[linux] Debian zmeny v jadre

Středa Červenec 23 13:11:00 CEST 2014

vyskusam to zajtra a dam urcite vediet.
Vdaka.

Dňa 23. júla 2014 11:54, riki <phobie at axfr.org> napísal(-a):

> Ahoj,
>
> echo 1  > /proc/sys/net/ipv4/ip_no_pmtu_disc
> echo 2  > /proc/sys/net/ipv4/tcp_ecn
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Pripadne pingom prever, aky najvacsi ping ti prejde, defaultne posiela
> male pakety. Je mozne ze po ceste je nieco zle a tcp window size si
> dohodnes vacsi ako je MTU na ceste.
>
> r.
>
>
>
>
> On 07/23/2014 11:17 AM, Juraj Remenec wrote:
> > Vďaka za tip ale zmeny nepomohli. rp_filter bol vypnutý. Ten prvý tcp...
> > som vypol ale bez úspechu.
> >
> >
> > Chcem iba povedať, že je to veľmi divné. Slovenské sajty chodia väčšinou
> > dobre. Aj niektoré zahraničné. Ale niektoré ďalšie ku podivu nie aj keď
> > pingovať idú...
> > Proste len Čaká sa....  S 2.6 jadrom ide všetko OK. Možno bude chyba v
> > nejakom driveri ku sieť. kartám. Mám v stroji 2 realteky a 2 inteli.
> >
> > Požadované výpisy:
> > root ~ # ifconfig;route -n; iptables -t nat -L -n; iptables -L -n;
> >>~/iptables.txt
> > eth0      Link encap:Ethernet  HWaddr 68:05:ca:00:75:48
> >           inet addr:194.160.126.98  Bcast:194.160.126.111
> > Mask:255.255.255.240
> >           inet6 addr: fe80::6a05:caff:fe00:7548/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:17055 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:11985 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:16491343 (15.7 MiB)  TX bytes:2444911 (2.3 MiB)
> >           Interrupt:18 Memory:fb2c0000-fb2e0000
> >
> > eth1      Link encap:Ethernet  HWaddr 80:1f:02:2f:3c:e2
> >           inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:325 errors:0 dropped:1 overruns:0 frame:0
> >           TX packets:194 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:25882 (25.2 KiB)  TX bytes:31572 (30.8 KiB)
> >           Interrupt:41 Base address:0x2000
> >
> > eth3      Link encap:Ethernet  HWaddr 00:1b:21:d2:a4:a2
> >           inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
> >           inet6 addr: fe80::21b:21ff:fed2:a4a2/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:12010 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:16780 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:2337538 (2.2 MiB)  TX bytes:16554598 (15.7 MiB)
> >           Interrupt:16 Memory:fb4c0000-fb4e0000
> >
> > eth3:0    Link encap:Ethernet  HWaddr 00:1b:21:d2:a4:a2
> >           inet addr:192.168.4.1  Bcast:192.168.4.255  Mask:255.255.255.0
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           Interrupt:16 Memory:fb4c0000-fb4e0000
> >
> > eth4      Link encap:Ethernet  HWaddr 8c:89:a5:16:b3:32
> >           inet addr:192.168.177.55  Bcast:192.168.177.255
> > Mask:255.255.255.0
> >           inet6 addr: fe80::8e89:a5ff:fe16:b332/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:0 (0.0 B)  TX bytes:6774 (6.6 KiB)
> >           Interrupt:42 Base address:0x6000
> >
> > eth1.10   Link encap:Ethernet  HWaddr 80:1f:02:2f:3c:e2
> >           inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
> >           inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:299 errors:0 dropped:2 overruns:0 frame:0
> >           TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:18352 (17.9 KiB)  TX bytes:20913 (20.4 KiB)
> >
> > eth1.20   Link encap:Ethernet  HWaddr 80:1f:02:2f:3c:e2
> >           inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
> >           inet6 addr: fe80::821f:2ff:fe2f:3ce2/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:18 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:1444 (1.4 KiB)  TX bytes:7066 (6.9 KiB)
> >
> > lo        Link encap:Local Loopback
> >           inet addr:127.0.0.1  Mask:255.0.0.0
> >           inet6 addr: ::1/128 Scope:Host
> >           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >           RX packets:1611 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:1611 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:185915 (181.5 KiB)  TX bytes:185915 (181.5 KiB)
> >
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use
> > Iface
> > 0.0.0.0         194.160.126.97  0.0.0.0         UG    0      0        0
