<html><head><title>Re: [linux] Debian zmeny v jadre</title>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
</head>
<body>
<span style=" font-family:'Courier New'; font-size: 9pt;">Cau,<br>
<br>
A tie stranky nejdu nacitavat iba z lokalnej siete alebo ani priamo z toho servera? A tiez by bolo fajn vediet viac o tom aku chybu to vypise a nie len "koliesko sa toci". Netstat na windowse vtedy pise co? SYN_SENT? alebo ESTABLISHED? Ak Established, tak to moze byt problem s MTU.<br>
<br>
Wednesday, July 23, 2014, 13:11:00, Juraj Remenec wrote:<br>
<br>
</span><table>
<tr>
<td width=2 bgcolor= #0000ff><br>
</td>
<td><span style=" font-family:'courier new'; font-size: 9pt;">vyskusam to zajtra a dam urcite vediet.<br>
Vdaka.<br>
<br>
<br>
<br>
Dňa 23. júla 2014 11:54, riki <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:phobie@axfr.org">phobie@axfr.org</a><span style=" font-family:'courier new'; font-size: 9pt;">> napísal(-a):<br>
Ahoj,<br>
<br>
echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc<br>
echo 2 > /proc/sys/net/ipv4/tcp_ecn<br>
echo 1 > /proc/sys/net/ipv4/ip_forward<br>
<br>
Pripadne pingom prever, aky najvacsi ping ti prejde, defaultne posiela<br>
male pakety. Je mozne ze po ceste je nieco zle a tcp window size si<br>
dohodnes vacsi ako je MTU na ceste.<br>
<br>
r.<br>
<br>
<br>
<br>
<br>
On 07/23/2014 11:17 AM, Juraj Remenec wrote:<br>
> Vďaka za tip ale zmeny nepomohli. rp_filter bol vypnutý. Ten prvý tcp...<br>
> som vypol ale bez úspechu.<br>
><br>
><br>
> Chcem iba povedať, že je to veľmi divné. Slovenské sajty chodia väčšinou<br>
> dobre. Aj niektoré zahraničné. Ale niektoré ďalšie ku podivu nie aj keď<br>
> pingovať idú...<br>
> Proste len Čaká sa.... S 2.6 jadrom ide všetko OK. Možno bude chyba v<br>
> nejakom driveri ku sieť. kartám. Mám v stroji 2 realteky a 2 inteli.<br>
><br>
> Požadované výpisy:<br>
> root ~ # ifconfig;route -n; iptables -t nat -L -n; iptables -L -n;<br>
>>~/iptables.txt<br>
> eth0 Link encap:Ethernet HWaddr 68:05:ca:00:75:48<br>
> inet addr:194.160.126.98 Bcast:194.160.126.111<br>
> Mask:255.255.255.240<br>
> inet6 addr: fe80::6a05:caff:fe00:7548/64 Scope:Link<br>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
> RX packets:17055 errors:0 dropped:0 overruns:0 frame:0<br>
> TX packets:11985 errors:0 dropped:0 overruns:0 carrier:0<br>
> collisions:0 txqueuelen:1000<br>
> RX bytes:16491343 (15.7 MiB) TX bytes:2444911 (2.3 MiB)<br>
> Interrupt:18 Memory:fb2c0000-fb2e0000<br>
><br>
> eth1 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2<br>
> inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link<br>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
> RX packets:325 errors:0 dropped:1 overruns:0 frame:0<br>
> TX packets:194 errors:0 dropped:0 overruns:0 carrier:0<br>
> collisions:0 txqueuelen:1000<br>
> RX bytes:25882 (25.2 KiB) TX bytes:31572 (30.8 KiB)<br>
> Interrupt:41 Base address:0x2000<br>
><br>
> eth3 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2<br>
> inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0<br>
> inet6 addr: fe80::21b:21ff:fed2:a4a2/64 Scope:Link<br>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
> RX packets:12010 errors:0 dropped:0 overruns:0 frame:0<br>
> TX packets:16780 errors:0 dropped:0 overruns:0 carrier:0<br>
> collisions:0 txqueuelen:1000<br>
> RX bytes:2337538 (2.2 MiB) TX bytes:16554598 (15.7 MiB)<br>
> Interrupt:16 Memory:fb4c0000-fb4e0000<br>
><br>
> eth3:0 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2<br>
> inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0<br>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
> Interrupt:16 Memory:fb4c0000-fb4e0000<br>
><br>
> eth4 Link encap:Ethernet HWaddr 8c:89:a5:16:b3:32<br>
> inet addr:192.168.177.55 Bcast:192.168.177.255<br>
> Mask:255.255.255.0<br>
> inet6 addr: fe80::8e89:a5ff:fe16:b332/64 Scope:Link<br>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br>
> TX packets:34 errors:0 dropped:0 overruns:0 carrier:0<br>
> collisions:0 txqueuelen:1000<br>
> RX bytes:0 (0.0 B) TX bytes:6774 (6.6 KiB)<br>
> Interrupt:42 Base address:0x6000<br>
><br>
> eth1.10 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2<br>
