[leaf-user] ip_conntrack: table full, dropping packet
Hi I recently started having this problem on my leaf box. I'm guessing this is being caused by floods hitting the box. How can I better diagnose this? I know I can increase the /proc/sys/net/ipv4/ip_conntrack_max but that's not fixing the problem. Am I able to figure out which interface is getting flooded using /sbin/ip ? What other tool available on the box can I use? I have a minimal, old release of Bering. Can shorewall be configured to help deny the flood? Thanks Ricardo - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ip_conntrack: table full, dropping packet
Ricardo Ricardo Kleemann wrote: Hi I recently started having this problem on my leaf box. I'm guessing this is being caused by floods hitting the box. How can I better diagnose this? I know I can increase the /proc/sys/net/ipv4/ip_conntrack_max but that's not fixing the problem. Am I able to figure out which interface is getting flooded using /sbin/ip ? What other tool available on the box can I use? I have a minimal, old release of Bering. Can shorewall be configured to help deny the flood? These two links may help: http://osdir.com/ml/linux.leaf.user/2005-04/msg00089.html http://www.wallfire.org/misc/netfilter_conntrack_perf.txt cheers Erich - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ip_conntrack: table full, dropping packet
Thanks Erich. These two links may help: http://osdir.com/ml/linux.leaf.user/2005-04/msg00089.html http://www.wallfire.org/misc/netfilter_conntrack_perf.txt Those links show how to change the conntrack_max. But my problem is really trying to prevent the table from filling up. I'm sure that the leaf box is getting flooded and I'm trying to see how to best handle it. My box has only 64M of memory, the conntrack_max is already set to 4096, I've had to temporarily increase that so the table doesn't fill up quickly, but it will still fill up. Ricardo - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ip_conntrack: table full, dropping packet
Ricardo Kleemann wrote: Thanks Erich. These two links may help: http://osdir.com/ml/linux.leaf.user/2005-04/msg00089.html http://www.wallfire.org/misc/netfilter_conntrack_perf.txt Those links show how to change the conntrack_max. But my problem is really trying to prevent the table from filling up. I'm sure that the leaf box is getting flooded and I'm trying to see how to best handle it. My box has only 64M of memory, the conntrack_max is already set to 4096, I've had to temporarily increase that so the table doesn't fill up quickly, but it will still fill up. You could look into the shorewall statistics to see which chains fill up rapidly. If you differentiate between a number of protocols you can probably see which protocol is the one most likely to be hit. You can set a connection rate on all the traffic you accept. The shorewall docs may help. I suggest in the medium term to upgrade as more recent shorewall versions may have even better diagnostics. cheers Erich - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Problem with buildtool.pl and Config::General
oops, wrong list... Martin Hejl wrote: Hi Erich, please keep replies on the list Thanks for the info, I tried to diff the buildtool tree, only got my own changes though. cvs diff: Diffing . (...) That's not how cvs diff works. From the man page: The default action is to compare your working files with the revisions they were based on, and report any differences that are found. So, by if you don't specify a revision, it only shows changes made locally to the revision of the file you checked out - changes made in the repository are not shown. Something like that might work though: cvs diff -r HEAD buildtool.pl Martin - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Problem with buildtool.pl and Config::General
Martin Martin Hejl schrieb: oops, wrong list... Martin Hejl wrote: Hi Erich, please keep replies on the list Fingers too fast :-( Thanks for the info, I tried to diff the buildtool tree, only got my own changes though. cvs diff: Diffing . (...) That's not how cvs diff works. From the man page: The default action is to compare your working files with the revisions they were based on, and report any differences that are found. So, by if you don't specify a revision, it only shows changes made locally to the revision of the file you checked out - changes made in the repository are not shown. Something like that might work though: cvs diff -r HEAD buildtool.pl Yep, should have thought about that, thanks Erich - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering uClibc AS a http load balancer
Have you looked into http://haproxy.1wt.eu/ ? I think the combination of haproxy and keepalived on a LEAF box would be ideal. -Steve More On 8/14/07, Adam Niedzwiedzki wrote: I did some reading and found http://www.linuxvirtualserver.org/ But is it a load balancer I guess when I say load balancer an ip sprayer is what I'm after. I'll check out balancer, see if it will do what I want.. Cheers Ad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Spakman Sent: Tuesday, 14 August 2007 6:05 PM To: Adam Niedzwiedzki Cc: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] Bering uClibc AS a http load balancer Hi Ad, I think you need some sort of loadbalancing software on the router, something like balancer (http://www.inlab.de/balance.html) or anything simular. Balancer only has a command-line interface and no config file, so better options may exist. An other option which might work is using DNS round-robin by defining multiple addresses to the same host in /etc/hosts. Eric Hi guys, Has anyone setup a bering uClibc box AS a load balancer, I can find a bunch of info on load balancing THE router/firewall, but nothing on actually have a bering machine AS the load balancer for a bunch of web servers behind it. Can anyone give me some advice on what I need (modules wise), will I need a custom kernel? Cheers Ad - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] DNS resolution for Multi-ISP
