` -gt $ipc ]
then
 if [ $ipc -lt 56000 ]
 then
  date | tr '\n' ' ' >> /var/log/checknat.log
  echo "Increasing conntrack table size to $ipc + 8000" >> /var/log/checknat.log
  ipc=`expr $ipc + 8000`;
  echo "Increasing conntrack table size to $ipc" >> /var/log/checknat.log
  echo $ipc > /proc/sys/net/ipv4/ip_conntrack_max
 else
  date | tr '\n' ' ' >> /var/log/checknat.log
  echo "Conntrack table upper limit reached" >> /var/log/checknat.log
 fi
fi

if [ "$1 x" = "-status x" ]
then
  echo "Conntrack TBL = "`cat /proc/net/ip_conntrack | wc -l`
  echo "Conntrack MAX = "`cat /proc/sys/net/ipv4/ip_conntrack_max`
  tail /var/log/checknat.log
fi


Powered by WebSVN 2.2.1