[linux] Debian zmeny v jadre
Juraj Remenec
remenec na gmail.com
Středa Červenec 23 11:17:42 CEST 2014
Vďaka za tip ale zmeny nepomohli. rp_filter bol vypnutý. Ten prvý tcp...
som vypol ale bez úspechu.
Chcem iba povedať, že je to veľmi divné. Slovenské sajty chodia väčšinou
dobre. Aj niektoré zahraničné. Ale niektoré ďalšie ku podivu nie aj keď
pingovať idú...
Proste len Čaká sa.... S 2.6 jadrom ide všetko OK. Možno bude chyba v
nejakom driveri ku sieť. kartám. Mám v stroji 2 realteky a 2 inteli.
Požadované výpisy:
root ~ # ifconfig;route -n; iptables -t nat -L -n; iptables -L -n;
>~/iptables.txt
eth0 Link encap:Ethernet HWaddr 68:05:ca:00:75:48
inet addr:194.160.126.98 Bcast:194.160.126.111
Mask:255.255.255.240
inet6 addr: fe80::6a05:caff:fe00:7548/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17055 errors:0 dropped:0 overruns:0 frame:0
TX packets:11985 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16491343 (15.7 MiB) TX bytes:2444911 (2.3 MiB)
Interrupt:18 Memory:fb2c0000-fb2e0000
eth1 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:325 errors:0 dropped:1 overruns:0 frame:0
TX packets:194 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25882 (25.2 KiB) TX bytes:31572 (30.8 KiB)
Interrupt:41 Base address:0x2000
eth3 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::21b:21ff:fed2:a4a2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12010 errors:0 dropped:0 overruns:0 frame:0
TX packets:16780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2337538 (2.2 MiB) TX bytes:16554598 (15.7 MiB)
Interrupt:16 Memory:fb4c0000-fb4e0000
eth3:0 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2
inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Memory:fb4c0000-fb4e0000
eth4 Link encap:Ethernet HWaddr 8c:89:a5:16:b3:32
inet addr:192.168.177.55 Bcast:192.168.177.255
Mask:255.255.255.0
inet6 addr: fe80::8e89:a5ff:fe16:b332/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:6774 (6.6 KiB)
Interrupt:42 Base address:0x6000
eth1.10 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:299 errors:0 dropped:2 overruns:0 frame:0
TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:18352 (17.9 KiB) TX bytes:20913 (20.4 KiB)
eth1.20 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1444 (1.4 KiB) TX bytes:7066 (6.9 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1611 errors:0 dropped:0 overruns:0 frame:0
TX packets:1611 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:185915 (181.5 KiB) TX bytes:185915 (181.5 KiB)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 194.160.126.97 0.0.0.0 UG 0 0 0 eth0
172.30.126.0 192.168.177.1 255.255.255.0 UG 0 0 0 eth4
192.168.0.31 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1.10
192.168.1.121 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1.20
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
192.168.29.4 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
192.168.29.10 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
192.168.29.12 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
192.168.177.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
194.160.126.96 0.0.0.0 255.255.255.240 U 0 0 0 eth0
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Dňa 23. júla 2014 10:44, riki <phobie at axfr.org> napísal(-a):
> Ahoj,
>
> skus vypnut net.ipv4.tcp_ecn, myslim ze v 3.x je zapnuta defaultne. Skus
> rovnako vypnut rp_filter.
>
> Ak nepomoze posli vystup z ifconfig;route -n; iptables -t nat -L
> -n;iptables -L -n;
>
> r.
>
> On 07/23/2014 08:56 AM, Juraj Remenec wrote:
> > Zdravim.
> > Prosim vas. Pisem sem, snad mi budete vediet narychlo poradit.
> > Ja som z toho uz nacisto zufaly.
> >
> > Som prilis vytazeny. Uz nejaky ten rok necitam ziadne changelogs k
> > updatom z Debianu a asi teraz na to doplacam.
> > Poslednym apt-get upgrade sa mi do servera dostal kernel 3.2.0.
> >
> > Vsetko funguje OK az na IPTABLES!!
> > Ide ma z toho URVAT. Lebo je to taka chyba, no neviem ako na nu priznam
> sa.
> > Na serveri pouzivam masquerade a forwarding z lokalnej siete
> > 192.168.1.0/24 <http://192.168.1.0/24> => do siete poskytovatela. Vsetko
> > fungovalo OK. Po poslednom upgrade som si vsimol, ze prestalo nacitavat
> > stranky ako www.facebook.com <http://www.facebook.com>. Alebo
> > www.cnn.com <http://www.cnn.com>. Alebo aj "cuduj sa" www.sex.sk
> > <http://www.sex.sk> (presmeruvava na nejaky jasmine.com
> > <http://jasmine.com>).
> > Proste koliesko na prehliadaci sa toci, toci a toci a nic. Ani ziadna
> > info o timeoute ani nic.
> >
> >
> > Ak vsak na serveri spustim starsi kernel 2.6.x tak opat vsetko funguje
> > ako MA.
> > A tak by ma zaujimalo, ake zmeny nastali v IP forwardingu v kerneli
> > nastupom novej rady 3.x.
> >
> > Viete niekto nieco o tomto??
> > Budem vdacny za akykolvek tip.
> > J.
> >
> >
> > _______________________________________________
> > https://lists.linux.sk/mailman/listinfo/linux
> > Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> >
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.sk/pipermail/linux/attachments/20140723/fb729f40/attachment-0001.html>
Další informace o konferenci linux