[linux] Debian zmeny v jadre
Juraj Remenec
remenec na gmail.com
Středa Červenec 23 13:11:00 CEST 2014
vyskusam to zajtra a dam urcite vediet.
Vdaka.
Dňa 23. júla 2014 11:54, riki <phobie at axfr.org> napísal(-a):
> Ahoj,
>
> echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
> echo 2 > /proc/sys/net/ipv4/tcp_ecn
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Pripadne pingom prever, aky najvacsi ping ti prejde, defaultne posiela
> male pakety. Je mozne ze po ceste je nieco zle a tcp window size si
> dohodnes vacsi ako je MTU na ceste.
>
> r.
>
>
>
>
> On 07/23/2014 11:17 AM, Juraj Remenec wrote:
> > Vďaka za tip ale zmeny nepomohli. rp_filter bol vypnutý. Ten prvý tcp...
> > som vypol ale bez úspechu.
> >
> >
> > Chcem iba povedať, že je to veľmi divné. Slovenské sajty chodia väčšinou
> > dobre. Aj niektoré zahraničné. Ale niektoré ďalšie ku podivu nie aj keď
> > pingovať idú...
> > Proste len Čaká sa.... S 2.6 jadrom ide všetko OK. Možno bude chyba v
> > nejakom driveri ku sieť. kartám. Mám v stroji 2 realteky a 2 inteli.
> >
> > Požadované výpisy:
> > root ~ # ifconfig;route -n; iptables -t nat -L -n; iptables -L -n;
> >>~/iptables.txt
> > eth0 Link encap:Ethernet HWaddr 68:05:ca:00:75:48
> > inet addr:194.160.126.98 Bcast:194.160.126.111
> > Mask:255.255.255.240
> > inet6 addr: fe80::6a05:caff:fe00:7548/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:17055 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:11985 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:16491343 (15.7 MiB) TX bytes:2444911 (2.3 MiB)
> > Interrupt:18 Memory:fb2c0000-fb2e0000
> >
> > eth1 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
> > inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:325 errors:0 dropped:1 overruns:0 frame:0
> > TX packets:194 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:25882 (25.2 KiB) TX bytes:31572 (30.8 KiB)
> > Interrupt:41 Base address:0x2000
> >
> > eth3 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2
> > inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
> > inet6 addr: fe80::21b:21ff:fed2:a4a2/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:12010 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:16780 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:2337538 (2.2 MiB) TX bytes:16554598 (15.7 MiB)
> > Interrupt:16 Memory:fb4c0000-fb4e0000
> >
> > eth3:0 Link encap:Ethernet HWaddr 00:1b:21:d2:a4:a2
> > inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > Interrupt:16 Memory:fb4c0000-fb4e0000
> >
> > eth4 Link encap:Ethernet HWaddr 8c:89:a5:16:b3:32
> > inet addr:192.168.177.55 Bcast:192.168.177.255
> > Mask:255.255.255.0
> > inet6 addr: fe80::8e89:a5ff:fe16:b332/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:1000
> > RX bytes:0 (0.0 B) TX bytes:6774 (6.6 KiB)
> > Interrupt:42 Base address:0x6000
> >
> > eth1.10 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
> > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> > inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:299 errors:0 dropped:2 overruns:0 frame:0
> > TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:18352 (17.9 KiB) TX bytes:20913 (20.4 KiB)
> >
> > eth1.20 Link encap:Ethernet HWaddr 80:1f:02:2f:3c:e2
> > inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
> > inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:18 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:1444 (1.4 KiB) TX bytes:7066 (6.9 KiB)
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > inet6 addr: ::1/128 Scope:Host
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:1611 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:1611 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:185915 (181.5 KiB) TX bytes:185915 (181.5 KiB)
> >
