czfcentos |
Subversion Repositories: |
Compare with Previous - Blame - Download
#!/bin/bash
# Kontrola poctu spojeni a pripadne zvetseni limitu
#
#now we 3times try clean all unused iptables modules
/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null
/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null
/sbin/rmmod ip_nat iptable_nat ip_conntrack ip_tables iptable_filter ipt_REJECT 2&> /dev/null
#test for conntrack and if no one is find then we exit the script
if [ ! -e /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established ]
then
if [ "$1 x" = "-status x" ]
then
echo "No NAT detected"
fi
exit 0
fi
#when this place was reached then we are usin conntrack table
#filling all constants to get optimal timeouts
#the most important is ip_conntrack_tcp_timeout_established
echo 50 > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
echo 5 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 120 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
echo 21600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
#now we check the size of conntrack table and if it is too tight to the
#limit then we increase this limit
ipc=`cat /proc/sys/net/ipv4/ip_conntrack_max`
ipc=`expr $ipc - 4000`;
if [ `cat /proc/net/ip_conntrack | wc -l` -gt $ipc ]
then
if [ $ipc -lt 56000 ]
then
date | tr '\n' ' ' >> /var/log/checknat.log
echo "Increasing conntrack table size to $ipc + 8000" >> /var/log/checknat.log
ipc=`expr $ipc + 8000`;
echo "Increasing conntrack table size to $ipc" >> /var/log/checknat.log
echo $ipc > /proc/sys/net/ipv4/ip_conntrack_max
else
date | tr '\n' ' ' >> /var/log/checknat.log
echo "Conntrack table upper limit reached" >> /var/log/checknat.log
fi
fi
if [ "$1 x" = "-status x" ]
then
echo "Conntrack TBL = "`cat /proc/net/ip_conntrack | wc -l`
echo "Conntrack MAX = "`cat /proc/sys/net/ipv4/ip_conntrack_max`
tail /var/log/checknat.log
fi