similar to: [Bug 1021] iptables -j CT --timeout policy

This was due to a ProxyRequests On Let this be a lesson to all. [root at localhost log]# cat /proc/net/ip_conntrack | wc -l 11042 [root at localhost log]# cat /proc/sys/net/ipv4/ip_conntrack_max 28632 [root at localhost log]# cat /var/log/messages ... Sep 2 04:04:30 localhost kernel: printk: 213 messages suppressed. Sep 2 04:04:30 localhost kernel: ip_conntrack: table full, dropping

https://bugzilla.netfilter.org/show_bug.cgi?id=1203 Bug ID: 1203 Summary: 'DisableExternalCache On' seems to be broken Product: conntrack-tools Version: unspecified Hardware: All OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: conntrack-daemon Assignee:

Anyone have experience with these kernel parameters? I can't find a whole lot of info on them. I have a situation where I'm trying to stress test a server, dual proc quad core with a tomcat application that is really fast. We can get it to about 60% CPU usage, and processing about 1,350 requests a second but we can't get much past that. It seems we are maxing out the sockets on the

First off, a disclaimer: this is not a problem with openssh per se as it is also occurring with other software on my server, but I was hoping someone reading this might know more about the problem than I do. Thank you very much in advance for your help. Problem: connecting to the server via sftp results in a hang here: if (select(max+1, rset, wset, NULL, NULL) < 0) { which is line 1428 from

I have the need to know how many connection the server has, i run this command but i don't know how to sum all the results and get a final number. any ideas? netstat -an | grep -E 'tcp|udp' | awk '{print $6}' | sort | uniq -c | sort -n ?? 1 CLOSE_WAIT ?? 1 FIN_WAIT_2 ?? 1 LAST_ACK ?? 1 TIME_WAIT ?? 4 SYN_SENT ? 15 ? 37 LISTEN ? 44 ESTABLISHED

I am trying to run ssh to a server continuously and quickly. Out of about 10-12 times of good run or result, once the client gets stuck. It does not connect. This we are observing after upgrading both the server and client to OpenSSL 9.6p1. We are running this cmd on the client side: ssh -vvv -p 1022 -o UserKnownHostsFile=/dev/null -o GSSAPIAuthentication=no -o StrictHostKeyChecking=no -o

Hello, today I came to my job and I noticed that apache is not running. When I tried to run it, I learned that port 80 uis already in use. Using netstat -aenpl I tried to learn wha proces is using port 80, but I only leatned this: tcp 0 0 172.16.0.1:80 172.16.0.1:35664 SYN_RECV 0 0 - tcp 0 0 172.16.0.1:80 172.16.0.1:43464 SYN_RECV 0 0 - tcp 0 0 172.16.0.1:80 172.16.0.1:33764 SYN_RECV 0 0 - tcp

OK, Something wacky. I'm getting many, many of these, it just keeps building: --snip-- netstat -vat: tcp 0 0 192.168.103.99:http statusurl.e-gold.com:57015 SYN_RECV tcp 0 0 192.168.103.99:http statusurl.e-gold.com:26377 SYN_RECV tcp 0 0 192.168.103.99:http statusurl.e-gold.com:64279 SYN_RECV tcp 0 0

https://bugzilla.netfilter.org/show_bug.cgi?id=1062 --- Comment #2 from Jeremy Sowden <jeremy at azazel.net> --- In the ipv4 case: for (i = 0; i < f->l3proto_elems[dir]; i++) { int ip = f->l3proto[dir][i].addr & f->l3proto[dir][i].mask; j += nfct_bsf_load_attr(this, BPF_W, j); j += nfct_bsf_alu_and(this, f->l3proto[dir][i].mask, j); j

> On Jul 28, 2015, at 21:52 , Steffan Cline <steffan at hldns.com> wrote: > > Ok, I think I have come a little further. > > When dovecot stops accepting connections, I checked netstat and found this: > > [root at hosting1 ~]# netstat -an | grep 993 > tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN > tcp 0 0

https://bugzilla.netfilter.org/show_bug.cgi?id=1763 Bug ID: 1763 Summary: Segfault when resetting rules with meta l4proto { tcp, udp } Product: nftables Version: 1.0.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: minor Priority: P5 Component: nft

hi ya On Tue, Jul 28, 2015 at 11:35:31PM -0400, Chris Ross wrote: > > > On Jul 28, 2015, at 21:52 , Steffan Cline <steffan at hldns.com> wrote: > > > > Ok, I think I have come a little further. > > > > When dovecot stops accepting connections, I checked netstat and found this: > > > > [root at hosting1 ~]# netstat -an | grep 993 > >

On 2019-10-15 12:12 p.m., Nathan Coulson wrote: > I was working on a haproxy transparent proxy setup that we had working > on Centos 7 (iptables), but running into issues getting tproxy working > with NFTables on Centos 8. > > From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, > > It should be a matter of: > > # nft add table filter > # nft add

On 10/15/19 9:16 PM, Nathan Coulson wrote: > On 2019-10-15 12:12 p.m., Nathan Coulson wrote: >> I was working on a haproxy transparent proxy setup that we had working >> on Centos 7 (iptables), but running into issues getting tproxy working >> with NFTables on Centos 8. >> >> From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, >> >> It

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 28 Jul 2015, Steffan Cline wrote: > When dovecot stops accepting connections, I checked netstat and found this: > > [root at hosting1 ~]# netstat -an | grep 993 > tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN > tcp 0 0 65.39.x.x:993 184.101.x.x:36351 SYN_RECV

Steffen, I checked 993 since I was using SSL for sending/receiving but imagine it?ll look the same if I check any of the other ports. When I tested via telnet, I checked from my home, not on the server to itself. ?telnet host.com imap? I don?t have an answer for you on the state yet since it?s working at the moment. As far as which processes, I try to connect and no matter what, I don?t get

I was working on a haproxy transparent proxy setup that we had working on Centos 7 (iptables), but running into issues getting tproxy working with NFTables on Centos 8. >From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, It should be a matter of: # nft add table filter # nft add chain filter divert "{ type filter hook prerouting priority -150; }" # nft add rule

Ok, I think I have come a little further. When dovecot stops accepting connections, I checked netstat and found this: [root at hosting1 ~]# netstat -an | grep 993 tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp 0 0 65.39.x.x:993 184.101.x.x:36351 SYN_RECV tcp 0 0 65.39.x.x:993 107.212.x.x:51487

https://bugzilla.netfilter.org/show_bug.cgi?id=1310 Bug ID: 1310 Summary: syntax issue with tproxy Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1686 Bug ID: 1686 Summary: Transparent proxy support requires transport protocol match Product: nftables Version: git (please specify your HEAD) Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5