Re: [CentOS-virt] Need Help with Xen Please
Brett Worth wrote: Jason Taylor wrote: Can anyone suggest what the next course of action would be? The server has a single physical NIC and 1 IP. Will I need to request an additional IP address to use with the new guest I create? Jason, AFAIK you will need another IP address for the VM. This can be done either via DHCP or hard wired in the configuration file. Domain 0 can NAT for guest domains. With some scripting you could create another bridge device (e.g. br1) and use either Dom0 or a VM as a masquerading gateway device but that is left as an exercise for the reader. :-) ... or just use vif-script vif-nat in xend-config.sxp. -- Christopher G. Stach II ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Crash with qemu install: 5.2 as host and 5.2 as guest
Michael Kress wrote: As far as I gathered from different sources, RHEL 5.3 will be in Testing Phase until begin of January. Shortly after, we could expect RHEL 5.3 to be released and then again shortly after we could expect CentOS 5.3 to be released in about February/March. Am I right? We normally aim to get stuff out in a 2 3 week window, but who knows what might be cooking at the time! ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Need Help with Xen Please
On Thu, Nov 27, 2008 at 3:52 AM, Jason Taylor [EMAIL PROTECTED] wrote: Brett: Thank you for your help. It has been a few days since I was able to give this a try. However I installed Cygwin on my Windows desktop and SSH'd to the headless machine. I then ran virt-install without the graphics support. Doing this I was able to get past where it was stuck before. Glad that worked for you. Just to be clear, if you use 'ssh -Y target', you can use the graphical virt tools, I do this all the time. Brett ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Crash with qemu install: 5.2 as host and 5.2 as guest
Manuel Wolfshant wrote: EIP: [c041041c] powernowk8_init+0x5e/0x1c2 SS:EST 0068:dfa47fa0 0Kernel panic - not syncing: Fatal exception Looks very much alike the known bug described at http://bugs.centos.org/view.php?id=2912 / https://bugzilla.redhat.com/show_bug.cgi?id=443853 and also listed at the end of http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.2#head-447967c60eb305ef2c5dbbc3f4e8b3c4c5170632 I just tried that kernel on dom0: http://people.centos.org/hughesjr/kernel/5/bz443853/x86_64/ (kernel-xen-2.6.18-92.1.6.el5.bz_pre53.x86_64.rpm) but the error still persists. What else could I do? Michael -- Michael Kress, [EMAIL PROTECTED] http://www.michael-kress.de / http://kress.net P E N G U I N S A R E C O O L ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Stop the FUD Xen is not deprecated
Les Mikesell wrote: Well, but why do you assume people run Windows where you run your browser? You need a Windows license to run VIC, so the price of installing ESXi/VIC is around $100 and up. To someone who doesn't already have a windows license? I wouldn't have a spare one, and even if you do have one you still paid for it at some point. Now, if only IBM could implement the Power hardware Hypervisor to the Intel/AMD world... -- //Morten Torstensen //Email: [EMAIL PROTECTED] //IM: [EMAIL PROTECTED] I can't listen to that much Wagner. I start getting the urge to conquer Poland. -- Woody Allen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to connect to a switch with a serial cable? - what command(s) to use?
