[opencms-dev] MySQL, OpenCms and a 3Com Superstack firewall

Arash Kaffamanesh arash.kaffamanesh at pomegranate.de
Mon Sep 19 23:20:21 CEST 2005 

Hi Clayton,

The network guys probably wouldn't allow or can't let to keep the
connection alive, as it is a security risk somehow (I don't know myself
how to abuse it :-)). But it must be possible to close the connection
after a specifc time, but I think OpenCms's connection pooling
implemenation dosen't support this setting / feature, that's not a bug,
it's a feature :-)

As mentioned before the quick an dirty solution is a croned wget job
every x-minutes.

Cheers,
Arash

-----Original Message-----
From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Corbey, Clayton
Sent: Montag, 19. September 2005 15:22
To: joe at galway.net; The OpenCms mailing list
Subject: RE: [opencms-dev] MySQL, OpenCms and a 3Com Superstack firewall


FYI,

I have confirmed that it is the firewall that is timing out the inactive
TCP connection. Neither the CMS server (in the DMZ), or the MySQL server
(in the LAN) knows about this being killed; a netstat claims the
connection is ESTABLISHED. I am going to talk to my network guys to see
if we can't just allow that connection to stay alive regardless of
activity (a trusted connection or a pervasive; I don't know what it's
called!).

Otherwise I have no idea of what else I could do. Any ideas?

-Clayton

-----Original Message-----
From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Joe Desbonnet
Sent: Friday, September 16, 2005 18:30
To: The OpenCms mailing list
Subject: Re: [opencms-dev] MySQL, OpenCms and a 3Com Superstack firewall

My guess is that the TCP connections to the DB are being held open by
the connection pool, but because of the inactivity the firewall is
destroying the connection without either end being aware of this. As an
experiment setup a cron job or other script to run at say 10min
intervals that will cause db activity (eg loading a page). Look at the
MySQL logs or tcpdump and make sure that it's actually generating DB
queries and not just being cached in Tomcat/OpenCms.  Now see if the
problem persists.

If that is the problem, I'm not sure what's the best solution. It's
possible that the MySQL JDBC driver has a keepalive option. Or your
firewall may have some configurable option on this.

Joe.


On 9/16/05, Corbey, Clayton <CorbeyC at brandonrha.mb.ca> wrote:
>  
>  
> 
> Help, my firewall hates mysql.
> 
>   
> 
> I've installed OpenCms on our production server in the DMZ and the new

> database was created inside our network on the LAN. I've entered the
rules
> on the firewall to allow port 3306 TCP and UDP to be open from the DMZ
(the
> OpenCms app) to the MySQL 4.1.14 DB. I've confirmed it's open with
'telnet
> DB_SERVER 3306'.
> 
>   
> 
> I fired up Tomcat, and everything worked great. Ran setup, configured
the
> server, displayed our website and was proud!
> 
>   
> 
> Now, after about 10 or 20 minutes or so of inactivity, I can't
connect; not
> to the website OR the admin area of OpenCms. No errors at all.
Nothing,
> absolutely nothing. I've done 'tcpdump port 3306' on both ends and the

> request is being sent from the CMS server in the DMZ, but not received
by
> the DB server on the inside. I know this means that the connection has
been
> lost (ie firewall is eating the request up. Netstat says that I'm
still
> connected, but I'm not so sure. I know Tomcat is fine, b/c I can go
other
> web shares on the server.
> 
>   
> 
> Why would everything work initially but after a period of inactivity
it
> fails with NO ERROR!??!?!?!?!
> 
> WHAT CAN I DO????!?!??!
> 
>   
> 
> Somebody help.
> 
>   
> 
> -Clayton
> 
>   
> 
> CONFIDENTIALITY NOTICE:  This message is intended only for the use of
the
> individual or entity to which it is addressed and may contain
information
> that is privileged, confidential and exempt from disclosure under
applicable
> law.  If the reader of this message is not the intended recipient you
are
> hereby notified that any distribution, copying, disclosure and use of,
or
> reliance on the contents of this transmission is strictly prohibited.
If
> you have received this transmission in error, please notify us
immediately
> by return e-mail and destroy the transmission by deleting the original

> message, attachments and all copies.
>  
> 
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please
visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
>


_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please
visit http://mail.opencms.org/mailman/listinfo/opencms-dev


_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please
visit http://mail.opencms.org/mailman/listinfo/opencms-dev

More information about the opencms-dev mailing list