[opencms-dev] MySQL, OpenCms and a 3Com Superstack firewall

Corbey, Clayton CorbeyC at brandonrha.mb.ca
Mon Sep 19 20:21:58 CEST 2005 

FYI,

Here's the only answer that I've come up with, which seems a little like
a hack to me, thanks to the firewall.

There is an idle connection timeout setting on the 3com superstack3
firewall that can be increased to a maximum of 999 minutes (approx. 16
and a half hours). Unfortunately it cannot be disabled. I'm guessing
that 3com wasn't thinking of developers when they forgot to allow this
feature to be disabled.

So going along with what Arash has mentioned, scheduling a CRON job to
run every few hours to do a GET on a page in your site and increasing
this idle connection timeout parameter seems to be the only way to
alleviate this predicament.

If anybody else has a better solution, please, post it!

-Clayton

p.s. Thanks for all the help that everybody has supplied.

-----Original Message-----
From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Joe Desbonnet
Sent: Friday, September 16, 2005 18:30
To: The OpenCms mailing list
Subject: Re: [opencms-dev] MySQL, OpenCms and a 3Com Superstack firewall

My guess is that the TCP connections to the DB are being held open by
the connection pool, but because of the inactivity the firewall is
destroying the connection without either end being aware of this. As
an experiment setup a cron job or other script to run at say 10min
intervals that will cause db activity (eg loading a page). Look at the
MySQL logs or tcpdump and make sure that it's actually generating DB
queries and not just being cached in Tomcat/OpenCms.  Now see if the
problem persists.

If that is the problem, I'm not sure what's the best solution. It's
possible that the MySQL JDBC driver has a keepalive option. Or your
firewall may have some configurable option on this.

Joe.


On 9/16/05, Corbey, Clayton <CorbeyC at brandonrha.mb.ca> wrote:
>  
>  
> 
> Help, my firewall hates mysql. 
> 
>   
> 
> I've installed OpenCms on our production server in the DMZ and the new
> database was created inside our network on the LAN. I've entered the
rules
> on the firewall to allow port 3306 TCP and UDP to be open from the DMZ
(the
> OpenCms app) to the MySQL 4.1.14 DB. I've confirmed it's open with
'telnet
> DB_SERVER 3306'. 
> 
>   
> 
> I fired up Tomcat, and everything worked great. Ran setup, configured
the
> server, displayed our website and was proud! 
> 
>   
> 
> Now, after about 10 or 20 minutes or so of inactivity, I can't
connect; not
> to the website OR the admin area of OpenCms. No errors at all.
Nothing,
> absolutely nothing. I've done 'tcpdump port 3306' on both ends and the
> request is being sent from the CMS server in the DMZ, but not received
by
> the DB server on the inside. I know this means that the connection has
been
> lost (ie firewall is eating the request up. Netstat says that I'm
still
> connected, but I'm not so sure. I know Tomcat is fine, b/c I can go
other
> web shares on the server. 
> 
>   
> 
> Why would everything work initially but after a period of inactivity
it
> fails with NO ERROR!??!?!?!?! 
> 
> WHAT CAN I DO????!?!??! 
> 
>   
> 
> Somebody help. 
> 
>   
> 
> -Clayton 
> 
>   
> 
> CONFIDENTIALITY NOTICE:  This message is intended only for the use of
the
> individual or entity to which it is addressed and may contain
information
> that is privileged, confidential and exempt from disclosure under
applicable
> law.  If the reader of this message is not the intended recipient you
are
> hereby notified that any distribution, copying, disclosure and use of,
or
> reliance on the contents of this transmission is strictly prohibited.
If
> you have received this transmission in error, please notify us
immediately
> by return e-mail and destroy the transmission by deleting the original
> message, attachments and all copies.
>  
> 
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please
visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
>


_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please
visit
http://mail.opencms.org/mailman/listinfo/opencms-dev

More information about the opencms-dev mailing list