Too many connections closed by foreign host

In linux, the Too many ons closed by foreign host problem has a large relationship with the firewall. It may be your local firewall or the firewall of a certain node of the route, the most likely is the server's firewall.

Firewall Problems

Today, the "Too connector connectionsConnection closed by foreign host" error occurs in mysql. This error has also occurred on the testing machine before. I didn't pay attention to it at the time. I only restarted the web server on the testing machine regularly to solve the problem. However, the servers that appear on the Internet today cannot perform some operations. Unfortunately, no useful information was found on baidu. These are all articles written by Tom.

Later, according to a friend's analysis, it may be caused by iptables. Because iptables in linux uses ip_conntrack for tracking, all inbound and outbound data packets are recorded in the connection tracking table, including tcp, udp, and icmp. Once the connection tracking table is filled up, packet loss occurs, resulting in network instability.

This time, I added a new iptables condition last night. In the case of a large number of accesses, a packet loss occurred. Mysql error occurs, and mysql does not occupy the cpu because it does not obtain the correct connection.

Solution:

First, you need to load the ip_conntrack module and then adjust it through the following interface, for example:

Reference

The Code is as follows:	Copy code
Modprobe ip_conntrack Sysctl-w net. ipv4.netfilter. ip_conntrack_max = 655360

To support 655360 trace records, set the hash bucket to 81920:

The Code is as follows:	Copy code
Modprobe ip_conntrack hashsize = 81920

Or add it to the/etc/modprobe. conf configuration file:

The Code is as follows:	Copy code
Options ip_conntrack hashsize = 81920

In this way, the size of the connection trace table can be set when the ip_conntrack module is loaded.

Another possibility

Today, I used xshell to link the server installed some time ago. The following prompt is displayed:

Connection closed by foreign host.

This means that the host connection is disconnected. This problem has nothing to do with your IPTABLES and firewall.

The original cause is that the TCP connection to the SSHD server is in the half-open state when your client is suddenly disconnected. When the same client establishes a TCP connection again, the server detects this semi-open TCP connection and returns a TCP packet with the RST set to the client, the client displays the connection closed by foreign host.
This is a protection measure of the TCP protocol, and it is not a mistake. You only need to connect to the server again.

I use wifi. After logging on to the route, the network is disconnected and the link is automatically reconnected!