On 3/7/2013 10:10 AM, Alex Bligh wrote:
On 7 Mar 2013, at 17:21, Daniel L. Miller wrote:
Anything's possible - but I don't have a high-visibility site. The connection counter increments gradually - a new connection every couple of seconds or so.
Why would you not expect this to happen? It's an absolute count of the number of
connections since reboot. Are you quite sure nothing is opening any inbound or
outbound connections or trying to? Do you have connection tracking on loopback?
If it's an informative counter - then I don't care. If it's active
state counter - and blocks new connections from happening when it
reaches the defined maximum - then it's very much a concern.
I'm assuming something has changed - whether it's due to an upgrade, new
software, or new device on the network I don't know. I don't know how
to look at the list of connections to determine what's getting
opened/accessed/left so I can narrow it down.
At the moment, I have a very small firehol config plus fail2ban. That's
all I know actively using iptables. I'm running OpenVPN - at times I
will setup some iptables dnat/snat for connections to remotes. So I do
need to have NAT available otherwise I'd just unload the modules and
forget about it. My primary firewall is a Mikrotik router that doesn't
have these issues - but I want at least a little protection on my main
server (which this is).
I have a web server running on a VirtualBox virtual machine via a
bridged interface. I do not have connection tracking on the VM. I
would think the web server would be the primary target of inbound
connections - for whatever that's worth. I also run mail and DNS.
I've never had this problem before - but I've been dealing with it for
about the past month. I'm sure something's changed - whether it's my
website's google visibility or a software change I don't know.
--
Daniel
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
