Re: iptables freeze

All of lore.kernel.org
 help / color / mirror / Atom feed

* Re: iptables freeze
  2004-07-06 22:40 [arny@arny.ro: [netfilter-core] iptables.] Harald Welte
@ 2004-07-07  9:29 ` KOVACS Krisztian
       [not found]   ` <38713.83.103.143.1.1089194587.squirrel@83.103.143.1>
  0 siblings, 1 reply; 7+ messages in thread
From: KOVACS Krisztian @ 2004-07-07  9:29 UTC (permalink / raw)
  To: arny; +Cc: Netfilter Development Mailinglist


  Hi,

2004-07-07, sze keltezéssel 00:40-kor Harald Welte ezt írta:
> I have a p4 2,8 HT PC with slackware 9.1, kernel 2.6.7 SMP, runing
> squid(transparent proxy)+ firewall+routing. The trafic is 1M for 300
> clients.
> Sometimes the box freez. When is restarted i got this messages and after 3
> minutes it freez again. Maybe is a harware problem but i dont khow waht is
> exactly. I fallow the logs and i got this.
>
> Jul  6 00:41:51 gw kernel: LIST_DELETE:
> net/ipv4/netfilter/ip_conntrack_core.c:300
> `&ct->tuplehash[IP_CT_DIR_REPLY]'(f63
> 7a224) not in &ip_conntrack_hash[hr].
> Jul  6 00:41:51 gw kernel: LIST_DELETE:
> net/ipv4/netfilter/ip_conntrack_core.c:300
> `&ct->tuplehash[IP_CT_DIR_REPLY]'(f64
> f3824) not in &ip_conntrack_hash[hr].

  This looks just like the symptoms of an old bug, however, which should
not occur with 2.6.7... (It was caused by NAT changing the reply tuple
of an already hashed connection.) Just to make sure, could you provide
us your kernel config? Is 'NAT of local connections' enabled? It not,
can you try with that?

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: iptables freeze
       [not found]   ` <38713.83.103.143.1.1089194587.squirrel@83.103.143.1>
@ 2004-07-07 10:11     ` KOVACS Krisztian
       [not found]       ` <46146.193.231.247.183.1089198052.squirrel@193.231.247.183>
  0 siblings, 1 reply; 7+ messages in thread
From: KOVACS Krisztian @ 2004-07-07 10:11 UTC (permalink / raw)
  To: arny; +Cc: netfilter-devel


  Hi,

2004-07-07, sze keltezéssel 12:03-kor arny ezt írta:
> I have attached the actual config file.

  Ok, so you have local NAT enabled. Which modules do you have loaded?
And please provide an overview of your ruleset. Do you REDIRECT any
traffic?

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: iptables freeze
       [not found]       ` <46146.193.231.247.183.1089198052.squirrel@193.231.247.183>
@ 2004-07-07 11:06         ` KOVACS Krisztian
       [not found]           ` <46217.193.231.247.183.1089198860.squirrel@193.231.247.183>
  0 siblings, 1 reply; 7+ messages in thread
From: KOVACS Krisztian @ 2004-07-07 11:06 UTC (permalink / raw)
  To: arny; +Cc: netfilter-devel


  Hi,

2004-07-07, sze keltezéssel 13:00-kor arny ezt írta:
> Yes, i have transparent proxy on that server, i have 2 LAN`s, eth1 1 with
> 30 computers, and the second LAN eth2 with ~300 computers. All HTTP trafic
> from lans are redirected to the eth1 IP port 3128 and eth2 port 3128.
> 
> Here are the modules:
> arny@gw:~$ lsmod
> Module                  Size  Used by
> ipt_mac                 3712  4
> ipt_REJECT              7936  5
> ipt_REDIRECT            3968  2
> iptable_mangle          4608  1
> iptable_nat            33956  2 ipt_REDIRECT
> iptable_filter          4608  1
> ip_tables              22672  6
> ipt_mac,ipt_REJECT,ipt_REDIRECT,iptable_mangle,iptable_nat,iptable_filter

  Ok, thanks for the information. Do you know of any kernel version
which did not have this problem?