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0<br>
> inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link<br>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
> RX packets:299 errors:0 dropped:2 overruns:0 frame:0<br>
> TX packets:137 errors:0 dropped:0 overruns:0 carrier:0<br>
> collisions:0 txqueuelen:0<br>
> RX bytes:18352 (17.9 KiB) TX bytes:20913 (20.4 KiB)<br>
><br>
> eth1.20 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2<br>
> inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0<br>
> inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link<br>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
> RX packets:18 errors:0 dropped:0 overruns:0 frame:0<br>
> TX packets:37 errors:0 dropped:0 overruns:0 carrier:0<br>
> collisions:0 txqueuelen:0<br>
> RX bytes:1444 (1.4 KiB) TX bytes:7066 (6.9 KiB)<br>
><br>
> lo Link encap:Local Loopback<br>
> inet addr:127.0.0.1 Mask:255.0.0.0<br>
> inet6 addr: ::1/128 Scope:Host<br>
> UP LOOPBACK RUNNING MTU:16436 Metric:1<br>
> RX packets:1611 errors:0 dropped:0 overruns:0 frame:0<br>
> TX packets:1611 errors:0 dropped:0 overruns:0 carrier:0<br>
> collisions:0 txqueuelen:0<br>
> RX bytes:185915 (181.5 KiB) TX bytes:185915 (181.5 KiB)<br>
><br>
> Kernel IP routing table<br>
> Destination Gateway Genmask Flags Metric Ref Use<br>
> Iface<br>
> 0.0.0.0 194.160.126.97 0.0.0.0 UG 0 0 0 eth0<br>
> 172.30.126.0 192.168.177.1 255.255.255.0 UG 0 0 0 eth4<br>
> 192.168.0.31 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0<br>
> eth1.10<br>
> 192.168.1.121 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0<br>
> eth1.20<br>
> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3<br>
> 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3<br>
> 192.168.29.4 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>
> 192.168.29.10 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>
> 192.168.29.12 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>
> 192.168.177.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4<br>
> 194.160.126.96 0.0.0.0 255.255.255.240 U 0 0 0 eth0<br>
> Chain PREROUTING (policy ACCEPT)<br>
> target prot opt source destination<br>
><br>
> Chain INPUT (policy ACCEPT)<br>
> target prot opt source destination<br>
><br>
> Chain OUTPUT (policy ACCEPT)<br>
> target prot opt source destination<br>
><br>
> Chain POSTROUTING (policy ACCEPT)<br>
> target prot opt source destination<br>
> MASQUERADE all -- </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;"> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">http://0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;">> </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">0.0.0.0/0</a><br>
<span style=" font-family:'courier new'; font-size: 9pt;">> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">http://0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;">><br>
> Chain INPUT (policy ACCEPT)<br>
> target prot opt source destination<br>
><br>
> Chain FORWARD (policy ACCEPT)<br>
> target prot opt source destination<br>
> ACCEPT all -- </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;"> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">http://0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;">> </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">0.0.0.0/0</a><br>
<span style=" font-family:'courier new'; font-size: 9pt;">> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">http://0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;">> state RELATED,ESTABLISHED<br>
> ACCEPT all -- </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;"> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">http://0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;">> </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">0.0.0.0/0</a><br>
<span style=" font-family:'courier new'; font-size: 9pt;">> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://0.0.0.0/0">http://0.0.0.0/0</a><span style=" font-family:'courier new'; font-size: 9pt;">><br>
><br>
> Chain OUTPUT (policy ACCEPT)<br>
> target prot opt source destination<br>
><br>
><br>
