Displaying 20 results from an estimated 400 matches similar to: "Can''t change ipt_conntrack hashsize under debian sarge ???"
2007 Feb 23
3
Conntrack table full and Heavy p2p loaded traffic manager ...
Hello
I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or
- between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers.
When traffic increase. I''ve got this kind of error message :
Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed.
Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet.
The server is celeron
2004 Nov 27
6
Finally making some progress
I *think* we are finally making some progress in tracking our elusive
performance problems. After employing a second 10Mb link from our ISP,
along with another firewall box and proxy, we were able to determine the
problem *is* our firewall. We don''t know exactly why yet, but our sporadic
slow web access seems to have gone away since swapping a new firewall
in this morning.
The
2011 May 13
2
Modify Parameters at system boot
Hi all.
i'm trying to modify some parameters but when system reboots it doesn't
load. For the sysctl if I run sysctl -p then it changes
/etc/sysctl.conf
net.ipv4.netfilter.ip_conntrack_max = 1048576
/etc/modprobe.conf
options ip_conntrack hashsize=131072
after reboot results
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536
cat
2013 Jun 26
5
[Bug 830] New: 關於iptables影響服務器性能事宜
https://bugzilla.netfilter.org/show_bug.cgi?id=830
Summary: ??iptables?????????
Product: iptables
Version: unspecified
Platform: All
OS/Version: RedHat Linux
Status: NEW
Severity: major
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: higkoohk
2005 Aug 15
11
Hardware Configuration Ideas
Hey guys,
I am planning to buy some components for a Linux router that will handle the
Internet access of 200 computers (includes tc shaping) and some inter
sub-network routing (at least 100MBps per eth - and there are 3 eth cards).
I was thinking of a:
Pentium 4 - 3GHz
256 or 512MB RAM
Network Cards.
Now - I wonder what is more important: the processor speed or the amount of
RAM.
And can you
2007 Apr 23
0
Debian sarge 2.6.18 Traffic Manager freeze under load ...
Hello
I''ve got Debian sarge 2.6.18 Traffic Manager setup as a bridge.
This server is p4 hyperthreading with 3Gb of memory.
Yesterday on 10:00pm start to see in my syslog that ip_conntrack was
full and on 12:00pm the server was frozen ...
I precise that I''ve already change CONNTRACK_MAX=131072 and
HASHSIZE=65536 values
I''m not sure that is a direct conntrack
2019 Apr 26
2
faI2ban detecting and banning but nothing happens
On Saturday 20 April 2019 00:32:43 Pete Biggs wrote:
> What ban action do you use? If it's something like iptables-multiport,
> then I wonder if the fact that it's detecting the failures as
> '[dovecot]' means that it's using the dovecot ports, not the exim
> ports, when applying the iptable rule.
>
> When a host has been banned, can you look at the
2008 Apr 18
3
ip_conntrack: table full, dropping packet.
I was trying to do what the article at
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables
<http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E>
suggested
My iptables rules are
------------------------------------------------------------------------
#that's what the
2007 Nov 14
0
ip_conntrack: falling back to vmalloc.
Hello
I''ve got a server with 3Gb of ram and I want to keep 256 for the system
and allocate the rest to conntrack ...
I''ve tried to change the HASHSIZE of the ip_conntrack but dmesg
return me this error !
ip_conntrack version 2.4 (2097152 buckets, 16777216 max) - 236 bytes per
conntrack
ip_conntrack: falling back to vmalloc.
....
I''ve use this "math"
2004 Apr 19
16
Firewall sizing guidelines?
I have just completed the installation of a new firewall running
Shorewall 1.4 on Mandrake 9.2 for our campus network. It appears to
be running fairly well so far, but is generating significantly more log
entries than our previous linux 2.0.x firewall...
Our previous firewall enjoyed more than 6 years of 24/7 operation with
no downtime before we finally decided it needed more horsepower, and
2004 Feb 11
4
Shorewall, ipp2p and ipt_CONNTRACK
Hi!
Taking into consideration the great speed with which the use of P2P
filesharing systems is expanding, is there any plan of including ipp2p
and ipt_CONNTRACK support into shorewall? I''m sure that many admins
managing gateways would be very happy about it...
Thanx,
--
Mario R. Pizzolanti <mario@zavood.ee>
Zavood O?
2004 Oct 30
4
modules ipt_conntrack ipt_pkttype not found
Hello,
I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18
homemade kernel).
When I start shorewall I got the following errors.
Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack
Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype
Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype
Oct 30
2013 Aug 12
2
[Bug 840] New: Specifying CIDR when adding to a hash:ip entry is silently ignored
https://bugzilla.netfilter.org/show_bug.cgi?id=840
Summary: Specifying CIDR when adding to a hash:ip entry is
silently ignored
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P5
Component: default
AssignedTo:
2007 Nov 19
15
Unexpected results using HTB qdisc
Hi All,
I am using the script below to limit download rates and manage traffic for a certain IP address and testing the results using iperf. The rate that iperf reports is much higher than the rate I have configured for the HTB qdisc. It''s probably just some newbie trap that''s messing things up but I''m buggered if I can see it.
The following script is run on the
2011 Aug 02
3
[Bug 733] New: ipset restore won't restore from output of ipset save
http://bugzilla.netfilter.org/show_bug.cgi?id=733
Summary: ipset restore won't restore from output of ipset save
Product: ipset
Version: unspecified
Platform: All
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: default
AssignedTo: netfilter-buglog at
2005 May 16
3
ip_conntrack limit --- torrent , DC++ , eMule
Hi all,
i need advice how can i limit ip_conntrack per IP.
clients of network that i support often uses torrent , DC++ , eMule
clients and i have lost packages because they open too many ports.
i have traffic control limits but this obviously isn''t enough
Any advance how to prevent server from this kind problems will be welcome.
Best regards
Emil
2004 Mar 01
0
logs strangers...
Hi !
I''ve a router linux with 3 eths in order to share
internet connection:
1:lo
2:eth0-> Internet Connection (DHCP)
3:eth1-> gateway wired hosts -> 192.168.101.254
4:eth2-> gateway wireless hosts -> 192.168.212.254 / 192.168.230.254 /
192.168.210.254 / ...
eth2 haves diferents IP Aliasings because it connect to
a switch which connect 4 access points (linksys), each
2013 May 13
2
[Bug 819] New: ipset create setname timeout 2147484 records greater timeout
https://bugzilla.netfilter.org/show_bug.cgi?id=819
Summary: ipset create setname timeout 2147484 records greater
timeout
Product: ipset
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: default
AssignedTo:
2013 Dec 03
8
[Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.
https://bugzilla.netfilter.org/show_bug.cgi?id=880
Summary: ipset doesn't refresh the timeout for an existing
entry when the table is FULL.
Product: ipset
Version: unspecified
Platform: x86_64
OS/Version: Fedora
Status: NEW
Severity: normal
Priority: P5
Component: default
2006 Apr 18
1
Route cache
Hi,
I have a P4 @ 3Ghz router running Debian. It shapes traffic ( about
500-600 classes ), about 1000 iptables rules, and it does BGP too, so i get
about
1300+ routes in the routing table. The problem is the load is too high on
this system. I found a solution to my problem, turning off the route cache,
but i dont know how to implement it,
I was wondering if anyone found a way to disable the