CSF Timeout when retrieving GeoIP information

[vlus]

Hello,

I am very thankful to this message board for some great information. I am running CSF v6.39 on a Centos 5.1 server using WHM 11.4.31 web interface. This is a quad dual xeon server w/32GB ram.

I am successfully using CC_DENY to block several countries. I have been able to add up to about 15,000 IP blocks in a few minutes, however, adding any more country codes seems to cause the connection to time out.

I do not believe it is my server, but rather it seems as though after a few minutes of retrieving IP's it seems to lose the connection to Maxmind, so I have a few questions.

a) I saw in the changelog - "Extended urlget timeout to 300 seconds to help cope with the large MaxMind City Database download where enabled". Can I access this setting and increase this time to solve my problem?

b) I checked many files within usr/local/csf and etc/csf and do not see any reference to a setting of 'urlget'

c) if I can not change this setting, or, if this setting is not related to my problem, is there a way I can manually download the database of GeoIP's, and then somehow direct CSF to load the IP's from a locally stored database or table?


Thank you in advance for your fine product and knowledge to assist.
Vlus

[ForumAdmin]

It would help if you posted the exact error message, but I suspect the reason is that you're blocking access to a country where the maxmind mirror exists from where it is trying to download their database.

[vlus]

Hello and thank you for your reply.

I'm not getting a specific error in the WHM interface, but rather the update just appears to hang after 4 or 5 minutes and from that point no matter how much longer I let it go, it retrieves no more addresses. I've let it sit for several hours and whatever number of IP blocks it stopped at thats it.

Is there a specific place I might be able to retrieve an error log? I have full admin priviledges but am admittedly at hunt and peck skill beyond the GUI. I do have an SSH program and have browsed around a bit in the server.

Also, you mentioned, that maxmind may be stalling when trying to access a particular db for a particular country. Am I incorrect that Maxmind assembles their own db's then - in other words are you saying Maxmind is picking up each country db more or less on demand. Also, I've changed the last country a few times but the problem persists. The number of IP's retrieved changes and it seems more related to 'time' than number of IPs.

If I can not stop the time out, can I download the db of IP's locally to server and then point CSF to that file?

Thank you kindly!
Vlus

[ForumAdmin]

Any information available will be in the /var/log/lfd.log file.

[vlus]

Thank you for pointing me in this direction. I have determined it is not timing out when connecting to GeoIP, and in fact the current GeoIP db is downloaded to the server, as are all the various country zone files.

After thinking the time out was happening whenever it got to a particular country, I started switching out the countries that I was blocking, and also the order. That has had no effect.

There is just a certain point where on restart it fails. I dont know if it the number of IP's or some other glitch, but my server isnt even breaking a sweat at this point.

Here is the error that I get whenever CSF hangs on restart:

You have an unresolved error when starting csf:
Error: Error processing command for line [1520] (6 times): [iptables: Unknown error 4294967295], at line 1520 in /usr/sbin/csf

You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error

Its ALWAYS line 1520. What is that related to? How can I fix this? Thanks in advance for your insight.

Vlus

[vlus]

Hello,

I have opened the file /usr/bin/csf in my html editor and line #1520 is:
&syscommand(__LINE__,"$config{IPTABLES} $verbose -I CC_DENY -s $ip -j $drop");



I see it has something to do with CC_DENY, but I dont understand why CSF keeps erroring at this line. Is there something on this line that I can edit? To reiterate from my last post, the error message always indicates this line, regardless of the order in which I enter country codes. There just seems to be a certain point at which CSF will throw this error regardless of which cc.

Please help, thank you in advance. Please let me know if there is something else I can be looking for, thanks you.
Vlus

[ForumAdmin]

Error: Error processing command for line [1520] (6 times): [iptables: Unknown error 4294967295], at line 1520 in /usr/sbin/csf

That is an iptables/kernel error and not something we can help with. I would guess from the circumstances iptables has run out of either a kernel resource or memory.