[ previous ] [ next ] [ threads ]
 
 From:  "Posch, Christian" <Christian dot Posch at uibk dot ac dot at>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Issues with Captive Portal in 1.3b18
 Date:  Tue, 6 Oct 2009 13:43:02 +0200
Hello,

we are using the m0n0wall 1.3b18 Captive Portal running on an vmware esx
server, to authenticate users and noticed the following issues:

If users have clients for file distribution networks like rapidshare,
their aggressive connection requests on port 80 cause a strain on the
m0n0wall instance.
Issuing a netstat -an command in exec.php shows many TCP-Connections to
the Captive Portal address on port 8001 that are in FIN_WAIT_2 state.
Furthermore the processlist in status.php shows a lot of idle mini_httpd
processes that eat up memory. The problem is that they are kept for days
and render the machine unusable when the memory starts to fill.
According to the syslog in this state php-processes get killed because
the machine runs out of swap space.

We tried to mitigate this problem by patching the firewall rules, to
limit the number of concurrent redirects per client, and adding a sleep
in the captiveportal before the redirect, however the problem still
persists.

My question is if anyone had similar problems, and if the TCP-behavior
with the stale TCP connections in FIN_WAIT_2 is a issue of m0n0wall or
FreeBSD.
I would be thankful for any ideas.


Best Regards
Christian Posch
Zentraler Informatikdienst (Central IT Services) Universitaet Innsbruck
Technikerstrasse 23        Tel: ++43512/507-2307
6020 Innsbruck             Fax: ++43512/507-2944
Austria                    E-Mail: christian dot posch at uibk dot ac dot at