On Fri, Nov 28, 2008 at 1:41 AM, Filipe Brandenburger [EMAIL PROTECTED] wrote: Use: screen /dev/ttyS0 When you're done, to kill your session, press Ctrl-A then K (uppercase) and answer 'y'. HTH, Filipe Thank you, Filipe. It doesn't work though. The server runs the XEN kernel, and I think there's something I need to enable in XEN for it to work, as XEN uses the console's of the domU's in the same way as a serial console. So, I think I need to redirect it, somehow, but don't know how yet. -- Kind Regards Rudi Ahlers ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
Thomas Dukes wrote: Any ideas? How many entries do you have in the arp table? arp -a | wc -l should show you. If you really have lots of entries in there you should try to find out the reason for that. Ralph pgptXMZ7Hho95.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT - tomcat 6 error
Hi I'm on 5.2 and 'have' to use tomcat 6 - I package it and can get the default install running fine - However when i drop my app into webapps/ as i war and start tomcat i get this INFO: Starting service Catalina Nov 28, 2008 10:44:15 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Nov 28, 2008 10:44:15 AM org.apache.catalina.startup.HostConfig deployDescriptor WARNING: A docBase /x/xxx.war inside the host appBase has been specified, and will be ignored error Nov 28, 2008 10:44:16 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-9080 Nov 28, 2008 10:44:16 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 603 ms The error is noted with the - Has anyone used tomcat 6 before as i am sure this used to work just fine in 5.x ? If this is felt to be the wrong list for this then sorry about that, but i am sure many people are experienced with tomcat here. thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to delay failed ssh auth
Hi, You can create the iptables rules to block the ssh connection limit rate wise. Create a new chain named ssh_check /sbin/iptables -N SSH_CHECK Redirecting all request for 22 port to new chain SSH_CHECK /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK Then allow all of your valid remote ip's that are allowed to login /sbin/iptables -I SSH_CHECK 1 -s 1.2.3.4 -j ACCEPT /sbin/iptables -I SSH_CHECK 2 -s 10.10.2.2 -j ACCEPT Then for the rest of the ip it wont allow more than 4 connection within this 60 seconds interval, its useful to prevent brute force attack. /sbin/iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP Regards. crazy paps On Fri, Nov 28, 2008 at 12:36 PM, Veiko Kukk [EMAIL PROTECTED] wrote: Hi! I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2. -- Veiko Kukk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - tomcat 6 error
WARNING: A docBase /x/xxx.war inside the host appBase has been specified, and will be ignored resolved with the help of this http://threebit.net/mail-archive/tomcat-users/msg03748.html thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Help] About Participate in CentOS - knoweldge sharing.
On Thu, 2008-11-27 at 16:15 +0800, wu yaling wrote: Dear friend, We are conducting a study on the motivation of the knowledge sharing on the CentOS community. The contributors’ experience to Linux is very important to the design and management of this knowledge platform. Would you please post the following on-line questionnaire message to the CentOS platform or forward the message to the members? After the survey is done, we will randomly select twenty persons and present them with USB 2GB Flash Drives. Besides, with each valid questionnaire, we will donate US $1 dollar to CentOS.org. The result of this survey is analyzed in an anonymous way and is only regarded as the academic use. Please help us to complete the data collection. I filled it out, but to be blunt - this survey complete stinks. Questions like: The Linux platform can perform complex tasks using various knowledge. What the !(*$*(!(* does that even mean? Please don't publish, or use, any results from this survey as they will be complete junk. (a) The Linux platform doesn't perform complex tasks. Users do, applications do, maybe. What is a complex task? (b) using various knowledge. Eh? Do you mean it requires various knowledge to set it up / configure it? Still: Eh? What is various knowledge? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Location of 5.2 .iso without XEN
On Tue, 2008-11-25 at 13:57 +, Ned Slider wrote: Tom Brown wrote: Sounds good. After I clicked send, I reread your post and realized that you didn't want xen (which, I believe, is depreciated). what makes you think that ? Some are interpreting this: http://www.redhat.com/promo/qumranet/ as an indication that xen will be dropped from RHEL6 as they direct their efforts towards KVM. I very much doubt that ... I would expect XEN to be supported in RHEL6, now RHEL7 probably not. Regards, Paul ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Stop the FUD Xen is not deprecated
Pasi Kärkkäinen wrote on Thu, 27 Nov 2008 12:04:16 +0200: There are many options. Yeah. The point behind my asking was if one would be able to run RHEL/CentOS 6 as a dom0 - as it is derived from Fedora and reflects the available bits at the time of the OS freeze. In other words, if there is a normal upgrade path concerning Xen from RHEL/CentOS 5 to 6 or not. So, at the moment it looks like you can't run RHEL 6 as a dom0, but this may change until it's release depending on the upstream (kernel.org?) kernel having the relevant xen bits in time for an RHEL release (which is promised for 2.6.29 or so at the moment). You can probably run RHEL 6 paravirtualized on a RHEL 5 dom0. Correct interpretation so far? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a method to keep at least 5% CPU
Ryan J M wrote on Fri, 28 Nov 2008 08:50:39 +0800: PS: I think, you know, root should be loginable in any condition unless the system is down. Shouldn't it? Anyxone is able to loghin anytime, if youw ant to see it that way ;-) But the system needs the ressources to make this happen before the timeout ;-) It might also not be a CPU issue, but a bandwidth issue. If bandwidth is occupied by other users it may take a time for your packets to get thru. In any case, you may want to lower the load for that machine or give it more power if you can. If you cannot login as root with ssh because it times out this also means that the others experience a less than optimal performance. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Help] About Participate in CentOS - knoweldge sharing.
