Firewall-related issues
There is a "Too many connectionsconnection closed by foreign host" error in MySQL server today. This error occurred in the test machine before, but did not pay attention to it, just the Web server in the test machine to restart regularly to resolve the problem. And today's appearance of the external network server, can not be as some operation. Unfortunately, on the basis of Baidu did not find useful information. Are some small white writing articles.
Later, by a friend analysis, may be iptables caused. Because Linux under the iptables are using ip_conntrack for tracking, all the incoming and outgoing packets will be recorded in the connection tracking table, including TCP,UDP,ICMP, once the connection tracking table is filled, will be lost packets, resulting in network instability.
And this time I just happened to be due to the addition of new iptables conditions last night, in a large number of visits, there have been a switch. Cause MySQL error, and finally MySQL because did not get the correct connection, and completely did not occupy the CPU.
Workaround:
First you need to load the Ip_conntrack module and then adjust it through the following interfaces, for example:
The code is as follows |
Copy Code |
Modprobe Ip_conntrack
Sysctl–w Net.ipv4.netfilter.ip_conntrack_max = 655360
|
If you need to support 655,360 track records, just set the hash bucket to 81920:
The code is as follows |
Copy Code |
Modprobe Ip_conntrack hashsize=81920 |
Or add to the/etc/modprobe.conf configuration file:
The code is as follows |
Copy Code |
Options Ip_conntrack hashsize=81920
|
In this way, you can set the size of the connection tracking table when the Ip_conntrack module is loaded.
Another possibility
Today, with Xshell to link the previous time installed server, the following prompts appear:
Connection closed by foreign host.
Disconnect the host link, this problem, with your iptables, firewalls and anything is okay.
This is due to the 22 port that was originally connected to the SSHD server process, and when your client suddenly disconnects, the server-side TCP connection is in a half-open state. The next time the same client establishes a TCP connection, the server detects the Half-open TCP connection and then connection the client to a TCP message with a bit RST, and the client displays the closed by foreign host.
This is the TCP protocol itself a protection, not a mistake, you just reconnect to the server can be connected.
I use WiFi, and then log in after the route, broken network, automatic relink can be!