- da-ne si un ip -s -s link e mai detaliat decit ifconfig si un ethtool -S ethX care e unpic si mai, pentru care driver suporta, ofc. - conntrack full: solutia e marirea hashsize-ului nu a listei, pune in modprobe.conf: options ip_conntrack hashsize=98317
care o sa manince cam 98317*8*360=283152960 bytes ram, sper ca ai, daca nu ia alt prim de la http://planetmath.org/encyclopedia/GoodHashTablePrimes.html, nu e _obligatoriu_ numar prim dar e cel mai eficient, adica sa nu dea Bill Gates sa pui putere a lui 2. - si da, taie jos sau cel putin nu le pune in conntrack porturile tcp/udp 135-139: $ipt -A PREROUTING -t raw -p tcp --dport 135:139 -j DROP $ipt -A PREROUTING -t raw -p udp --dport 135:139 -j DROP $ipt -A PREROUTING -t raw -p tcp --dport 445 -j DROP $ipt -A PREROUTING -t raw -p udp --dport 445 -j DROP sau -j NOTRACK n-o sa-ti mai mearga porturile respective daca pui DROP si n-o sa mearga NAT pe ele daca pui NOTRACK results? On 10/25/05, Radu Oprisan <[EMAIL PROTECTED]> wrote: > 'Na ziua, > > Ma confrunt si eu cu o problema sub forma erorilor, pachetelor dropate > si a overrun-urilor din paste-ul de mai jos: > > eth0 Link encap:Ethernet HWaddr 4C:00:10:74:35:18 > inet addr:x.x.x.x Bcast:81.181.78.227 Mask:255.255.255.252 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1041963164 errors:1121594 dropped:846560 > overruns:359098 frame:0 > TX packets:1317794259 errors:0 dropped:0 overruns:4 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:172955431 (164.9 Mb) TX bytes:532711439 (508.0 Mb) > Interrupt:10 Base address:0xc000 > > eth1 Link encap:Ethernet HWaddr 00:02:44:89:F8:09 > inet addr:y.y.y.y Bcast:85.204.107.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1277449431 errors:18123757 dropped:18547333 > overruns:3408950 frame:0 > TX packets:998882575 errors:0 dropped:0 overruns:4 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:3965356741 (3781.6 Mb) TX bytes:2369810747 (2260.0 Mb) > Interrupt:11 Base address:0xc400 > > Va dau si un lspci la dispozitie: > > 00:00.0 Host bridge: Intel Corporation 82845G/GL[Brookdale-G]/GE/PE DRAM > Controller/Host-Hub Interface (rev 03) > 00:02.0 VGA compatible controller: Intel Corporation > 82845G/GL[Brookdale-G]/GE Chipset Integrated Graphics Device (rev 03) > 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 82) > 00:1f.0 ISA bridge: Intel Corporation 82801DB/DBL (ICH4/ICH4-L) LPC > Interface Bridge (rev 02) > 00:1f.1 IDE interface: Intel Corporation 82801DB (ICH4) IDE Controller > (rev 02) > 00:1f.3 SMBus: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) > SMBus Controller (rev 02) > 01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. > RTL-8139/8139C/8139C+ (rev 10) > 01:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. > RTL-8139/8139C/8139C+ (rev 10) > 01:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. > RTL-8139/8139C/8139C+ (rev 10) > > mai am prin dmesg si: > > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > > cu tot cu: > echo 65535 > /proc/sys/net/ipv4/ip_conntrack_max > echo 1200 > > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established > > > Daca aveti vreo idee ce sa ma fac cu pierderile alea, please share... > > > Cu respect, > Radu Oprisan > > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.lug.ro/mailman/listinfo/rlug > _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