I filled it out, but to be blunt - this survey complete stinks. Questions like: The Linux platform can perform complex tasks using various knowledge. What the !(*$*(!(* does that even mean? Please don't publish, or use, any results from this survey as they will be complete junk. (a) The Linux platform doesn't perform complex tasks. Users do, applications do, maybe. What is a complex task? (b) using various knowledge. Eh? Do you mean it requires various knowledge to set it up / configure it? Still: Eh? What is various knowledge? Yet a buck is a buck. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Correct way to change I/O scheduler in a iSCSI dev
Santi Saez escribió:
What's the correct way to change configuration parameters for an iSCSI
device? For example I/O scheduler, max_sectors_kb, etc...
I could add commands to the S99local script:
echo noop /sys/block/sdb/queue/scheduler
echo 64 /sys/block/sdb/queue/max_hw_sectors_kb
Unfortunately, iSCSI device names might change from sdb to, say, sdc
(server reboot, iSCSI target reconnection). If this happens, customizations
would be lost or applied to a different device.
Any workaround for this using centOS? sysctl, udev, anything else? It also
may be applied to Fiber Channel devices.
Finally I think using udev to tune device config is the best and
simplest way.
$ cat /etc/udev/rules.d/99-san.rules
# $Id: 99-san.rules.udev 13 2008-11-28 10:20:32Z santi $
# Set noop as I/O scheduler for iSCSI and Fiber Channel devices
ACTION==add, ENV{ID_FS_USAGE}!=filesystem, ENV{ID_PATH}==*-iscsi-*, RUN+=/bin/sh
-c 'echo noop /sys$DEVPATH/queue/scheduler'
ACTION==add, ENV{ID_FS_USAGE}!=filesystem, ENV{ID_PATH}==*-fc-*, RUN+=/bin/sh -c
'echo noop /sys$DEVPATH/queue/scheduler'
(To prevent line wrapping, udev rule it's also available at
http://pastebin.com/f5ce875a1)
When new iSCSI or FC device is added udevd will execute $RUN command; I set
!=filesystem condition to prevent running the command for each partition,
executing only for block devices.
Regards,
--
Santi Saez
http://woop.es
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
Robert Moskowitz [EMAIL PROTECTED] wrote:
Thomas Dukes wrote:
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*On Behalf Of *chloe K
*Sent:* Thursday, November 27, 2008 9:10 PM
*To:* CentOS mailing list
*Subject:* Re: [CentOS] Neighbour table overflow
what is your netmask?
eth0 = 255.255.240.0
Why do you have such a large subnet? There are a number of potential
performance problems with such a setup. I typically only see this in
large, bridged wireless campuses. Little justification for it in a
wired network. (I do have lots of networking experience and knowledge,
having consulted with a number of large deployments).