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 0.0.0.0 194.160.126.97 0.0.0.0 UG 0 0 0
> eth0
> > 172.30.126.0 192.168.177.1 255.255.255.0 UG 0 0 0
> eth4
> > 192.168.0.31 192.168.177.1 255.255.255.255 UGH 0 0 0
> eth4
> > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> > eth1.10
> > 192.168.1.121 192.168.177.1 255.255.255.255 UGH 0 0 0
> eth4
> > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
> > eth1.20
> > 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth3
> > 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth3
> > 192.168.29.4 192.168.177.1 255.255.255.255 UGH 0 0 0
> eth4
> > 192.168.29.10 192.168.177.1 255.255.255.255 UGH 0 0 0
> eth4
> > 192.168.29.12 192.168.177.1 255.255.255.255 UGH 0 0 0
> eth4
> > 192.168.177.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth4
> > 194.160.126.96 0.0.0.0 255.255.255.240 U 0 0 0
> eth0
> > Chain PREROUTING (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target prot opt source destination
> > MASQUERADE all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> > <http://0.0.0.0/0>
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> > <http://0.0.0.0/0> state RELATED,ESTABLISHED
> > ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> > <http://0.0.0.0/0>
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> >
> > Dňa 23. júla 2014 10:44, riki <phobie at axfr.org <mailto:phobie at axfr.org>>
> > napísal(-a):
> >
> > Ahoj,
> >
> > skus vypnut net.ipv4.tcp_ecn, myslim ze v 3.x je zapnuta defaultne.
> Skus
> > rovnako vypnut rp_filter.
> >
> > Ak nepomoze posli vystup z ifconfig;route -n; iptables -t nat -L
> > -n;iptables -L -n;
> >
> > r.
> >
> > On 07/23/2014 08:56 AM, Juraj Remenec wrote:
> > > Zdravim.
> > > Prosim vas. Pisem sem, snad mi budete vediet narychlo poradit.
> > > Ja som z toho uz nacisto zufaly.
> > >
> > > Som prilis vytazeny. Uz nejaky ten rok necitam ziadne changelogs k
> > > updatom z Debianu a asi teraz na to doplacam.
> > > Poslednym apt-get upgrade sa mi do servera dostal kernel 3.2.0.
> > >
> > > Vsetko funguje OK az na IPTABLES!!
> > > Ide ma z toho URVAT. Lebo je to taka chyba, no neviem ako na nu
> > priznam sa.
> > > Na serveri pouzivam masquerade a forwarding z lokalnej siete
> > > 192.168.1.0/24 <http://192.168.1.0/24> <http://192.168.1.0/24> =>
> > do siete poskytovatela. Vsetko
> > > fungovalo OK. Po poslednom upgrade som si vsimol, ze prestalo
> > nacitavat
> > > stranky ako www.facebook.com <http://www.facebook.com>
> > <http://www.facebook.com>. Alebo
> > > www.cnn.com <http://www.cnn.com> <http://www.cnn.com>. Alebo aj
> > "cuduj sa" www.sex.sk <http://www.sex.sk>
> > > <http://www.sex.sk> (presmeruvava na nejaky jasmine.com
> > <http://jasmine.com>
> > > <http://jasmine.com>).
> > > Proste koliesko na prehliadaci sa toci, toci a toci a nic. Ani
> ziadna
> > > info o timeoute ani nic.
> > >
> > >
> > > Ak vsak na serveri spustim starsi kernel 2.6.x tak opat vsetko
> funguje
> > > ako MA.
> > > A tak by ma zaujimalo, ake zmeny nastali v IP forwardingu v kerneli
> > > nastupom novej rady 3.x.
> > >
> > > Viete niekto nieco o tomto??
> > > Budem vdacny za akykolvek tip.
> > > J.
> > >
> > >
> > > _______________________________________________
> > > https://lists.linux.sk/mailman/listinfo/linux
> > > Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> > >
> > _______________________________________________
> > https://lists.linux.sk/mailman/listinfo/linux
> > Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> >
> >
> >
> >
> > _______________________________________________
> > https://lists.linux.sk/mailman/listinfo/linux
> > Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> >
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.sk/pipermail/linux/attachments/20140723/1edb4baf/attachment-0001.html>
Další informace o konferenci linux