[ubuntu-uk] OT: Debian apache2 problem
kirrus at kirrus.co.uk
Fri Sep 12 18:48:31 BST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Jake Bunce wrote:
| Are you using static NAT, i.e 1-1, 220.127.116.11 <http://18.104.22.168> -
| 10.10.10.1 <http://10.10.10.1> or whatever your internal IP is and can
| it handle the amount of translations its performing? Also if you're
| behind a shared firewall, can it handle the amount of traffic passing
| through it? Check your firewall/iptables logs where connections are
| initialized, but not followed through - TCP SYN messages from different
| hosts but no SYN/ACK - SYN. Could indicate a DDoS attack. I had no
| trouble viewing your site though.
Currently, I have no firewall - the traffic is only running through the
routers, and no NAT. I keep meaning to load up a firewall at some point,
but I'm not sure enough of shorewall's configuration to actually turn it
on. (Locking yourself out is bad).
Apache is running on almost-default config, with a couple of tweaks for
The box now has 13 open connections, four of which are in CLOSE_WAIT
state.. (netstat -nt)
There's nothing showing up in the error or access logs :S
| 2008/9/12 Johnathon Tinsley <kirrus at kirrus.co.uk
| <mailto:kirrus at kirrus.co.uk>>
| Hello all,
| Slightly off topic.. I'm working on a debian server, which is currently
| hosting my blog: kirrus.co.uk <http://kirrus.co.uk>
| Unfortunately, something appears to be screwy with apache2 or something
| - connections aren't being closed, and are just backing up.
| You can see this in action, if you visit the blog. Sometimes it just
| doesn't hand you all the data, and firefox sits waiting for data from
| "kirrus.co.uk <http://kirrus.co.uk>".
| Apache just spawns server processes, till the RAM runs out. Then the
| kernel starts killing processes and it doesn't appear to kill the
| logical choice of apache2.
| I've tried pinging one of the other servers in the network, to see if
| its obviously a network problem. Out of over 20,000 pings, only 4
| weren't replied to. Is there any better way to check the network
| Anyone have any other ideas of things to try?
ubuntu-uk at lists.ubuntu.com <mailto:ubuntu-uk at lists.ubuntu.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the ubuntu-uk