Search Results

Search found 3 results on 1 pages for 'kwiksand'.

Page 1/1 | 1 

• MySQL-5.5.10 - Lost connection to MySQL server during query (Both Web Clients and MySQL Slaves)

  - by kwiksand

  We've just upgraded our existing MySQL5.1 DB servers to newer (much better) hardware with MySQL 5.5, and things have been going mostly smoothly for almost 6 weeks. Just the last few days, I've noticed a few errors, such as: From a MySQL Slave: [ERROR] Error reading packet from server: Lost connection to MySQL server during query ( server_errno=2013) Or From Apache/Other: Lost connection to MySQL server at 'reading initial communication packet', system error: 110 At one point this evening, many webnodes reported this error for a three minute period (many such reports as this was in a busy period). However, the issues don't appear to correspond with any times of extreme load. For all intents and purposes, the connection/thread load on MySQL is at a normal rate (between about 10 and 40 connected threads), and Web load has been a LOT higher at times over the last few weeks. Could there bee other reasons for these connection errors, that I'm not seeing?

  Read the article

• Default Gateway solution on NAT'd network (best options)

  - by kwiksand

  I've recently changed a network from a bunch of machines exposed to the net on a network to a more security conscious Firewall-fronted network with a DMZ for public services. Everything's mostly working perfectly now, but I've got the old problem of NAT Loopback where a machine within the LAN wants to access a public service via the public/external IP. I've solved this problem previously in a small/SOHO environment simply using NAT loopback features of the router in use or a simple iptables rule to do the same, but I want to make sure I make the most resilient choice with the least concern. It seems I can: Use iptables as I've said to DNAT and MASQUERADE the change source/destination so the connection works correctly i.e iptables -A PREROUTING -t nat -d ip.of.eth0.here -p tcp --dport 8080 -j DNAT --to 192.168.0.201:8080 iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp --dport 8080 -d 192.168.0.201 -j MASQUERADE Use split DNS, with internal mappings for public IP's Potentially do some route nastyness by setting the Default Gateway to use a different externally exposed IP to then come back in the public route (messy) Someone mentioned putting the Default Gateway within the DMZ as well (on serverfault), but I can't find the post again. I'm sure this is a common issue for many with NAT'd networks, but I've not really seen the perfect solve all when it comes to fixing this problem. What is your opinion?

  Read the article

• Blocking a country (mass iP Ranges), best practice for the actual block

  - by kwiksand

  Hi all, This question has obviously been asked many times in many different forms, but I can't find an actual answer to the specific plan I've got. We run a popular European Commercial deals site, and are getting a large amount of incoming registrations/traffic from countries who cannot even take part in the deals we offer (and many of the retailers aren't even known outside Western Europe). I've identified the problem area to block a lot of this traffic, but (as expected) there are thousands of ip ranges required. My question now (finally!). On a test server, I created a script to block each range within iptables, but the amount of time it took to add the rules was large, and then iptables was unresponsive after this (especially when attempting a iptables -L). What is the most efficient way of blocking large numbers of ip ranges: iptables? Or a plugin where I can preload them efficiantly? hosts.deny? .htaccess (nasty as I'd be running it in apache on every load balanced web server)? Cheers

  Read the article

1