quoted. On 10/25/05, Radu Oprisan <[EMAIL PROTECTED]> wrote: > Catalin Muresan wrote: > > >- da-ne si un ip -s -s link e mai detaliat decit ifconfig si un > >ethtool -S ethX care e unpic si mai, pentru care driver suporta, ofc. > >- conntrack full: solutia e marirea hashsize-ului nu a listei, pune in > >modprobe.conf: > >options ip_conntrack hashsize=98317 > > > >care o sa manince cam 98317*8*360=283152960 bytes ram, sper ca ai, > >daca nu ia alt prim de la > >http://planetmath.org/encyclopedia/GoodHashTablePrimes.html, nu e > >_obligatoriu_ numar prim dar e cel mai eficient, adica sa nu dea Bill > >Gates sa pui putere a lui 2. > >- si da, taie jos sau cel putin nu le pune in conntrack porturile > >tcp/udp 135-139: > > > >$ipt -A PREROUTING -t raw -p tcp --dport 135:139 -j DROP > >$ipt -A PREROUTING -t raw -p udp --dport 135:139 -j DROP > >$ipt -A PREROUTING -t raw -p tcp --dport 445 -j DROP > >$ipt -A PREROUTING -t raw -p udp --dport 445 -j DROP > > > >sau -j NOTRACK > > > >n-o sa-ti mai mearga porturile respective daca pui DROP si n-o sa > >mearga NAT pe ele daca pui NOTRACK > > > >results? > > > > > > > > > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 4c:00:10:74:35:18 brd ff:ff:ff:ff:ff:ff > RX: bytes packets errors dropped overrun mcast > 380149165 1137850919 1529954 0 0 0 > RX errors: length crc frame fifo missed > 0 0 0 478213 1088514
fifo, missed, ai trafic maaare, driverul/placa nu duce, 90% ca din placa, arunca si tu realtek-urile si pune si tu ceva gigabit (nu realtek) > TX: bytes packets errors dropped carrier collsns > 4292581309 1420393132 0 0 0 0 > TX errors: aborted fifo window heartbeat > 0 4 0 0 > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 1000 > link/ether 00:02:44:89:f8:09 brd ff:ff:ff:ff:ff:ff > RX: bytes packets errors dropped overrun mcast > 4038391596 1388948540 23108341 0 0 0 > RX errors: length crc frame fifo missed > 0 0 0 4510007 24441919 same. > TX: bytes packets errors dropped carrier collsns > 2173071693 1091989527 0 0 0 0 > TX errors: aborted fifo window heartbeat > 0 4 0 0 > > > > [EMAIL PROTECTED]:~# ethtool -S eth0 > NIC statistics: > early_rx: 0 > tx_buf_mapped: 0 > tx_timeouts: 0 > rx_lost_in_ring: 0 > [EMAIL PROTECTED]:~# ethtool -S eth1 > NIC statistics: > early_rx: 0 > tx_buf_mapped: 0 > tx_timeouts: 0 > rx_lost_in_ring: 0 mda, nu prea ai ce sa vezi. mai apare conntrack dropped packet? btw, dupa ce pui aia in modprobe rmmod ip_conntrack; modprobe ip_conntrack _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