> eth0
> > 172.30.126.0    192.168.177.1   255.255.255.0   UG    0      0        0
> eth4
> > 192.168.0.31    192.168.177.1   255.255.255.255 UGH   0      0        0
> eth4
> > 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0
> > eth1.10
> > 192.168.1.121   192.168.177.1   255.255.255.255 UGH   0      0        0
> eth4
> > 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0
> > eth1.20
> > 192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0
> eth3
> > 192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0
> eth3
> > 192.168.29.4    192.168.177.1   255.255.255.255 UGH   0      0        0
> eth4
> > 192.168.29.10   192.168.177.1   255.255.255.255 UGH   0      0        0
> eth4
> > 192.168.29.12   192.168.177.1   255.255.255.255 UGH   0      0        0
> eth4
> > 192.168.177.0   0.0.0.0         255.255.255.0   U     0      0        0
> eth4
> > 194.160.126.96  0.0.0.0         255.255.255.240 U     0      0        0
> eth0
> > Chain PREROUTING (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target     prot opt source               destination
> > MASQUERADE  all  --  0.0.0.0/0 <http://0.0.0.0/0>            0.0.0.0/0
> > <http://0.0.0.0/0>
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> > ACCEPT     all  --  0.0.0.0/0 <http://0.0.0.0/0>            0.0.0.0/0
> > <http://0.0.0.0/0>            state RELATED,ESTABLISHED
> > ACCEPT     all  --  0.0.0.0/0 <http://0.0.0.0/0>            0.0.0.0/0
> > <http://0.0.0.0/0>
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> >
> > Dňa 23. júla 2014 10:44, riki <phobie at axfr.org <mailto:phobie at axfr.org>>
> > napísal(-a):
> >
> >     Ahoj,
> >
> >     skus vypnut net.ipv4.tcp_ecn, myslim ze v 3.x je zapnuta defaultne.
> Skus
> >     rovnako vypnut rp_filter.
> >
> >     Ak nepomoze posli vystup z ifconfig;route -n; iptables -t nat -L
> >     -n;iptables -L -n;
> >
> >     r.
> >
> >     On 07/23/2014 08:56 AM, Juraj Remenec wrote:
> >     > Zdravim.
> >     > Prosim vas. Pisem sem, snad mi budete vediet narychlo poradit.
> >     > Ja som z toho uz nacisto zufaly.
> >     >
> >     > Som prilis vytazeny. Uz nejaky ten rok necitam ziadne changelogs k
> >     > updatom z Debianu a asi teraz na to doplacam.
> >     > Poslednym apt-get upgrade sa mi do servera dostal kernel 3.2.0.
> >     >
> >     > Vsetko funguje OK az na IPTABLES!!
> >     > Ide ma z toho URVAT. Lebo je to taka chyba, no neviem ako na nu
> >     priznam sa.
> >     > Na serveri pouzivam masquerade a forwarding z lokalnej siete
> >     > 192.168.1.0/24 <http://192.168.1.0/24> <http://192.168.1.0/24> =>
> >     do siete poskytovatela. Vsetko
> >     > fungovalo OK. Po poslednom upgrade som si vsimol, ze prestalo
> >     nacitavat
> >     > stranky ako www.facebook.com <http://www.facebook.com>
> >     <http://www.facebook.com>. Alebo
> >     > www.cnn.com <http://www.cnn.com> <http://www.cnn.com>.  Alebo aj
> >     "cuduj sa" www.sex.sk <http://www.sex.sk>
> >     > <http://www.sex.sk> (presmeruvava na nejaky jasmine.com
> >     <http://jasmine.com>
> >     > <http://jasmine.com>).
> >     > Proste koliesko na prehliadaci sa toci, toci a toci a nic. Ani
> ziadna
> >     > info o timeoute ani nic.
> >     >
> >     >
> >     > Ak vsak na serveri spustim starsi kernel 2.6.x tak opat vsetko
> funguje
> >     > ako MA.
> >     > A tak by ma zaujimalo, ake zmeny nastali v IP forwardingu v kerneli
> >     > nastupom novej rady 3.x.
> >     >
> >     > Viete niekto nieco o tomto??
> >     > Budem vdacny za akykolvek tip.
> >     > J.
> >     >
> >     >
> >     > _______________________________________________
> >     > https://lists.linux.sk/mailman/listinfo/linux
> >     > Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> >     >
> >     _______________________________________________
> >     https://lists.linux.sk/mailman/listinfo/linux
> >     Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> >
> >
> >
> >
> > _______________________________________________
> > https://lists.linux.sk/mailman/listinfo/linux
> > Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
> >
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.sk/pipermail/linux/attachments/20140723/1edb4baf/attachment-0001.html>