we've had similar issues on a large scanning machine. nothing like trying to keep 100,000 entries in your arp cache. try the following (at least under redhat w/ 2.4 kernels): echo 100000 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 this will increase the max size of the neighbor table to 100000 -c -- Christopher E. Cramer, Ph.D. Information Technology Security Officer Duke University, Office of Information Technology On Wed, 5 Jan 2005, WL Siew wrote:> Hi, > > I had successfully setup my bridge (br0) but after few minutes the br0 > interface seems not working. > > ifconfig eth0 0.0.0.0 > ifconfig eth5 0.0.0.0 > > brctl addbr br0 > > brctl addif br0 eth0 > brctl addif br0 eth5 > > brctl stp br0 on > > I check on my system's /var/log/syslog file. It shows something strange > messages as below: - > > Jan 2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes) > Jan 2 10:44:32 fw01 last message repeated 11 times > Jan 2 12:27:08 fw01 kernel: Neighbour table overflow. > Jan 2 12:27:11 fw01 last message repeated 9 times > Jan 2 12:27:13 fw01 kernel: NET: 10 messages suppressed. > > I unplug the network cable connected to the eth5 and run a ping to my > router...the network is up again...I am able to ping my router. > > Then, I plug the network cable to the eth5 interface again...I run the > ping to my router and suddenly I can't ping my router. The same error > messages pops out in the /var/log/syslog file. > > How can I solve this issue? > > Regards, > ro0ot > > > _______________________________________________ > Bridge mailing list > Bridge@lists.osdl.org > http://lists.osdl.org/mailman/listinfo/bridge >
Op wo, 05-01-2005 te 01:39 +0800, schreef WL Siew:> Hi, > > I had successfully setup my bridge (br0) but after few minutes the br0 > interface seems not working. > > ifconfig eth0 0.0.0.0 > ifconfig eth5 0.0.0.0 > > brctl addbr br0 > > brctl addif br0 eth0 > brctl addif br0 eth5 > > brctl stp br0 on>From the information you give, it seems that you assigned the IP address0.0.0.0 to your bridge ports and you didn't to start the bridge itself. Your box therefore has no IP address and will therefore not respond to icmp messages. Try # ifconfig br0 $IP_ADDRESS A ping to $IP_ADDRESS from another host should then work (after you start the bridge it can take a few seconds before the bridge responds).> I check on my system's /var/log/syslog file. It shows something strange > messages as below: - > > Jan 2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes) > Jan 2 10:44:32 fw01 last message repeated 11 times > Jan 2 12:27:08 fw01 kernel: Neighbour table overflow. > Jan 2 12:27:11 fw01 last message repeated 9 times > Jan 2 12:27:13 fw01 kernel: NET: 10 messages suppressed.Perhaps these are triggered by the fact that your network devices enter promiscuous mode.> I unplug the network cable connected to the eth5 and run a ping to my > router...the network is up again...I am able to ping my router.I'm assuming you are talking about the bridge box when you are talking about the router? The bridge ports of a bridge are by default not separately pingable. Only the IP address of the bridge (br0) device itself is pingable. You can change that behaviour by making a brouter. You can then assign IP addresses to the bridge ports and use them. cheers, Bart
Hi, I had successfully setup my bridge (br0) but after few minutes the br0 interface seems not working. ifconfig eth0 0.0.0.0 ifconfig eth5 0.0.0.0 brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth5 brctl stp br0 on I check on my system's /var/log/syslog file. It shows something strange messages as below: - Jan 2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes) Jan 2 10:44:32 fw01 last message repeated 11 times Jan 2 12:27:08 fw01 kernel: Neighbour table overflow. Jan 2 12:27:11 fw01 last message repeated 9 times Jan 2 12:27:13 fw01 kernel: NET: 10 messages suppressed. I unplug the network cable connected to the eth5 and run a ping to my router...the network is up again...I am able to ping my router. Then, I plug the network cable to the eth5 interface again...I run the ping to my router and suddenly I can't ping my router. The same error messages pops out in the /var/log/syslog file. How can I solve this issue? Regards, ro0ot