> Dňa 23. júla 2014 10:44, riki <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:phobie@axfr.org">phobie@axfr.org</a><span style=" font-family:'courier new'; font-size: 9pt;"> <mailto:</span><a style=" font-family:'courier new'; font-size: 9pt;" href="mailto:phobie@axfr.org">phobie@axfr.org</a><span style=" font-family:'courier new'; font-size: 9pt;">>><br>
> napísal(-a):<br>
><br>
> Ahoj,<br>
><br>
> skus vypnut net.ipv4.tcp_ecn, myslim ze v 3.x je zapnuta defaultne. Skus<br>
> rovnako vypnut rp_filter.<br>
><br>
> Ak nepomoze posli vystup z ifconfig;route -n; iptables -t nat -L<br>
> -n;iptables -L -n;<br>
><br>
> r.<br>
><br>
> On 07/23/2014 08:56 AM, Juraj Remenec wrote:<br>
> > Zdravim.<br>
> > Prosim vas. Pisem sem, snad mi budete vediet narychlo poradit.<br>
> > Ja som z toho uz nacisto zufaly.<br>
> ><br>
> > Som prilis vytazeny. Uz nejaky ten rok necitam ziadne changelogs k<br>
> > updatom z Debianu a asi teraz na to doplacam.<br>
> > Poslednym apt-get upgrade sa mi do servera dostal kernel 3.2.0.<br>
> ><br>
> > Vsetko funguje OK az na IPTABLES!!<br>
> > Ide ma z toho URVAT. Lebo je to taka chyba, no neviem ako na nu<br>
> priznam sa.<br>
> > Na serveri pouzivam masquerade a forwarding z lokalnej siete<br>
> > </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://192.168.1.0/24">192.168.1.0/24</a><span style=" font-family:'courier new'; font-size: 9pt;"> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://192.168.1.0/24">http://192.168.1.0/24</a><span style=" font-family:'courier new'; font-size: 9pt;">> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://192.168.1.0/24">http://192.168.1.0/24</a><span style=" font-family:'courier new'; font-size: 9pt;">> =><br>
> do siete poskytovatela. Vsetko<br>
> > fungovalo OK. Po poslednom upgrade som si vsimol, ze prestalo<br>
> nacitavat<br>
> > stranky ako </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.facebook.com">www.facebook.com</a><span style=" font-family:'courier new'; font-size: 9pt;"> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.facebook.com">http://www.facebook.com</a><span style=" font-family:'courier new'; font-size: 9pt;">><br>
> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.facebook.com">http://www.facebook.com</a><span style=" font-family:'courier new'; font-size: 9pt;">>. Alebo<br>
> > </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.cnn.com">www.cnn.com</a><span style=" font-family:'courier new'; font-size: 9pt;"> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.cnn.com">http://www.cnn.com</a><span style=" font-family:'courier new'; font-size: 9pt;">> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.cnn.com">http://www.cnn.com</a><span style=" font-family:'courier new'; font-size: 9pt;">>. Alebo aj<br>
> "cuduj sa" </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.sex.sk">www.sex.sk</a><span style=" font-family:'courier new'; font-size: 9pt;"> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.sex.sk">http://www.sex.sk</a><span style=" font-family:'courier new'; font-size: 9pt;">><br>
> > <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://www.sex.sk">http://www.sex.sk</a><span style=" font-family:'courier new'; font-size: 9pt;">> (presmeruvava na nejaky </span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://jasmine.com">jasmine.com</a><br>
<span style=" font-family:'courier new'; font-size: 9pt;">> <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://jasmine.com">http://jasmine.com</a><span style=" font-family:'courier new'; font-size: 9pt;">><br>
> > <</span><a style=" font-family:'courier new'; font-size: 9pt;" href="http://jasmine.com">http://jasmine.com</a><span style=" font-family:'courier new'; font-size: 9pt;">>).<br>
> > Proste koliesko na prehliadaci sa toci, toci a toci a nic. Ani ziadna<br>
> > info o timeoute ani nic.<br>
> ><br>
> ><br>
> > Ak vsak na serveri spustim starsi kernel 2.6.x tak opat vsetko funguje<br>
> > ako MA.<br>
> > A tak by ma zaujimalo, ake zmeny nastali v IP forwardingu v kerneli<br>
> > nastupom novej rady 3.x.<br>
> ><br>
> > Viete niekto nieco o tomto??<br>
> > Budem vdacny za akykolvek tip.<br>
> > J.<br>
> ><br>
</td>
</tr>
</table>
<br><br>
<br>
<br>
<span style=" font-family:'arial'; color: #c0c0c0;"><i>-- <br>
bYE, Marki</body></html>