Even with a large subnet, you should not be arping everywhere. Either
two things are happening:
Your system is recording every ARP request it sees ('Who has IP
x.x.x.x') to avoid arping later. Bad behaviour (IMNSHO), given your
network.
Your system is ARPing for every IP address in the subnet to learn all of
its neighbors. WHy would it do that? Unless you have some snooping
software running on your system.
Hi Robert,
I did not set this value. Something did but not me.
I am on a roadrunner connection with a dynamic ip. What do you suggest I
change it to?
Thnaks!!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to connect to a switch with a serial cable? - whatcommand(s) to use?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rudi Ahlers Sent: Friday, November 28, 2008 4:41 AM To: CentOS mailing list Subject: Re: [CentOS] how to connect to a switch with a serial cable? - whatcommand(s) to use? On Fri, Nov 28, 2008 at 1:41 AM, Filipe Brandenburger [EMAIL PROTECTED] wrote: Use: screen /dev/ttyS0 When you're done, to kill your session, press Ctrl-A then K (uppercase) and answer 'y'. HTH, Filipe Thank you, Filipe. It doesn't work though. The server runs the XEN kernel, and I think there's something I need to enable in XEN for it to work, as XEN uses the console's of the domU's in the same way as a serial console. So, I think I need to redirect it, somehow, but don't know how yet. Use minicom -s to configure Minicom especially the serial port tty JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] How to delay failed ssh auth
Hi You could install a new pam module http://www-uxsup.csx.cam.ac.uk/~pjb1008/project/pam_delay/ Although I have not tested it. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Veiko Kukk Sent: 28 November 2008 07:06 To: centos@centos.org Subject: [CentOS] How to delay failed ssh auth Hi! I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2. -- Veiko Kukk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to delay failed ssh auth
Veiko Kukk wrote: I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2. pam_sheild and pam_delay are both modules you can use for stuff like this, although I dont personally like either. If you get thousands of hits per hour, pam's internal response time gets slowed down, and its not insignificant unless you have exceptionally large machines. Same thing with log watchers including denyhosts / fail2ban etc, the overhead isnt really worth it, at the moment switching ports to something else non-standard works well, needs no extra s/w etc. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
[EMAIL PROTECTED] wrote:
Robert Moskowitz [EMAIL PROTECTED] wrote:
Thomas Dukes wrote:
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*On Behalf Of *chloe K
*Sent:* Thursday, November 27, 2008 9:10 PM
*To:* CentOS mailing list
*Subject:* Re: [CentOS] Neighbour table overflow
what is your netmask?
eth0 = 255.255.240.0
Why do you have such a large subnet? There are a number of potential
performance problems with such a setup. I typically only see this in
large, bridged wireless campuses. Little justification for it in a
wired network. (I do have lots of networking experience and knowledge,
having consulted with a number of large deployments).
Even with a large subnet, you should not be arping everywhere. Either
two things are happening:
Your system is recording every ARP request it sees ('Who has IP
x.x.x.x') to avoid arping later. Bad behaviour (IMNSHO), given your
network.
Your system is ARPing for every IP address in the subnet to learn all of
its neighbors. WHy would it do that? Unless you have some snooping
software running on your system.
Hi Robert,
I did not set this value. Something did but not me.
I am on a roadrunner connection with a dynamic ip. What do you suggest I
change it to?
You might not have much control over it if you are using DHCP.
route -n
will supply you with your router address. Once you now that and your
assigned IP address (and lease) you can use ifconfig to change your
netmask so that your router and you are in the same subnet.
What is the address also of your nameserver (/etc/resolv.conf) and mail
server? If these are also within that hugh subnet, your netmask has to
keep them 'local'.
Roadrunner hmm.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
[EMAIL PROTECTED] wrote:
Robert Moskowitz [EMAIL PROTECTED] wrote:
Thomas Dukes wrote:
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*On Behalf Of *chloe K
*Sent:* Thursday, November 27, 2008 9:10 PM
*To:* CentOS mailing list
*Subject:* Re: [CentOS] Neighbour table overflow
what is your netmask?
eth0 = 255.255.240.0
Why do you have such a large subnet? There are a number of potential
performance problems with such a setup. I typically only see this in
large, bridged wireless campuses. Little justification for it in a
wired network. (I do have lots of networking experience and knowledge,
having consulted with a number of large deployments).
