Announcement

**support200** · 10-20-2022, 01:15 AM

With NxRelay, you can see the number of private IPs and usernames behind a router. How many local IPs for your operator on 'Report > Operator Stats'?

**jimusik** · 10-20-2022, 04:49 PM

Looks like 22 IPs. I have it limited to 50.

Attached Files

**support200** · 10-20-2022, 09:48 PM

No. You have it limited to 20. It's Max User. Max User IP is about how many IP associations an operator can make.

**jimusik** · 10-20-2022, 10:45 PM

Ok, but this doesn't answer my question.

Why am I reaching Too Many Users for Operator when I haven't reached the user limit or the IP limit and only have 40k requests in the day it happened. As you can see on the 19th I had only 48814 requests - why did I get "too many users".

Also - why when I get too many users was NXRelay not responding with internal IP addresses and was defaulting to external addresses?

Thanks,

Jim

**support200** · 10-20-2022, 11:52 PM

Max User is for license counting. When you don't know how many users behind a router NxCloud counts DNS requests but you use NxRelay and now you know how many users behind a router. Then we count usernames or private IPs.

Max User 20 means, the operator can make 60k request a day. 20 x 3000 = 60k. And the warning message for license violation by request counting is 'Too many requests' in my memory.

Maybe we should remove that Max User IP. It was there to prevent IP collision by operators. But it's confusing when you use NxRelay.

**jimusik** · 10-21-2022, 10:28 PM

Thanks Support200 but you haven't really answered my critical questions:

1) Why would the "too many requests" display when there are not too many requests according to the logs (i.e. using only 48k DNS queries in 24 hours when the max is 60k)?
2) Why does NXRelay stop redirecting local domain traffic when the "too many requests" is throwing errors in the log (i.e. nas.consanto.com redirects internally to a 192. address and works when NXRelay is functioning properly - when the "too many requests" error shows up, it starts redirecting to an public IP 173. which is inaccessible to my local computers)?

Thanks,

Jim

**support200** · 10-21-2022, 11:25 PM

In your previous postings, I only see 'Too many users' not 'Too many requests'. Where did you see your log? In the log flle? Which one then? From your NxCloud log file or NxRelay log file? Or from GUI? If it's from a log file send it to us at support @ nxfilter.org.

About your second question, send me the log file of your NxRelay when it happens. As far as I know, the license restriction is on NxCloud not on NxRelay. What's that 173.x server? Is it your NxCloud server?

**jimusik** · 10-25-2022, 11:00 PM

Support200, I sent you the logs and additional questions. I'm posting here for the record if anyone else is looking for this question. The error log shows:

INFO [10-25 22:44:08] - RHiAD, User overflow by local client IP count, operator = <operator>, IP count = 22.

So, it looks like you are not just counting the number of dns requests against NXCloud but also counting the individual local IPs sent by the Relay. I have IPs set to 50 but clearly that doesn't have an affect. Only when I increased my max users over 20 did it clear and properly respond to the DNS requests.

I can definitively confirm that the NXRelay fails to send the local DNS queries when the "too many users for operator" error is displayed. As soon as I resolved the users over 20, it began responding with the Local DNS again. This needs to be fixed in my opinion. A DNS service that stops providing local DNS when there's an error on the server side is useless. I appreciate the stop when the license is maxed and that it still continues to function, but it shouldn't bomb internal resources.

Thanks,

Jim

**support200** · 10-25-2022, 11:42 PM

Read the previous postings again. I already told you that NxRelay counts local IPs. When you don't know the number of local IPs then it counts DNS requests. But you use NxRelay and you know the number of local IPs then you know the exact number of users behind a router. That's one of the purposes of using NxRelay.

I also told you Max User IP is about the number of IP association for an operator. It's not for User Counting. It's there to prevent IP collision by operators.

We will see if that license block also blocks local DNS queries.

**support200** · 10-26-2022, 01:26 AM

NxCloud doesn't do DNS resolving for NxRelay. It is just a policy server for NxRelay. The actual DNS resolving is on NxRelay side. Even if it gets blocked by User Overflow or any license problem, it should still work. And I just tested the whole process again and it works fine.

You sent me the log file of NxCloud. It's not about your NxRelay problem. I already explained several times about the difference between Max User and Max IP. The remaining problem is about your NxRelay doesn't send any DNS queries to anywhere? Or it sends DNS queries to your local DNS server?

Do you know that your local DNS server is your upstream server when you use NxRelay? NxRelay always resolves domains through your local DNS server. But you said,

As soon as I resolved the users over 20, it began responding with the Local DNS again.

What's 'began responding'? If it means that NxRelay queries your local DNS server, it always does. And that's why NxRelay is safe. It always works even if it loses the connection to NxCloud.

When you say 'bomb internal resources', does it mean that NxRelay stop DNS resolving? We stop filtering with license violation but we don't stop DNS resolving.

**jimusik** · 10-26-2022, 02:15 AM

"Its always DNS" - looks like my issues are not related to the "Too many users" problem. Running down that issue separately and tweaking my internal DNS settings.

**support200** · 10-29-2022, 06:25 AM

To prevent confusions in future, we changed several things about NxCloud. https://forum.nxfilter.org/announcem...aslist-license

Announcement

NXCloud - "Too Many Users" - Beating the Dead Horse

NXCloud - "Too Many Users" - Beating the Dead Horse

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment