為什么Gateway會(huì)主動(dòng)關(guān)閉客戶端？

Wakada 更新于2019-10-30

這是我的配置：

'count'                => 10, //進(jìn)程數(shù)
'startPort'            => 2800, //開始端口
'pingInterval'         => 60, //心跳包間隔時(shí)間
'pingNotResponseLimit' => 3,
'pingData'             => '{"action":"ping"}'

現(xiàn)在有這種癥狀，Gateway發(fā)了3個(gè)心跳包后，客戶端就被關(guān)閉了，一直找不出是什么原因，嘗試把60秒改為25秒也是一樣，可以肯定的是客戶端沒有主動(dòng)斷開連接。

 6540  7 0

7個(gè)回答

walkor 2017-01-05

打賞

pingNotResponseLimit 改成0試下。

Wakada 2017-01-06

我直接把防火墻關(guān)閉后就不會(huì)出現(xiàn)這種情況。
Wakada 2017-01-06

能否指點(diǎn)下排除問(wèn)題的思路？

Wakada 2017-01-06

防火墻配置如下，不知道是否會(huì)受什么影響：

:INPUT DROP 
:FORWARD ACCEPT 
:OUTPUT ACCEPT 
:syn-flood - 
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8383 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2800:2810 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1239 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT

第二張圖是 ulimit -a

暫無(wú)評(píng)論

walkor 2017-01-06

打賞

pingInterval 時(shí)間太長(zhǎng)了，鏈接長(zhǎng)時(shí)間空閑被防火墻關(guān)閉了，改成30秒

Wakada 2017-01-06

25秒也是一樣
Wakada 2017-01-06

實(shí)在是抓破頭腦，想不出哪里出問(wèn)題。

Wakada 2017-01-06

@walkor 有其他可以解決問(wèn)題的思路么

暫無(wú)評(píng)論

walkor 2017-01-06

打賞

運(yùn)行
sysctl -a| grep netfilter
結(jié)果貼下

Wakada 2017-01-07

見下面，有空麻煩看看

Wakada 2017-01-07

@walkor

有問(wèn)題的服務(wù)器：

net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.2 = NONE
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log.10 = NONE
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE

另外一臺(tái)沒有問(wèn)題的服務(wù)器：環(huán)境一樣，區(qū)別那么多？

net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.2 = NONE
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log.10 = NONE
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_acct = 0
net.netfilter.nf_conntrack_events = 1
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.netfilter.nf_conntrack_max = 65536
net.netfilter.nf_conntrack_count = 6470
net.netfilter.nf_conntrack_buckets = 16384
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_expect_max = 256