Why on earth would someone need 200 connections to the server? In my DDoS protection it says that should be the default allow amount.
It depends upon your client and their environment. The DDOS protection might have just suggested you to keep 200 as a average value, but you can keep it low or high as per your usage. Keeping it too low is not advisable.
Indeed. Some protocols are very port greedy, or rather, some poorly written applications are (Microsoft IMAP clients, for example). Typically, IMAP and HTTP (depending on the site design) can have high port usage. I would normally say that 200 is the minimum with around 300 being quite normal for a busy server. Remember, that not all the connected ports are actively in use. Most will actually be hibernating before closing while waiting for stray network packets (around 2 minutes IIRC).
It just need not be one single person, the server identifies a client with a ip
and counts no of connections from that ip.
even while you make a http request itself, depending on the request the browser may open one or 2 or 3 connections. Now ftp, even it takes more than 1 connection or 2.
Finally concentrating on a fact that, if you have clients using email and apps hosted with you in a company or a lan scenario where the main access is through a single ip. I mean a no of users might be acccessing server from a single ip when internet is shared from a lan.
Say each client checking mails, uploading, browsing.
These are just assumptions, we cannot tell each single way of increasing no of connections.
and counts no of connections from that ip.
even while you make a http request itself, depending on the request the browser may open one or 2 or 3 connections. Now ftp, even it takes more than 1 connection or 2.
Finally concentrating on a fact that, if you have clients using email and apps hosted with you in a company or a lan scenario where the main access is through a single ip. I mean a no of users might be acccessing server from a single ip when internet is shared from a lan.
Say each client checking mails, uploading, browsing.
These are just assumptions, we cannot tell each single way of increasing no of connections.
TIME_WAIT is defined by /proc/sys/net/ipv4/tcp_fin_timeout. Default is 60 seconds.
set your time wait lower: 'sysctl -w net.ipv4.tcp_fin_timeout=30'
It is normal to have a socket in the TIME_WAIT state for a long period of time. The time is specified in RFC793 as twice the Maximum Segment Lifetime (MSL). MSL is specified to be 2 minutes. So, a socket could be in a TIME_WAIT state for as long as 4 minutes. Some systems implement different values (less than 2 minutes) for the MSL.
set your time wait lower: 'sysctl -w net.ipv4.tcp_fin_timeout=30'
It is normal to have a socket in the TIME_WAIT state for a long period of time. The time is specified in RFC793 as twice the Maximum Segment Lifetime (MSL). MSL is specified to be 2 minutes. So, a socket could be in a TIME_WAIT state for as long as 4 minutes. Some systems implement different values (less than 2 minutes) for the MSL.
Uhggg
I am seeing this same issue with some people using Dreamweaver. It will open over 250 FTP connections.
It seems the MaxClients setting in pure-ftpd.conf does absolutely nothing.
Anyone have any ideas on how to fix this? I have searched the forum and only see reference to the Maxclients setting, which I don't think works. I have just reinstalled pureftp and waiting to see what happens
I am seeing this same issue with some people using Dreamweaver. It will open over 250 FTP connections.
It seems the MaxClients setting in pure-ftpd.conf does absolutely nothing.
Anyone have any ideas on how to fix this? I have searched the forum and only see reference to the Maxclients setting, which I don't think works. I have just reinstalled pureftp and waiting to see what happens
bornonline,
I was wondering if you had figured out how or why Dreamweaver opens many ports sometimes... My hunch is that it may have something to do with the check in/check out feature in Dreamweaver...?
And I also wanted to suggest that the max_clients in pure_ftpd is probably not what you need to tweak anyway since it refers (I believe) to how many IPs connect to the FTP server, as opposed to the number of port connections per IP.
I was wondering if you had figured out how or why Dreamweaver opens many ports sometimes... My hunch is that it may have something to do with the check in/check out feature in Dreamweaver...?
And I also wanted to suggest that the max_clients in pure_ftpd is probably not what you need to tweak anyway since it refers (I believe) to how many IPs connect to the FTP server, as opposed to the number of port connections per IP.
I have a site that has old polaroid scans of a once popular usenet german guy's 4 girlfriends.
Every day it gets hit 3-8 times by someone with over 200 connections. The ip gets banned
I'm assuming they're just grabbing all the pictures at once.
How are they doing it?
Is there someway I can throttle the connections?
Last edited:
