Displaying 20 results from an estimated 1000 matches similar to: "Conntrack table full and Heavy p2p loaded traffic manager ..."
2005 May 16
3
ip_conntrack limit --- torrent , DC++ , eMule
Hi all,
i need advice how can i limit ip_conntrack per IP.
clients of network that i support often uses torrent , DC++ , eMule
clients and i have lost packages because they open too many ports.
i have traffic control limits but this obviously isn''t enough
Any advance how to prevent server from this kind problems will be welcome.
Best regards
Emil
2007 Apr 18
1
Can''t change ipt_conntrack hashsize under debian sarge ???
Hello,
I''ve tried to change ipt_conntrack hashsize and con under my debian
charge but doesn''t work !
Ive got 2876Mb available for conntrack so I''ve done (according to some
previous mail and this
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt)
CONNTRACK_MAX = 2876 * 64 = 184064
HASHSIZE = 2876 * 8 = 23002
But the near power of 2 is 2^16 = 131072
2006 May 07
5
Detecting p2p traffic
After varying degrees of success with p2p detection modules, I would like to
write the following rules using iptables to reliably identify p2p traffic:
1. If a host on the network has 5 or more simutaneous tcp connections to ports
above 1024, mark all connections to ports 1024 and above as 60.
2. If a host has received (or sent) UDP packets from 5 different hosts'' ports
above 1024 in a
2007 Nov 12
18
How to fight with encrypted p2p
Hi
I believe that whole question is in topic.
Is there any way to recognize ( and then shape ) p2p traffic which is encrypted?
Modern p2p clients have this ability moreover some of them have this enabled by default.
Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic.
Thanks in advance.
Pozdrawiam
Szymon Turkiewicz
2007 Jun 12
3
ip_conntrack table filling up, dropping packets
Hi, my ip_conntrack table is filling up and now my server is dropping
packets. I'm running CentOS release 4.4 (Final) on a fairly busy
webserver. The table is full of various connections, including a lot
of "ESTABLISHED" tcp connections from my webserver (the src is my
webserver ip), and some other random connections to my webserver, and
many "ASSURED" connections. So why
2007 Mar 05
4
Router dropping packets?
Hey guys,
I have several Linux routers in place at high-usage
locations (student apartment complexes). I''m having
trouble with some of the routers which use 6Mbit DSL
lines as their Internet feed. The routers use PPPoE
and perform NAT.
During peak usage periods, the routers are dropping
alot of packets. I''m lead to believe this is because
there are too many active
2005 Apr 25
14
IP2P & Skype question
Hi,
I am not sure if this is the correct destination for this email
question, so if not, please can someone direct me to the correct mailing
list / user.
I need to detect Skype traffic using (I think it can be done) IP2P.on a
RH Linux 2.4.20 kernel as well as the later fedora platforms. We have
built it into your kernel, but are looking for some help in the matching
parameters for skype in
2006 Feb 02
2
limit number of connections per ip
Hello!
I''ve read a lot of mail archives, but can''t find solutions for my problem.
I have router with about 700 users. I''m using HTB with SFQ leaf qdiscs for every user (client ip). So, different IP can have its own rate limit.
This scheme ir working fine for a long time. But how can I limit number of connections (sessions) from one host? I see from ip_conntrack
2006 Oct 01
3
[Bug 467] iptables is complaining with bogus unknown error 18446744073709551615
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=467
mateusz@kaduk.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
------- Additional Comments From mateusz@kaduk.net 2006-10-01
2006 May 30
11
Problems with Routing and Masquerading
Hi,
I have a linux box which balances load between two interfaces ( say WAN1
and WAN2). I have masquerading on for any request coming from LAN to the
outside world.
The setup is in such a way that WAN1 drops packets with source ip
belonging to WAN2''s network and viceversa.
For some strange reason, I find that packet coming out from the WAN
interface has source address of WAN2 and
2010 Jan 24
8
ip conntrack table full
xen-3.0.3-94.el5_4.2
2.6.18-164.6.1.el5xen
RHEL5.4 x86_64
I''ve got a dom0 that does nothing but have a DomU created. The DomU gets
plenty of load. Over time, the dom0''s ipconntrack table fills up but not
the DomU. Once it gets full I can restart iptables and it''s fine.
The strange thing is this only happens on hosts I have provided (hardware
and hosting) from one
2006 Nov 08
1
Running iptables/netfilter module connlimit with stock CentOS4
Greetings folks,
I've been researching the various iptables modules that are included
with the stock CentOS4 distro; particularly the connlimit module.
Is connlimit included by default?
I thought it is since performing
# iptables -m connlimit --help
returns information on connlimit usage along with the general iptables
help info:
<SNIP>
connlimit v1.2.11 options:
[!]
2008 Jun 26
1
iptables connlimit
hi,
i try use iptables connlimit,
# iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16
--connlimit-mask 24 -j DROP
iptables: Unknown error 4294967295
where is problem ?
thanks
# rpm -qa | grep iptables
iptables-1.3.5-4.el5
# uname -a
Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686
i686 i386 GNU/Linux
2020 Sep 09
5
[Bug 1463] New: nft --json table list ruleset crashes
https://bugzilla.netfilter.org/show_bug.cgi?id=1463
Bug ID: 1463
Summary: nft --json table list ruleset crashes
Product: nftables
Version: unspecified
Hardware: All
OS: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
2006 Nov 23
5
HTB GUI
Hi,
I have many example of HTB GUI . All is already well developed, which discussed in this link.
However, can anyone teach me what software to use to build a own web based GUI HTB software in Fedoracore ( Linux based) ? Thanks
Regards
Alan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
2007 Jan 10
2
dst cache overflow (bridged wan interfaces)
I recompiled yet 2.6.19.1 kernel (using iptables with the same patches too).
The configuration for this test is:
1) linux box with 2.6.19.1 kernel (SMP machine) with these
patches/modules:
a) l7-filter
b) ipp2p
c) connlimit
d) set
2) 4 ethernet interfaces:
a) 2 external (eth1 and eth3) interfaces with balanced links (as
described in nato-howto) bridged as wan0
2015 May 05
1
IPTABLES question
Would someone please explain to me the difference in effect between
the following two IPTABLES conditions and the significance thereof in
concurrent connection limiting?
--tcp-flags SYN,ACK,FIN,RST SYN -j REJECT \
--connlimit-above 3 --connlimit-mask 32
--state NEW -j REJECT \
--connlimit-above 3 --connlimit-mask 32
--
*** e-Mail is NOT a SECURE channel ***
Do
2006 Nov 16
2
Connlimit in Shorewall?
Hi everyone,
I see that shorewall has "ratelimit" but i''m interested in deny
conexions by number of them, not by number/sec.
Is connlimit feature supported by shorewall? Or maybe someone have an
extraofficial patch for them?
Regards,
Angel Mieres
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
2003 Sep 22
4
Limit number of connections
Hello again,
I have a router/nat linux box. I managed to create some HTB classes and
everything is OK.
When perople are usig download managers like FlashGet and DAP (multiple
connection ones), the ceil limiting works okay,
but the rate parameter is somehow useles... The guaranteed bandwidth is
never reached.
So what can I do to limit the number of connections/computer?
I want to make sure that
2004 Apr 19
16
Firewall sizing guidelines?
I have just completed the installation of a new firewall running
Shorewall 1.4 on Mandrake 9.2 for our campus network. It appears to
be running fairly well so far, but is generating significantly more log
entries than our previous linux 2.0.x firewall...
Our previous firewall enjoyed more than 6 years of 24/7 operation with
no downtime before we finally decided it needed more horsepower, and