Even with a large subnet, you should not be arping everywhere. Either
two things are happening:
Your system is recording every ARP request it sees ('Who has IP
x.x.x.x') to avoid arping later. Bad behaviour (IMNSHO), given your
network.
Your system is ARPing for every IP address in the subnet to learn all of
its neighbors. WHy would it do that? Unless you have some snooping
software running on your system.
Hi Robert,
I did not set this value. Something did but not me.
I am on a roadrunner connection with a dynamic ip. What do you suggest I
change it to?
If you restart your network services (Does RR use PPPoE?) you should
then have an empty ARP table.
How long does it take to overflow? Can you run TCPDUMP and see if you
are sending out the ARPs or your system is just building its table based
on heard ARP requests?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
you have the network /20 so that you got this neigbour overlfow
you should subnet it
Robert Moskowitz [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
Robert Moskowitz wrote:
Thomas Dukes wrote:
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*On Behalf Of *chloe K
*Sent:* Thursday, November 27, 2008 9:10 PM
*To:* CentOS mailing list
*Subject:* Re: [CentOS] Neighbour table overflow
what is your netmask?
eth0 = 255.255.240.0
Why do you have such a large subnet? There are a number of potential
performance problems with such a setup. I typically only see this in
large, bridged wireless campuses. Little justification for it in a
wired network. (I do have lots of networking experience and knowledge,
having consulted with a number of large deployments).
Even with a large subnet, you should not be arping everywhere. Either
two things are happening:
Your system is recording every ARP request it sees ('Who has IP
x.x.x.x') to avoid arping later. Bad behaviour (IMNSHO), given your
network.
Your system is ARPing for every IP address in the subnet to learn all of
its neighbors. WHy would it do that? Unless you have some snooping
software running on your system.
Hi Robert,
I did not set this value. Something did but not me.
I am on a roadrunner connection with a dynamic ip. What do you suggest I
change it to?
You might not have much control over it if you are using DHCP.
route -n
will supply you with your router address. Once you now that and your
assigned IP address (and lease) you can use ifconfig to change your
netmask so that your router and you are in the same subnet.
What is the address also of your nameserver (/etc/resolv.conf) and mail
server? If these are also within that hugh subnet, your netmask has to
keep them 'local'.
Roadrunner hmm.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
-
Yahoo! Canada Toolbar : Search from anywhere on the web and
bookmark your favourite sites. Download it now!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
Hi, On Fri, Nov 28, 2008 at 07:20, Thomas Dukes [EMAIL PROTECTED] wrote: When I ran the above, I'm not sure I'm getting a correct response. It takes serval miuntes then returns: Printk: 100 messages suppressed Neighbour table overflow Printk: 15 messages suppressed 3 It looks like you have only 3 lines in your arp table, so it's really hard to understand how it would overflow from that. What does the output of arp -a look like? You can also look at: cat /proc/net/arp Please post the output of: sysctl -a | grep neigh Do you have IPv6 enabled? Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
On Fri, Nov 28, 2008 at 9:35 AM, chloe K [EMAIL PROTECTED] wrote: you have the network /20 so that you got this neigbour overlfow you should subnet it Robert Moskowitz [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: : To EVERYONE who is top-posting on this list: Stop it. Thank you. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] isw_xxxxxxxx missing?
