Recently Unable to connect Linux server via SSH, HTTP access service on the server is also abnormal. Can ping, but telnet port timeout, timeout website wget, access timeout.
Finally, the investigation is the kernel configuration issues
Net.ipv4.tcp_timestamps originally set to 1, that enable timestamp
cat /proc/sys/net/ipv4/tcp_timestamps
Then turn it off
Modify /etc/sysctl.conf.
net.ipv4.tcp_timestamps = 0
sysctl -p
Become effective
principle:
The problem lies in a three-way handshake tcp, ping pass icmp ok, http ssh mysql not ok
After nat, if the same port on the front is used, and the time stamp is greater than the syn link sent in the time stamp on the server will ignore the syn, syn-ack will not return to the message, the user can not complete the normal performance tcp3 handshake, and thus can not open a web page. In leisure service, if the user's port is not used nat obsolete, it can normally open; during the busy, high frequency reuse port nat difficult assigned port is not used, resulting in such a problem.
When only the client and server are opened timestamp, the situation can not be established tcp ping the three-way handshake to appear
netstat -s | grep timestamp
Under the same network environment, people use to access the Internet with a public IP, then NAT is so greatly increases the probability of re-use of the port, Centos7 default opened a timestamp TCP / IP set up, leading to all TCP three-way handshake failure.
cat /proc/sys/net/ipv4/tcp_tw_recycle
cat /proc/sys/net/ipv4/tcp_timestamps
net.ipv4.tcp_tw_recycle=0
net.ipv4.tcp_timestamps=0
Auth:liucx
E-mail: [email protected]