[arny@arny.ro: [netfilter-core] iptables.]

All of lore.kernel.org
 help / color / mirror / Atom feed

* [arny@arny.ro: [netfilter-core] iptables.]
@ 2004-07-06 22:40 Harald Welte
  2004-07-07  9:29 ` iptables freeze KOVACS Krisztian
  0 siblings, 1 reply; 5+ messages in thread
From: Harald Welte @ 2004-07-06 22:40 UTC (permalink / raw)
  To: Netfilter Development Mailinglist

[-- Attachment #1.1: Type: text/plain, Size: 373 bytes --]

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #1.2: Type: message/rfc822, Size: 3859 bytes --]

From: "arny" <arny@arny.ro>
To: coreteam@netfilter.org
Subject: [netfilter-core] iptables.
Date: Tue, 6 Jul 2004 23:28:06 +0300 (EEST)
Message-ID: <47239.83.103.143.1.1089145686.squirrel@83.103.143.1>

Hi.
I have a p4 2,8 HT PC with slackware 9.1, kernel 2.6.7 SMP, runing
squid(transparent proxy)+ firewall+routing. The trafic is 1M for 300
clients.
Sometimes the box freez. When is restarted i got this messages and after 3
minutes it freez again. Maybe is a harware problem but i dont khow waht is
exactly. I fallow the logs and i got this.

Thx
arny

Jul  6 00:41:51 gw kernel: LIST_DELETE:
net/ipv4/netfilter/ip_conntrack_core.c:300
`&ct->tuplehash[IP_CT_DIR_REPLY]'(f63
7a224) not in &ip_conntrack_hash[hr].
Jul  6 00:41:51 gw kernel: LIST_DELETE:
net/ipv4/netfilter/ip_conntrack_core.c:300
`&ct->tuplehash[IP_CT_DIR_REPLY]'(f64
f3824) not in &ip_conntrack_hash[hr].
Jul  6 00:41:54 gw kernel: LIST_DELETE:
net/ipv4/netfilter/ip_conntrack_core.c:300
`&ct->tuplehash[IP_CT_DIR_REPLY]'(f63
7a6a4) not in &ip_conntrack_hash[hr].
Jul  6 00:41:54 gw kernel: LIST_DELETE:
net/ipv4/netfilter/ip_conntrack_core.c:300
`&ct->tuplehash[IP_CT_DIR_REPLY]'(f63
7a524) not in &ip_conntrack_hash[hr].
Jul  6 00:46:36 gw syslogd 1.4.1: restart.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: iptables freeze
  2004-07-06 22:40 [arny@arny.ro: [netfilter-core] iptables.] Harald Welte
@ 2004-07-07  9:29 ` KOVACS Krisztian
       [not found]   ` <38713.83.103.143.1.1089194587.squirrel@83.103.143.1>
  0 siblings, 1 reply; 5+ messages in thread
From: KOVACS Krisztian @ 2004-07-07  9:29 UTC (permalink / raw)
  To: arny; +Cc: Netfilter Development Mailinglist


  Hi,

2004-07-07, sze keltezéssel 00:40-kor Harald Welte ezt írta:
> I have a p4 2,8 HT PC with slackware 9.1, kernel 2.6.7 SMP, runing
> squid(transparent proxy)+ firewall+routing. The trafic is 1M for 300
> clients.
> Sometimes the box freez. When is restarted i got this messages and after 3
> minutes it freez again. Maybe is a harware problem but i dont khow waht is
> exactly. I fallow the logs and i got this.
>
> Jul  6 00:41:51 gw kernel: LIST_DELETE:
> net/ipv4/netfilter/ip_conntrack_core.c:300
> `&ct->tuplehash[IP_CT_DIR_REPLY]'(f63
> 7a224) not in &ip_conntrack_hash[hr].
> Jul  6 00:41:51 gw kernel: LIST_DELETE:
> net/ipv4/netfilter/ip_conntrack_core.c:300
> `&ct->tuplehash[IP_CT_DIR_REPLY]'(f64
> f3824) not in &ip_conntrack_hash[hr].