Hello, I trying to setup multi-isp configuration (using latest bering-uClibc 3.1-beta1), and began reading the corresponding doc: http://www.shorewall.net/3.0/MultiISP.html I am not clear on how the DNS resolution happens if a DNS request from one provider goes to the other provider's name server. ISPs these days serve their customers alone and reject all requests outside their network. 1. As part of multi-isp setup, is it possible to have the DNS requests routed thru' a provider go to provider's DNS IPs? 2. Does listing all ISP's DNS IPs into /etc/resolve.conf help? Appreciate any pointers or links. Thanks __ Seva - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] [Shorewall-users] DNS resolution for Multi-ISP
[EMAIL PROTECTED] wrote: Hello, I trying to setup multi-isp configuration (using latest bering-uClibc 3.1-beta1), and began reading the corresponding doc: http://www.shorewall.net/3.0/MultiISP.html I am not clear on how the DNS resolution happens if a DNS request from one provider goes to the other provider's name server. ISPs these days serve their customers alone and reject all requests outside their network. 1. As part of multi-isp setup, is it possible to have the DNS requests routed thru' a provider go to provider's DNS IPs? 2. Does listing all ISP's DNS IPs into /etc/resolve.conf help? Appreciate any pointers or links. DNS is not a special case -- it obeys the same rules as any other connection. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] [Shorewall-users] DNS resolution for Multi-ISP
[EMAIL PROTECTED] wrote: I trying to setup multi-isp configuration (using latest bering-uClibc 3.1-beta1), and began reading the corresponding doc: http://www.shorewall.net/3.0/MultiISP.html I am not clear on how the DNS resolution happens if a DNS request from one provider goes to the other provider's name server. ISPs these days serve their customers alone and reject all requests outside their network. 1. As part of multi-isp setup, is it possible to have the DNS requests routed thru' a provider go to provider's DNS IPs? 2. Does listing all ISP's DNS IPs into /etc/resolve.conf help? Appreciate any pointers or links. DNS is not a special case -- it obeys the same rules as any other connection. -Tom Thanks for a prompt response Tom. DNS not being special case does make sense. Do you have any suggestions on how to deal with the DNS look up failures when the requests are sent to wrong provider. What does request are sent to wrong provider mean? -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] [Shorewall-users] DNS resolution for Multi-ISP
[EMAIL PROTECTED] wrote: I trying to setup multi-isp configuration (using latest bering-uClibc 3.1-beta1), and began reading the corresponding doc: http://www.shorewall.net/3.0/MultiISP.html I am not clear on how the DNS resolution happens if a DNS request from one provider goes to the other provider's name server. ISPs these days serve their customers alone and reject all requests outside their network. 1. As part of multi-isp setup, is it possible to have the DNS requests routed thru' a provider go to provider's DNS IPs? 2. Does listing all ISP's DNS IPs into /etc/resolve.conf help? Appreciate any pointers or links. DNS is not a special case -- it obeys the same rules as any other connection. -Tom Thanks for a prompt response Tom. DNS not being special case does make sense. Do you have any suggestions on how to deal with the DNS look up failures when the requests are sent to wrong provider. What does request are sent to wrong provider mean? -Tom Let me give you an example: isp1: DNS 1.2.3.4, 2.3.4.5 isp2: DNS 3.4.5.6, 4.5.6.7 Assume that we list all the above in /etc/resolv.conf file. When you start the very first time, if using multi-isp, the request for DNS resolution could go to either of the two ISPs. Assume that the request goes to isp2 but the DNS server picked for resolution is 1.2.3.4. This scenario is what I am referring to as 'wrong provider' (DNS resolution point of view). You might consider route_rules that route 1.2.3.4 and 2.3.4.5 out of isp1 and 3.4.5.6 and 4.5.6.7 out of isp2. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key signature.asc Description: OpenPGP digital signature - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] [Shorewall-users] DNS resolution for Multi-ISP
I trying to setup multi-isp configuration (using latest bering-uClibc 3.1-beta1), and began reading the corresponding doc: http://www.shorewall.net/3.0/MultiISP.html I am not clear on how the DNS resolution happens if a DNS request from one provider goes to the other provider's name server. ISPs these days serve their customers alone and reject all requests outside their network. 1. As part of multi-isp setup, is it possible to have the DNS requests routed thru' a provider go to provider's DNS IPs? 2. Does listing all ISP's DNS IPs into /etc/resolve.conf help? Appreciate any pointers or links. DNS is not a special case -- it obeys the same rules as any other connection. -Tom Thanks for a prompt response Tom. DNS not being special case does make sense. Do you have any suggestions on how to deal with the DNS look up failures when the requests are sent to wrong provider. What does request are sent to wrong provider mean? -Tom Let me give you an example: isp1: DNS 1.2.3.4, 2.3.4.5 isp2: DNS 3.4.5.6, 4.5.6.7 Assume that we list all the above in /etc/resolv.conf file. When you start the very first time, if using multi-isp, the request for DNS resolution could go to either of the two ISPs. Assume that the request goes to isp2 but the DNS server picked for resolution is 1.2.3.4. This scenario is what I am referring to as 'wrong provider' (DNS resolution point of view). You might consider route_rules that route 1.2.3.4 and 2.3.4.5 out of isp1 and 3.4.5.6 and 4.5.6.7 out of isp2. -Tom Thanks for the tip. I have read the route_rules doc and things are a bit clear to me. Thanks for all the help and wonderful package! - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/