Failed greenbone-certdata-sync (Connection timed out (110)) (Follow up)


#1

Dear Lukas,

thanks for your answers concerning my questions posted to thread:
https://community.greenbone.net/t/failed-greenbone-certdata-sync-connection-timed-out-110/836/14

Unfortunately, you have already closed this thread.
I just wanted to leave a feedback here for the other users who might run into the problem mentioned in the thread referenced above:
The feed upate currently works fine againg for my Greenbone system with NAT and without having changed any of my network settings. Thus your last answer that the problem was caused by NAT is WRONG!
Instead, I guess that you have rebooted your feed update server in the meantime or some clean up script has finally run to remove my IP address from the “still connected list”. My suspicion is, that your implementation to ensure the connection limit of ONE connection per user / IP address does not handle aborted / crashed updates properly, thus preventing new connections after aborted / crashed feed updates (openvas-feed-update calls).
Maybe you could check your corresponding implementation.

Best wishes and thanks for your always prompt replies,
Dirk


#2

Hi,

As many times said we did not reboot or run a sofesticated price of software we just limit the rsync port to ONE connection from a Internet Host. If your router / firewall or what ever keeping the TCP Session alive or your IP is shared typical with a NAT or CGN scenario only one Host can connect. If you are behind a NAT Gateway it fully depends on your gateway how to connect. Our setup is fairly simple. As well we never block or blacklist a IP but as long a 3way handshaked TCP session on rsync is active you can’t establish a 2nd one.


How many times i can sync nvts, scapdata, certdata?