| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] HTTP security server woes on NG... frustration level rising...
- To: [email protected]
- Subject: [FW-1] HTTP security server woes on NG... frustration level rising...
- From: "Abe L. Getchell" <[email protected]>
- Date: Fri, 7 Jun 2002 13:11:11 -0400
- Importance: Normal
- Organization: -
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Greetings all,
I'm having an issue with the HTTP security server (trying to do
some URL filtering) and I'm hoping someone has come up with a solution
to this, 'cause I'm finding lots of people asking the question but no
one offering a solution. I'm running FireWall-1 NG FP1 on Solaris 8 in
64-bit mode.
The original problem was that I was receiving a lot of "error in
accept statement: Too many open files" errors in ahttpd.elog. Searched
on Google, came up with a fix (added "set rlim_fd_max=32768" and "set
rlim_fd_cur=4096" in /etc/system - as well as a number of other tweaks I
found in a performance tuning guide on Checkpoint's web site), and I'm
no longer receiving that error message. Instead, I'm now receiving and
equally large number of the following:
T_get_event: bad socket/type: 1075/0
T_get_event: bad socket/type: 1076/0
T_get_event: bad socket/type: 1076/0
T_get_event: bad socket/type: 1077/1
T_get_event: bad socket/type: 1077/1
T_get_event: bad socket/type: 1078/1
T_get_event: bad socket/type: 1078/1
T_get_event: bad socket/type: 1079/0
T_get_event: bad socket/type: 1079/0
T_get_event: bad socket/type: 1080/0
T_get_event: bad socket/type: 1080/0
T_get_event: bad socket/type: 1081/0
T_get_event: bad socket/type: 1081/0
T_get_event: bad socket/type: 1082/0
T_get_event: bad socket/type: 1082/0
Seems to be incrementing port numbers, but I'm not sure why it
would be saying that it couldn't bind a socket to that port... if that
indeed is what it's saying. =) Anywho, has anyone ran across this and
come up with a fix?
I'm also receiving tons of "Cannot connect to WWW-server:
Transport endpoint is not connected" errors in ahttpd.elg. From what I
can find after some searching is that this is a "normal" error which
could mean that a user might have hit "Cancel" while a page was loading
or in some other way broke the connection. Is this true? If it is, how
can I keep the log from being flooded with these?
Last but not least, I'm also receiving the following entries in
ahttpd.elg:
cpsc: Unable to find default lang tag
Could not open file /opt/CPfw1-50/conf/netso.ini
Everything works fine regardless of these errors, but what is
netso.ini and SHOULD it have been created somehow during the
installation or configuration of the firewall?
Thanks,
Abe
--
Abe L. Getchell
Security Engineer
[email protected]
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
