0

I recently installed CSF firewall. Immediately after this, my Munin has stopped showing me graphs for Connections through firewall and ipconntrack. I looked into log files and found this

2011/02/27-19:45:01 CONNECT TCP Peer: "192.168.156.237:57918" Local: "192.168.170.112:4949"
2011/02/27-19:45:16 [18459] Service 'fw_conntrack' timed out.
2011/02/27-19:45:29 [18459] Service 'fw_forwarded_local' timed out.

Any help as to whats happening? How can I debug this further

Thanks

Sparsh Gupta
  • 1,117
  • 7
  • 20
  • 31
  • I have the same problem but only when the server is overloaded and has 65k connections in TIME_WAIT – Janning May 16 '11 at 07:05

1 Answers1

0

Look like Munin can not access to /proc/net/nf_conntrack.

Check /proc/net/nf_conntrack:

ls -al /proc/net/nf_conntrack
-r--r----- 1 root root 0 Фев 27 21:14 /proc/net/nf_conntrack
at /proc/net/nf_conntrack | head
ipv4     2 tcp      6 114 TIME_WAIT src=x.x.x.x dst=x.x.x.x sport=43431 dport=10050 packets=5 bytes=289 src=x.x.x.x dst=x.x.x.x sport=10050 dport=43431 packets=5 bytes=291 [ASSURED] mark=0 secmark=0 use=1

Also check nf_conntrack kernel module:

 lsmod | grep nf_conntrack
 nf_conntrack           82688  13 nf_nat_irc,nf_nat_ftp,xt_state,xt_helper,xt_conntrack,nf_conntrack_irc,nf_conntrack_ftp,iptable_nat,xt_NOTRACK,nf_conntrack_proto_udplite,nf_conntrack_netlink,nf_nat,nf_conntrack_ipv4
ooshro
  • 10,874
  • 1
  • 31
  • 31