[rt-users] RT-> DB Connection Timeout through Firewall

Mark Wiater Mark.Wiater at greybeam.com
Thu Aug 3 22:04:52 EDT 2006


I've got my RT 3.4.5 server sitting in my DMZ and my mysql server on
my internal network. Under varying circumstances, my users will
experience an unresponsive RT. 'It just hangs' is what I'm told.

I can correlate these reports with logs from the PIX firewall
tearing down the tcp connection to the internal mysql server, and
then the many denied connections from the RT front end to the
database. Logs appended.

Is there a way to configure RT to close the connection to the
database after a certain time? Or alternatively to send keepalives
on the established database connection?

I'd prefer the finite lifeftime of the connection option, if I have
a choice. I'm seeing several > 4 hour connections through the
firewall, and then there are still a dozen or more attempts from the
RT server to the database that are then getting dropped.

Thanks for pointers,

Mark

Aug  3 06:11:08 10.0.9.1 %PIX-6-302013: Built inbound TCP connection
16482624 for dmz:10.0.100.20/33721 (1.2.3.4/33721) to
inside:10.0.9.51/3306 (10.0.9.51/3306)
Aug  3 10:40:14 10.0.9.1 %PIX-6-302014: Teardown TCP connection
16482624 for dmz:10.0.100.20/33721 to inside:10.0.9.51/3306 duration
4:29:11 bytes 1132707 Conn-timeout
Aug  3 10:48:57 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:48:57 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:48:57 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:48:58 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:48:59 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:49:02 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:49:08 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:49:19 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:49:42 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:50:27 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:51:58 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:53:45 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:55:32 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:57:20 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 10:59:10 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz
Aug  3 11:01:00 10.0.9.1 %PIX-6-106015: Deny TCP (no connection)
from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK  on interface dmz




More information about the rt-users mailing list