  This looks just like the symptoms of an old bug, however, which should
not occur with 2.6.7... (It was caused by NAT changing the reply tuple
of an already hashed connection.) Just to make sure, could you provide
us your kernel config? Is 'NAT of local connections' enabled? It not,
can you try with that?

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 5+ messages in thread

[parent not found: <38713.83.103.143.1.1089194587.squirrel@83.103.143.1>]

* Re: iptables freeze
       [not found]   ` <38713.83.103.143.1.1089194587.squirrel@83.103.143.1>
@ 2004-07-07 10:11     ` KOVACS Krisztian
       [not found]       ` <46146.193.231.247.183.1089198052.squirrel@193.231.247.183>
  0 siblings, 1 reply; 5+ messages in thread
From: KOVACS Krisztian @ 2004-07-07 10:11 UTC (permalink / raw)
  To: arny; +Cc: netfilter-devel


  Hi,

2004-07-07, sze keltezéssel 12:03-kor arny ezt írta:
> I have attached the actual config file.

  Ok, so you have local NAT enabled. Which modules do you have loaded?
And please provide an overview of your ruleset. Do you REDIRECT any
traffic?

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 5+ messages in thread

[parent not found: <46146.193.231.247.183.1089198052.squirrel@193.231.247.183>]

* Re: iptables freeze
       [not found]       ` <46146.193.231.247.183.1089198052.squirrel@193.231.247.183>
@ 2004-07-07 11:06         ` KOVACS Krisztian
       [not found]           ` <46217.193.231.247.183.1089198860.squirrel@193.231.247.183>
  0 siblings, 1 reply; 5+ messages in thread
From: KOVACS Krisztian @ 2004-07-07 11:06 UTC (permalink / raw)
  To: arny; +Cc: netfilter-devel


  Hi,

2004-07-07, sze keltezéssel 13:00-kor arny ezt írta:
> Yes, i have transparent proxy on that server, i have 2 LAN`s, eth1 1 with
> 30 computers, and the second LAN eth2 with ~300 computers. All HTTP trafic
> from lans are redirected to the eth1 IP port 3128 and eth2 port 3128.
> 
> Here are the modules:
> arny@gw:~$ lsmod
> Module                  Size  Used by
> ipt_mac                 3712  4
> ipt_REJECT              7936  5
> ipt_REDIRECT            3968  2
> iptable_mangle          4608  1
> iptable_nat            33956  2 ipt_REDIRECT
> iptable_filter          4608  1
> ip_tables              22672  6
> ipt_mac,ipt_REJECT,ipt_REDIRECT,iptable_mangle,iptable_nat,iptable_filter

  Ok, thanks for the information. Do you know of any kernel version
which did not have this problem?

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 5+ messages in thread

[parent not found: <46217.193.231.247.183.1089198860.squirrel@193.231.247.183>]

* Re: iptables freeze
       [not found]           ` <46217.193.231.247.183.1089198860.squirrel@193.231.247.183>
@ 2004-07-07 11:16             ` KOVACS Krisztian
  0 siblings, 0 replies; 5+ messages in thread
From: KOVACS Krisztian @ 2004-07-07 11:16 UTC (permalink / raw)
  To: arny; +Cc: netfilter-devel


  Hi,

2004-07-07, sze keltezéssel 13:14-kor arny ezt írta:
> I think 2.4.26, i`m not sure. I will try it later and i will send you
> e-mail if i find something.

  Ok, thanks. It would be especially useful if we could figure out the
exact version of the kernel which introduced the bug.

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2004-07-07 11:16 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-06 22:40 [arny@arny.ro: [netfilter-core] iptables.] Harald Welte
2004-07-07  9:29 ` iptables freeze KOVACS Krisztian
     [not found]   ` <38713.83.103.143.1.1089194587.squirrel@83.103.143.1>
2004-07-07 10:11     ` KOVACS Krisztian
     [not found]       ` <46146.193.231.247.183.1089198052.squirrel@193.231.247.183>
2004-07-07 11:06         ` KOVACS Krisztian
     [not found]           ` <46217.193.231.247.183.1089198860.squirrel@193.231.247.183>
2004-07-07 11:16             ` KOVACS Krisztian

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.