I've got my RT 3.4.5 server sitting in my DMZ and my mysql server on my internal network. Under varying circumstances, my users will experience an unresponsive RT. 'It just hangs' is what I'm told.
I can correlate these reports with logs from the PIX firewall tearing down the tcp connection to the internal mysql server, and then the many denied connections from the RT front end to the database. Logs appended. Is there a way to configure RT to close the connection to the database after a certain time? Or alternatively to send keepalives on the established database connection? I'd prefer the finite lifeftime of the connection option, if I have a choice. I'm seeing several > 4 hour connections through the firewall, and then there are still a dozen or more attempts from the RT server to the database that are then getting dropped. Thanks for pointers, Mark Aug 3 06:11:08 10.0.9.1 %PIX-6-302013: Built inbound TCP connection 16482624 for dmz:10.0.100.20/33721 (1.2.3.4/33721) to inside:10.0.9.51/3306 (10.0.9.51/3306) Aug 3 10:40:14 10.0.9.1 %PIX-6-302014: Teardown TCP connection 16482624 for dmz:10.0.100.20/33721 to inside:10.0.9.51/3306 duration 4:29:11 bytes 1132707 Conn-timeout Aug 3 10:48:57 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:48:57 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:48:57 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:48:58 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:48:59 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:49:02 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:49:08 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:49:19 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:49:42 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:50:27 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:51:58 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:53:45 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:55:32 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:57:20 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 10:59:10 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz Aug 3 11:01:00 10.0.9.1 %PIX-6-106015: Deny TCP (no connection) from 10.0.100.20/33721 to 10.0.9.51/3306 flags PSH ACK on interface dmz _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