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: iptables freeze
       [not found]           ` <46217.193.231.247.183.1089198860.squirrel@193.231.247.183>
@ 2004-07-07 11:16             ` KOVACS Krisztian
  0 siblings, 0 replies; 7+ messages in thread
From: KOVACS Krisztian @ 2004-07-07 11:16 UTC (permalink / raw)
  To: arny; +Cc: netfilter-devel


  Hi,

2004-07-07, sze keltezéssel 13:14-kor arny ezt írta:
> I think 2.4.26, i`m not sure. I will try it later and i will send you
> e-mail if i find something.

  Ok, thanks. It would be especially useful if we could figure out the
exact version of the kernel which introduced the bug.

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: iptables freeze
@ 2004-07-08 22:52 arny
  2004-07-10  9:37 ` arny
  0 siblings, 1 reply; 7+ messages in thread
From: arny @ 2004-07-08 22:52 UTC (permalink / raw)
  To: hidden; +Cc: netfilter-devel

Hi folks.

I installed  slackware packages:
kernel-ide-2.4.26-i486-4.tgz, kernel-source-2.4.26-noarch-4.tgz
kernel-modules-2.4.26-i486-3.tgz and kernel-headers-2.4.26-i386-3 and
reboot. This is the precompiled kernel from the latest slackware. The
kernel not have SMP suport.

Success! first step was passed. It work, the box not freez! the next step
is start squid+firewall.
Yep it`s working, everithing is started. Now the final test.
After reboot the box with 2.6.7 it freeze. Let`s see if the 2.4.26 it`s
OK. Right now i have 129 pc online and 40 users connected to cache.
Reboot.
The box not responding to ping and the internet is down. All services
started without errors.
 Found the problem. I start firewall after  packet  forwarding. Changed,
first start firewall and then packet forwarding.
 WORKING. The box is booting without errors and not freez anymore.
Now let see after 24H if it is OK.

P.S. sorry 4 my english.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: iptables freeze
  2004-07-08 22:52 iptables freeze arny
@ 2004-07-10  9:37 ` arny
  2004-07-10 10:17   ` Victor Julien
  0 siblings, 1 reply; 7+ messages in thread
From: arny @ 2004-07-10  9:37 UTC (permalink / raw)
  To: netfilter-devel

>  WORKING. The box is booting without errors and not freez anymore.
> Now let see after 24H if it is OK.

The box freeze again but nothing in logs about iptables. I think the
memory is bad.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: iptables freeze
  2004-07-10  9:37 ` arny
@ 2004-07-10 10:17   ` Victor Julien
  0 siblings, 0 replies; 7+ messages in thread
From: Victor Julien @ 2004-07-10 10:17 UTC (permalink / raw)
  To: netfilter-devel; +Cc: arny

On Saturday 10 July 2004 11:37, arny wrote:
> >  WORKING. The box is booting without errors and not freez anymore.
> > Now let see after 24H if it is OK.
>
> The box freeze again but nothing in logs about iptables. I think the
> memory is bad.

You can test your memory with memtest86.

http://www.memtest86.com/

Regards,
Victor

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2004-07-10 10:17 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-08 22:52 iptables freeze arny
2004-07-10  9:37 ` arny
2004-07-10 10:17   ` Victor Julien
  -- strict thread matches above, loose matches on Subject: below --
2004-07-06 22:40 [arny@arny.ro: [netfilter-core] iptables.] Harald Welte
2004-07-07  9:29 ` iptables freeze KOVACS Krisztian
     [not found]   ` <38713.83.103.143.1.1089194587.squirrel@83.103.143.1>
2004-07-07 10:11     ` KOVACS Krisztian
     [not found]       ` <46146.193.231.247.183.1089198052.squirrel@193.231.247.183>
2004-07-07 11:06         ` KOVACS Krisztian
     [not found]           ` <46217.193.231.247.183.1089198860.squirrel@193.231.247.183>
2004-07-07 11:16             ` KOVACS Krisztian

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.