similar to: Can''t change ipt_conntrack hashsize under debian sarge ???

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

I *think* we are finally making some progress in tracking our elusive performance problems. After employing a second 10Mb link from our ISP, along with another firewall box and proxy, we were able to determine the problem *is* our firewall. We don''t know exactly why yet, but our sporadic slow web access seems to have gone away since swapping a new firewall in this morning. The

Hi all. i'm trying to modify some parameters but when system reboots it doesn't load. For the sysctl if I run sysctl -p then it changes /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 1048576 /etc/modprobe.conf options ip_conntrack hashsize=131072 after reboot results cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 65536 cat

https://bugzilla.netfilter.org/show_bug.cgi?id=830 Summary: ??iptables????????? Product: iptables Version: unspecified Platform: All OS/Version: RedHat Linux Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: higkoohk

Hey guys, I am planning to buy some components for a Linux router that will handle the Internet access of 200 computers (includes tc shaping) and some inter sub-network routing (at least 100MBps per eth - and there are 3 eth cards). I was thinking of a: Pentium 4 - 3GHz 256 or 512MB RAM Network Cards. Now - I wonder what is more important: the processor speed or the amount of RAM. And can you

Hello I''ve got Debian sarge 2.6.18 Traffic Manager setup as a bridge. This server is p4 hyperthreading with 3Gb of memory. Yesterday on 10:00pm start to see in my syslog that ip_conntrack was full and on 12:00pm the server was frozen ... I precise that I''ve already change CONNTRACK_MAX=131072 and HASHSIZE=65536 values I''m not sure that is a direct conntrack

On Saturday 20 April 2019 00:32:43 Pete Biggs wrote: > What ban action do you use? If it's something like iptables-multiport, > then I wonder if the fact that it's detecting the failures as > '[dovecot]' means that it's using the dovecot ports, not the exim > ports, when applying the iptable rule. > > When a host has been banned, can you look at the

I was trying to do what the article at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables <http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E> suggested My iptables rules are ------------------------------------------------------------------------ #that's what the

Hello I''ve got a server with 3Gb of ram and I want to keep 256 for the system and allocate the rest to conntrack ... I''ve tried to change the HASHSIZE of the ip_conntrack but dmesg return me this error ! ip_conntrack version 2.4 (2097152 buckets, 16777216 max) - 236 bytes per conntrack ip_conntrack: falling back to vmalloc. .... I''ve use this "math"

I have just completed the installation of a new firewall running Shorewall 1.4 on Mandrake 9.2 for our campus network. It appears to be running fairly well so far, but is generating significantly more log entries than our previous linux 2.0.x firewall... Our previous firewall enjoyed more than 6 years of 24/7 operation with no downtime before we finally decided it needed more horsepower, and

Hi! Taking into consideration the great speed with which the use of P2P filesharing systems is expanding, is there any plan of including ipp2p and ipt_CONNTRACK support into shorewall? I''m sure that many admins managing gateways would be very happy about it... Thanx, -- Mario R. Pizzolanti <mario@zavood.ee> Zavood O?

Hello, I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18 homemade kernel). When I start shorewall I got the following errors. Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30

https://bugzilla.netfilter.org/show_bug.cgi?id=840 Summary: Specifying CIDR when adding to a hash:ip entry is silently ignored Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: minor Priority: P5 Component: default AssignedTo:

Hi All, I am using the script below to limit download rates and manage traffic for a certain IP address and testing the results using iperf. The rate that iperf reports is much higher than the rate I have configured for the HTB qdisc. It''s probably just some newbie trap that''s messing things up but I''m buggered if I can see it. The following script is run on the

http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at

Hi all, i need advice how can i limit ip_conntrack per IP. clients of network that i support often uses torrent , DC++ , eMule clients and i have lost packages because they open too many ports. i have traffic control limits but this obviously isn''t enough Any advance how to prevent server from this kind problems will be welcome. Best regards Emil

Hi ! I''ve a router linux with 3 eths in order to share internet connection: 1:lo 2:eth0-> Internet Connection (DHCP) 3:eth1-> gateway wired hosts -> 192.168.101.254 4:eth2-> gateway wireless hosts -> 192.168.212.254 / 192.168.230.254 / 192.168.210.254 / ... eth2 haves diferents IP Aliasings because it connect to a switch which connect 4 access points (linksys), each

https://bugzilla.netfilter.org/show_bug.cgi?id=819 Summary: ipset create setname timeout 2147484 records greater timeout Product: ipset Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: default AssignedTo:

https://bugzilla.netfilter.org/show_bug.cgi?id=880 Summary: ipset doesn't refresh the timeout for an existing entry when the table is FULL. Product: ipset Version: unspecified Platform: x86_64 OS/Version: Fedora Status: NEW Severity: normal Priority: P5 Component: default

Hi, I have a P4 @ 3Ghz router running Debian. It shapes traffic ( about 500-600 classes ), about 1000 iptables rules, and it does BGP too, so i get about 1300+ routes in the routing table. The problem is the load is too high on this system. I found a solution to my problem, turning off the route cache, but i dont know how to implement it, I was wondering if anyone found a way to disable the