UnrealIRCd Forums

Hi,

I'm running version 3.2.7 on FreeBSD. Everything works great overall. However, I noticed that the number of connections I can have open to the server seems to be limited and the parameters in unrealircd.conf don't seem to have any impact when I changed them.

Here is my situation. I have 3 bots running and they connect from a single IP# (the same IP# as the server). I wanted to login with two clients (one via mIRC and one via Java) for testing, but noticed I couldn't login both at the same time. It's as though my number of connections per my IP# are limited to 4 - even though in my .conf file, I have raised them. Is there a bug which is keeping the server from properly allowing additional connections? If I kill one of my clients, then the other one can get on okay. But when I try to run them both (along with the 3 bots), it seems the 5th connection is not allowed. here is how I have some of my different settings. Anyone have any ideas what might be wrong or why my connections per IP# are being limited? The bots run under the bots class. Everyone else is under clients.

class clients
{
pingfreq 90;
maxclients 500;
sendq 100000;
recvq 30000;
// connfreq 10; /* How many seconds between each connection attempt */

};

class bots
{
pingfreq 300;
maxclients 10;
sendq 100000;
recvq 30000;
// connfreq 10; /* How many seconds between each connection attempt */

};

allow {
ip *@*;
hostname *@*;
class clients;
maxperip 500;
};

allow {
ip *@*;
hostname *@*;
class bots;
maxperip 10;
};


/* Throttling: this example sets a limit of 3 connection attempts per 60s (per host). */
throttle {
connections 9;
period 30s;
};

update: this error doesn't seem to be related to the IP#... I had a remote user try to connect and no luck. It seems to be that the server is limiting the # of people down to like 7 or 8 total. Any ideas what would cause something like this to happen?

Ray

The problem is the allow blocks. These blocks associate based on IP/Hostname, and/or password. What is happening is that all users are being dropped in the bots class, which has a limit of 10 users.

To prevent this happening, if your bots are all from the same IP/Host, change the IP settings in the allow block for the bots and rehash.

To quote documentation:

The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" will mean it will always match. Also the allow blocks are read upside down, so you need specific host/ip allow blocks AFTER your general *@* allow blocks. Additionally, if you want to setup a block that only matches based on IP, then set the hostname to something invalid, such as "hostname NOBODY;", this will allow the block to only match based on IP.

You may also want to check the max-per-ip setting for the general clients list, as with a max-per-ip of 500, it will allow the same IP to make 500 connections to the server, clone-flooding the class.

Thanks for your help. After further testing, I tracked down the problem. Our !@#$% ISP was blocking traffic on port 6667. Not just blocking traffic, but quietly limiting the number of concurrent connections to 6. As a result, 6 users could log into the room, but once the 7th tried to, the connection would fail. Either the provider (AT&T in this case) was trying to cut down on viruses that use port 6667 and/or they were trying to restrict their clients from running ircd servers off their connections. Either way, it was a difficult problem to track down. I had to telnet to the local 192.168.x.x IP# and do a bunch of manual IRC connections using port 6667 vs another port in order to isolate the problem.

Ray