<div dir="ltr"><div>Vďaka za tip ale zmeny nepomohli. rp_filter bol vypnutý. Ten prvý tcp... som vypol ale bez úspechu.<br><br><br></div><div>Chcem iba povedať, že je to veľmi divné. Slovenské sajty chodia väčšinou dobre. Aj niektoré zahraničné. Ale niektoré ďalšie ku podivu nie aj keď pingovať idú...<br>
</div><div>Proste len Čaká sa.... S 2.6 jadrom ide všetko OK. Možno bude chyba v nejakom driveri ku sieť. kartám. Mám v stroji 2 realteky a 2 inteli. <br><br></div>Požadované výpisy:<br>root ~ # ifconfig;route -n; iptables -t nat -L -n; iptables -L -n; >~/iptables.txt<br>
eth0 Link encap:Ethernet HWaddr 68:05:ca:00:75:48<br> inet addr:194.160.126.98 Bcast:194.160.126.111 Mask:255.255.255.240<br> inet6 addr: fe80::6a05:caff:fe00:7548/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:17055 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:11985 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000<br> RX bytes:16491343 (15.7 MiB) TX bytes:2444911 (2.3 MiB)<br>
Interrupt:18 Memory:fb2c0000-fb2e0000<br><br>eth1 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2<br> inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:325 errors:0 dropped:1 overruns:0 frame:0<br> TX packets:194 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000<br> RX bytes:25882 (25.2 KiB) TX bytes:31572 (30.8 KiB)<br>
Interrupt:41 Base address:0x2000<br><br>eth3 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2<br> inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0<br> inet6 addr: fe80::21b:21ff:fed2:a4a2/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:12010 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:16780 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:1000<br>
RX bytes:2337538 (2.2 MiB) TX bytes:16554598 (15.7 MiB)<br> Interrupt:16 Memory:fb4c0000-fb4e0000<br><br>eth3:0 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2<br> inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> Interrupt:16 Memory:fb4c0000-fb4e0000<br><br>eth4 Link encap:Ethernet HWaddr 8c:89:a5:16:b3:32<br> inet addr:192.168.177.55 Bcast:192.168.177.255 Mask:255.255.255.0<br>
inet6 addr: fe80::8e89:a5ff:fe16:b332/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:34 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000<br> RX bytes:0 (0.0 B) TX bytes:6774 (6.6 KiB)<br> Interrupt:42 Base address:0x6000<br><br>eth1.10 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2<br> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0<br>
inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:299 errors:0 dropped:2 overruns:0 frame:0<br> TX packets:137 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br> RX bytes:18352 (17.9 KiB) TX bytes:20913 (20.4 KiB)<br><br>eth1.20 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2<br> inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0<br>
inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:18 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:37 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br> RX bytes:1444 (1.4 KiB) TX bytes:7066 (6.9 KiB)<br><br>lo Link encap:Local Loopback<br> inet addr:127.0.0.1 Mask:255.0.0.0<br> inet6 addr: ::1/128 Scope:Host<br>
UP LOOPBACK RUNNING MTU:16436 Metric:1<br> RX packets:1611 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:1611 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:0<br>
RX bytes:185915 (181.5 KiB) TX bytes:185915 (181.5 KiB)<br><br>Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>0.0.0.0 194.160.126.97 0.0.0.0 UG 0 0 0 eth0<br>
172.30.126.0 192.168.177.1 255.255.255.0 UG 0 0 0 eth4<br>192.168.0.31 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10<br>
192.168.1.121 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.20<br>192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3<br>
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3<br>192.168.29.4 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>192.168.29.10 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>