Hi all, I've installed CentOS 5.2 on a sun x2250. The installer goes fine and I can setup my root with lvm on /dev/ mapper/isw__Volume0, that is the hardware RAID1 for two disks available. As the system boots lvm complains of a duplicate PV and decides to use /dev/sda, so the physical disk, not the raid device... I see with surprise that the raid device is missing! Needless to say, in a couple of days and reboots I've completely messed up the filesystem and the bootloader... Is there a way to fix this? d ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Neighbour table overflow
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Robert Moskowitz
Sent: Friday, November 28, 2008 12:20 PM
To: CentOS mailing list
Subject: Re: [CentOS] Neighbour table overflow
[EMAIL PROTECTED] wrote:
Robert Moskowitz [EMAIL PROTECTED] wrote:
Thomas Dukes wrote:
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*On Behalf Of *chloe K
*Sent:* Thursday, November 27, 2008 9:10 PM
*To:* CentOS mailing list
*Subject:* Re: [CentOS] Neighbour table overflow
what is your netmask?
eth0 = 255.255.240.0
Why do you have such a large subnet? There are a number of potential
performance problems with such a setup. I typically only see this in
large, bridged wireless campuses. Little justification for it in a
wired network. (I do have lots of networking experience and
knowledge, having consulted with a number of large deployments).
Even with a large subnet, you should not be arping everywhere.
Either two things are happening:
Your system is recording every ARP request it sees ('Who has IP
x.x.x.x') to avoid arping later. Bad behaviour (IMNSHO), given your
network.
Your system is ARPing for every IP address in the subnet to learn all
of its neighbors. WHy would it do that? Unless you have some
snooping software running on your system.
Hi Robert,
I did not set this value. Something did but not me.
I am on a roadrunner connection with a dynamic ip. What do you suggest I
change it to?
You might not have much control over it if you are using DHCP.
route -n
Here's the output from route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth1
65.188.0.0 0.0.0.0 255.255.240.0 U 0 00 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1
0.0.0.0 65.188.0.1 0.0.0.0 UG0 00 eth0
will supply you with your router address. Once you now that and your
assigned IP address (and lease) you can use ifconfig to change your netmask
so that your router and you are in the same subnet.
What is the address also of your nameserver (/etc/resolv.conf) and mail
server? If these are also within that hugh subnet, your netmask has to keep
them 'local'.
My nameservers are: 24.25.5.149 and 24.25.5.150
Mailservers: 75.180.132.77 and 75.180.132.33
Roadrunner hmm.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Neighbour table overflow
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Robert Moskowitz
Sent: Friday, November 28, 2008 12:28 PM
To: CentOS mailing list
Subject: Re: [CentOS] Neighbour table overflow
[EMAIL PROTECTED] wrote:
Robert Moskowitz [EMAIL PROTECTED] wrote:
Thomas Dukes wrote:
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*On Behalf Of *chloe K
*Sent:* Thursday, November 27, 2008 9:10 PM
*To:* CentOS mailing list
*Subject:* Re: [CentOS] Neighbour table overflow
what is your netmask?
eth0 = 255.255.240.0
Why do you have such a large subnet? There are a number of potential
performance problems with such a setup. I typically only see this in
large, bridged wireless campuses. Little justification for it in a
wired network. (I do have lots of networking experience and
knowledge, having consulted with a number of large deployments).
Even with a large subnet, you should not be arping everywhere.
Either two things are happening:
Your system is recording every ARP request it sees ('Who has IP
x.x.x.x') to avoid arping later. Bad behaviour (IMNSHO), given your
network.
Your system is ARPing for every IP address in the subnet to learn all
of its neighbors. WHy would it do that? Unless you have some
snooping software running on your system.
Hi Robert,
I did not set this value. Something did but not me.
I am on a roadrunner connection with a dynamic ip. What do you suggest I
change it to?
If you restart your network services (Does RR use PPPoE?) you should then
have an empty ARP table.
How long does it take to overflow? Can you run TCPDUMP and see if you are
sending out the ARPs or your system is just building its table based on
heard ARP requests?
It takes aout 5 -10 minutes before I see the messages. I don't know you
meant by the last question. I ran TCPDUMP and page after page after page of
stuff is scrolling.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Help] About Participate in CentOS - knoweldge sharing.
