[linux] Debian zmeny v jadre
riki
phobie na axfr.org
Středa Červenec 23 11:54:07 CEST 2014
Ahoj,
echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
echo 2 > /proc/sys/net/ipv4/tcp_ecn
echo 1 > /proc/sys/net/ipv4/ip_forward
Pripadne pingom prever, aky najvacsi ping ti prejde, defaultne posiela
male pakety. Je mozne ze po ceste je nieco zle a tcp window size si
dohodnes vacsi ako je MTU na ceste.
r.
On 07/23/2014 11:17 AM, Juraj Remenec wrote:
> Vďaka za tip ale zmeny nepomohli. rp_filter bol vypnutý. Ten prvý tcp...
> som vypol ale bez úspechu.
>
>
> Chcem iba povedať, že je to veľmi divné. Slovenské sajty chodia väčšinou
> dobre. Aj niektoré zahraničné. Ale niektoré ďalšie ku podivu nie aj keď
> pingovať idú...
> Proste len Čaká sa.... S 2.6 jadrom ide všetko OK. Možno bude chyba v
> nejakom driveri ku sieť. kartám. Mám v stroji 2 realteky a 2 inteli.
>
> Požadované výpisy:
> root ~ # ifconfig;route -n; iptables -t nat -L -n; iptables -L -n;
>>~/iptables.txt
> eth0 Link encap:Ethernet HWaddr 68:05:ca:00:75:48
> inet addr:194.160.126.98 Bcast:194.160.126.111
> Mask:255.255.255.240
> inet6 addr: fe80::6a05:caff:fe00:7548/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:17055 errors:0 dropped:0 overruns:0 frame:0
> TX packets:11985 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:16491343 (15.7 MiB) TX bytes:2444911 (2.3 MiB)
> Interrupt:18 Memory:fb2c0000-fb2e0000
>
> eth1 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
> inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:325 errors:0 dropped:1 overruns:0 frame:0
> TX packets:194 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:25882 (25.2 KiB) TX bytes:31572 (30.8 KiB)
> Interrupt:41 Base address:0x2000
>
> eth3 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2
> inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
> inet6 addr: fe80::21b:21ff:fed2:a4a2/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:12010 errors:0 dropped:0 overruns:0 frame:0
> TX packets:16780 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2337538 (2.2 MiB) TX bytes:16554598 (15.7 MiB)
> Interrupt:16 Memory:fb4c0000-fb4e0000
>
> eth3:0 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2
> inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> Interrupt:16 Memory:fb4c0000-fb4e0000
>
> eth4 Link encap:Ethernet HWaddr 8c:89:a5:16:b3:32
> inet addr:192.168.177.55 Bcast:192.168.177.255
> Mask:255.255.255.0
> inet6 addr: fe80::8e89:a5ff:fe16:b332/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 B) TX bytes:6774 (6.6 KiB)
> Interrupt:42 Base address:0x6000
>
> eth1.10 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:299 errors:0 dropped:2 overruns:0 frame:0
> TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:18352 (17.9 KiB) TX bytes:20913 (20.4 KiB)
>
> eth1.20 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
> inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
> inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:18 errors:0 dropped:0 overruns:0 frame:0
> TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:1444 (1.4 KiB) TX bytes:7066 (6.9 KiB)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:1611 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1611 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:185915 (181.5 KiB) TX bytes:185915 (181.5 KiB)
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 194.160.126.97 0.0.0.0 UG 0 0 0 eth0
> 172.30.126.0 192.168.177.1 255.255.255.0 UG 0 0 0 eth4
> 192.168.0.31 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1.10
> 192.168.1.121 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1.20
> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
> 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
> 192.168.29.4 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
> 192.168.29.10 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
> 192.168.29.12 192.168.177.1 255.255.255.255 UGH 0 0 0 eth4
> 192.168.177.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
> 194.160.126.96 0.0.0.0 255.255.255.240 U 0 0 0 eth0
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> state RELATED,ESTABLISHED
> ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0>
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> Dňa 23. júla 2014 10:44, riki <phobie na axfr.org <mailto:phobie na axfr.org>>
> napísal(-a):
>
> Ahoj,
>
> skus vypnut net.ipv4.tcp_ecn, myslim ze v 3.x je zapnuta defaultne. Skus
> rovnako vypnut rp_filter.
>
> Ak nepomoze posli vystup z ifconfig;route -n; iptables -t nat -L
> -n;iptables -L -n;
>
> r.
>
> On 07/23/2014 08:56 AM, Juraj Remenec wrote:
> > Zdravim.
> > Prosim vas. Pisem sem, snad mi budete vediet narychlo poradit.
> > Ja som z toho uz nacisto zufaly.
> >
> > Som prilis vytazeny. Uz nejaky ten rok necitam ziadne changelogs k
> > updatom z Debianu a asi teraz na to doplacam.
> > Poslednym apt-get upgrade sa mi do servera dostal kernel 3.2.0.
> >
> > Vsetko funguje OK az na IPTABLES!!
> > Ide ma z toho URVAT. Lebo je to taka chyba, no neviem ako na nu
> priznam sa.
> > Na serveri pouzivam masquerade a forwarding z lokalnej siete
> > 192.168.1.0/24 <http://192.168.1.0/24> <http://192.168.1.0/24> =>
> do siete poskytovatela. Vsetko
> > fungovalo OK. Po poslednom upgrade som si vsimol, ze prestalo
> nacitavat
> > stranky ako www.facebook.com <http://www.facebook.com>
> <http://www.facebook.com>. Alebo
> > www.cnn.com <http://www.cnn.com> <http://www.cnn.com>. Alebo aj
> "cuduj sa" www.sex.sk <http://www.sex.sk>
> > <http://www.sex.sk> (presmeruvava na nejaky jasmine.com
> <http://jasmine.com>
> > <http://jasmine.com>).
> > Proste koliesko na prehliadaci sa toci, toci a toci a nic. Ani ziadna
> > info o timeoute ani nic.
> >
> >
> > Ak vsak na serveri spustim starsi kernel 2.6.x tak opat vsetko funguje
> > ako MA.
> > A tak by ma zaujimalo, ake zmeny nastali v IP forwardingu v kerneli
> > nastupom novej rady 3.x.
> >
> > Viete niekto nieco o tomto??
> > Budem vdacny za akykolvek tip.
> > J.
> >
> >
> > _______________________________________________
> > https://lists.linux.sk/mailman/listinfo/linux
> > Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> >
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
>
>
>
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
Další informace o konferenci linux