192.168.29.12 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4<br>192.168.177.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4<br>194.160.126.96 0.0.0.0 255.255.255.240 U 0 0 0 eth0<br>
Chain PREROUTING (policy ACCEPT)<br>target prot opt source destination<br><br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination<br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination<br>
<br>Chain POSTROUTING (policy ACCEPT)<br>target prot opt source destination<br>MASQUERADE all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a><br>Chain INPUT (policy ACCEPT)<br>
target prot opt source destination<br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination<br>ACCEPT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> state RELATED,ESTABLISHED<br>
ACCEPT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a><br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination<br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">Dňa 23. júla 2014 10:44, riki <span dir="ltr"><<a href="mailto:phobie@axfr.org" target="_blank">phobie@axfr.org</a>></span> napísal(-a):<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Ahoj,<br>
<br>
skus vypnut net.ipv4.tcp_ecn, myslim ze v 3.x je zapnuta defaultne. Skus<br>
rovnako vypnut rp_filter.<br>
<br>
Ak nepomoze posli vystup z ifconfig;route -n; iptables -t nat -L<br>
-n;iptables -L -n;<br>
<br>
r.<br>
<div class=""><br>
On 07/23/2014 08:56 AM, Juraj Remenec wrote:<br>
> Zdravim.<br>
> Prosim vas. Pisem sem, snad mi budete vediet narychlo poradit.<br>
> Ja som z toho uz nacisto zufaly.<br>
><br>
> Som prilis vytazeny. Uz nejaky ten rok necitam ziadne changelogs k<br>
> updatom z Debianu a asi teraz na to doplacam.<br>
> Poslednym apt-get upgrade sa mi do servera dostal kernel 3.2.0.<br>
><br>
> Vsetko funguje OK az na IPTABLES!!<br>
> Ide ma z toho URVAT. Lebo je to taka chyba, no neviem ako na nu priznam sa.<br>
> Na serveri pouzivam masquerade a forwarding z lokalnej siete<br>
</div>> <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> <<a href="http://192.168.1.0/24" target="_blank">http://192.168.1.0/24</a>> => do siete poskytovatela. Vsetko<br>
<div class="">> fungovalo OK. Po poslednom upgrade som si vsimol, ze prestalo nacitavat<br>
</div>> stranky ako <a href="http://www.facebook.com" target="_blank">www.facebook.com</a> <<a href="http://www.facebook.com" target="_blank">http://www.facebook.com</a>>. Alebo<br>
> <a href="http://www.cnn.com" target="_blank">www.cnn.com</a> <<a href="http://www.cnn.com" target="_blank">http://www.cnn.com</a>>. Alebo aj "cuduj sa" <a href="http://www.sex.sk" target="_blank">www.sex.sk</a><br>
> <<a href="http://www.sex.sk" target="_blank">http://www.sex.sk</a>> (presmeruvava na nejaky <a href="http://jasmine.com" target="_blank">jasmine.com</a><br>
> <<a href="http://jasmine.com" target="_blank">http://jasmine.com</a>>).<br>
<div class="">> Proste koliesko na prehliadaci sa toci, toci a toci a nic. Ani ziadna<br>
> info o timeoute ani nic.<br>
><br>
><br>
> Ak vsak na serveri spustim starsi kernel 2.6.x tak opat vsetko funguje<br>
> ako MA.<br>
> A tak by ma zaujimalo, ake zmeny nastali v IP forwardingu v kerneli<br>
> nastupom novej rady 3.x.<br>
><br>
> Viete niekto nieco o tomto??<br>
> Budem vdacny za akykolvek tip.<br>
> J.<br>
><br>
><br>
</div>> _______________________________________________<br>
> <a href="https://lists.linux.sk/mailman/listinfo/linux" target="_blank">https://lists.linux.sk/mailman/listinfo/linux</a><br>
> Meta FAQ: <a href="http://www.sklug.sk/lists/linux/metafaq.html" target="_blank">http://www.sklug.sk/lists/linux/metafaq.html</a><br>
><br>
_______________________________________________<br>
<a href="https://lists.linux.sk/mailman/listinfo/linux" target="_blank">https://lists.linux.sk/mailman/listinfo/linux</a><br>
Meta FAQ: <a href="http://www.sklug.sk/lists/linux/metafaq.html" target="_blank">http://www.sklug.sk/lists/linux/metafaq.html</a><br>
</blockquote></div><br></div>