Adam Tauno Williams wrote: I filled it out... I didn't even click on it. the initial posting smelled far too spammy to me. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Help] About Participate in CentOS - knoweldge sharing.
On Fri, Nov 28, 2008 at 1:57 PM, John R Pierce [EMAIL PROTECTED] wrote: Adam Tauno Williams wrote: I filled it out... I didn't even click on it. the initial posting smelled far too spammy to me. I agree. But some investigation has been done. It looks legit. Please see the Ned's note in this forum thread: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=17462forum=45 The spammy looks of the original post have been removed there. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
chloe K wrote: you have the network /20 so that you got this neigbour overlfow you should subnet it no, no, NO. his eth1 connection is from his ISP. He /has/ to use the supplied netmask, he can't reconfigure their network segment. now, why is ARP table is overflowing is another issue entirely. Thomas, can you try this? Do arp -an | grep 65.188.0.1 and pick out the MAC address of your gateway router, this will look something like... ? (65.188.0.1) at 00:17:CB:4F:97:81 [ether] on eth1 So, the MAC address above is 00:17:CB:4F:97:81 ... yours definitely will be different now, # tcpdump -i eth1 -n ip host 65.188.xxx.xxx and not ether host 00:17:CB:4F:97:81 (replacing that with your gateway router's MAC address as determined from that ARP command, and xxx.xxx with your eth1 IP address as shown in `ifconfig eth1`) this will catch all traffic between you and another IP on your ISP local segment thats NOT talking to the gateway router paste 50 lines or so of the output of this here and maybe we can figure out whats going on. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Neighbour table overflow
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John R Pierce Sent: Friday, November 28, 2008 5:14 PM To: CentOS mailing list Subject: Re: [CentOS] Neighbour table overflow chloe K wrote: you have the network /20 so that you got this neigbour overlfow you should subnet it no, no, NO. his eth1 connection is from his ISP. He /has/ to use the supplied netmask, he can't reconfigure their network segment. now, why is ARP table is overflowing is another issue entirely. Thomas, can you try this? Do arp -an | grep 65.188.0.1 Hi John, The output from arp -an | grep 65.188.0.1 is: ? (65.188.0.1) at 00:1B:54:CB:7A::05 and pick out the MAC address of your gateway router, this will look something like... ? (65.188.0.1) at 00:17:CB:4F:97:81 [ether] on eth1 So, the MAC address above is 00:17:CB:4F:97:81 ... yours definitely will be different now, # tcpdump -i eth1 -n ip host 65.188.xxx.xxx and not ether host 00:17:CB:4F:97:81 (replacing that with your gateway router's MAC address as determined from that ARP command, and xxx.xxx with your eth1 IP address as shown in `ifconfig eth1`) this will catch all traffic between you and another IP on your ISP local segment thats NOT talking to the gateway router paste 50 lines or so of the output of this here and maybe we can figure out whats going on. OK, I think you lost me on that last part. I ran tcpdump -i eth1 -n ip host 65.188.0.1 and got: Tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captred 0 packets received by filter 0 packets dropped by kernel Thanks!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Neighbour table overflow
Thomas Dukes wrote: # tcpdump -i eth1 -n ip host 65.188.xxx.xxx and not ether host 00:17:CB:4F:97:81 ... OK, I think you lost me on that last part. I ran tcpdump -i eth1 -n ip host 65.188.0.1 and got: no, no. I said... # tcpdump -i eth0 -n ip host 65.188.xxx.xxx and not ether host xx:xx:xx:xx:xx:xx thats all one line. the first xxx.xxx would be replaced with those fields from your IP address not the gateway, and the latter xx:xx:xx:xx:xx:xx would be replaced with the MAC address of your ISP's default router, as discovered via the other command I listed. I guess this is just too complicated to do over email... I recommend you find someone local to you who is versed in network troubleshooting. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
