Re: [rlug] problema necunoscuta

Tue, 25 Oct 2005 10:26:36 -0700 

Catalin Muresan wrote:


- da-ne si un ip -s -s link e mai detaliat decit ifconfig si un
ethtool -S ethX care e unpic si mai, pentru care driver suporta, ofc.
- conntrack full: solutia e marirea hashsize-ului nu a listei, pune in
modprobe.conf:
options ip_conntrack hashsize=98317

care o sa manince cam 98317*8*360=283152960 bytes ram, sper ca ai,
daca nu ia alt prim de la
http://planetmath.org/encyclopedia/GoodHashTablePrimes.html, nu e
_obligatoriu_ numar prim dar e cel mai eficient, adica sa nu dea Bill
Gates sa pui putere a lui 2.
- si da, taie jos sau cel putin nu le pune in conntrack porturile
tcp/udp 135-139:

$ipt -A PREROUTING -t raw -p tcp --dport 135:139 -j DROP
$ipt -A PREROUTING -t raw -p udp --dport 135:139 -j DROP
$ipt -A PREROUTING -t raw -p tcp --dport 445 -j DROP
$ipt -A PREROUTING -t raw -p udp --dport 445 -j DROP

sau -j NOTRACK

n-o sa-ti mai mearga porturile respective daca pui DROP si n-o sa
mearga NAT pe ele daca pui NOTRACK

results?




2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 4c:00:10:74:35:18 brd ff:ff:ff:ff:ff:ff
   RX: bytes  packets  errors  dropped overrun mcast
   380149165  1137850919 1529954 0       0       0
   RX errors: length  crc     frame   fifo    missed
              0        0       0       478213  1088514
   TX: bytes  packets  errors  dropped carrier collsns
   4292581309 1420393132 0       0       0       0
   TX errors: aborted fifo    window  heartbeat
              0        4       0       0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 1000
   link/ether 00:02:44:89:f8:09 brd ff:ff:ff:ff:ff:ff
   RX: bytes  packets  errors  dropped overrun mcast
   4038391596 1388948540 23108341 0       0       0
   RX errors: length  crc     frame   fifo    missed
              0        0       0       4510007 24441919
   TX: bytes  packets  errors  dropped carrier collsns
   2173071693 1091989527 0       0       0       0
   TX errors: aborted fifo    window  heartbeat
              0        4       0       0



[EMAIL PROTECTED]:~# ethtool -S eth0
NIC statistics:
    early_rx: 0
    tx_buf_mapped: 0
    tx_timeouts: 0
    rx_lost_in_ring: 0
[EMAIL PROTECTED]:~# ethtool -S eth1
NIC statistics:
    early_rx: 0
    tx_buf_mapped: 0
    tx_timeouts: 0
    rx_lost_in_ring: 0


_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug

Raspunde prin e-mail lui