Neighbour table overflow

Neighbour table overflow

[Daniel Furse]

Hi all,

I am getting 'neighbour table overflow' when I try to mount a root
filesystem
via NFS. Eventually the kernel panics and resets.

The NFS server is working correctly, I have verified by mounting on another
linux box.

When linux tries to mount the nfs root filesystem, the activity LED on the
ethernet port on the card stops flashing, this implies that something has
clobbered the phy? Does anyone have any suggestions?

Many thanks,

Dan Furse

** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/

RE: Neighbour table overflow

[Daniel Furse]

I just tried a clean build, but the result is the same.

When I built the kernel, I used TQM860L_config and make oldconfig, then
edited some values with menuconfig (processor speed 80Mhz,ext2 support).

Is there anything else that I should change?

Dan

ppcboot 0.7.3 (Jan 19 2001 - 11:22:19)

Initializing...
  CPU:   XPC860xxZPnnD3 at 80 MHz: 4 kB I-Cache 4 kB D-Cache FEC present
  Board: ### No HW ID - assuming TQM8xxL
  DRAM:  16 MB
  FLASH:  8 MB
  In:    serial
  Out:   serial
  Err:   serial

=> bootp;setenv bootargs init=/bin/bash root=/dev/nfs rw
nfsroot=$(serverip):$(r
ootpath)
ip=$(ipaddr):$(serverip):$(gatewayip):$(netmask):$(hostname)::off;bootm
BOOTP broadcast 1
ARP broadcast 1
TFTP from server 159.75.55.94; our IP address is 159.75.55.219
Filename '/tftpboot/pImage-TQM860L'.
Load address: 0x100000
Loading:
#######################################################################
####
done
## Booting Linux kernel at 00100000 ...
   Image Name:   2.2.14 for TQM860L
   Image Type:   PowerPC Linux Kernel Image (gzip compressed)
   Data Size:    381908 Bytes = 372 kB = 0 MB
   Load Address: 00000000
   Entry Point:  0000000c
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK
Linux version 2.2.14 (danf@gambit.iptest.com) (gcc version 2.95.2 19991024
(rele
ase)) #11 Mon Jan 22 13:39:11 GMT 2001
Boot arguments: init=/bin/bash root=/dev/nfs rw nfsroot=159.75.55.94:
ip=159.75.
55.219:159.75.55.94::255.255.255.0:tqmboard::off
time_init: decrementer frequency = 300000000/60
Calibrating delay loop... 79.67 BogoMIPS
Memory: 15208k available (700k kernel code, 444k data, 32k init)
[c0000000,c1000
000]
Dentry hash table entries: 2048 (order 2, 16k)
Buffer cache hash table entries: 16384 (order 4, 64k)
Page cache hash table entries: 4096 (order 2, 16k)
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.2
Based upon Swansea University Computer Society NET3.039
NET4: Unix domain sockets 1.0 for Linux NET4.0.
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
TCP: Hash tables configured (ehash 16384 bhash 16384)
Starting kswapd v 1.5
CPM UART driver version 0.03
ttyS00 at 0x0280 is a SMC
ttyS01 at 0x0380 is a SMC
ttyS02 at 0x0100 is a SCC
ttyS03 at 0x0200 is a SCC
pty: 256 Unix98 ptys configured
Found 2x16bit 4Mbyte CFI flash device of type AMD/Fujitsu standard at
40000000
registered flash device /dev/flash0
Found 2x16bit 4Mbyte CFI flash device of type AMD/Fujitsu standard at
40400000
registered flash device /dev/flash1
eth0: CPM ENET Version 0.2 on SCC1, 00:00:f8:51:78:10
Looking up port of RPC 100003/2 on 159.75.55.94			<----- By
this point the LED
neighbour table overflow
on the eth port is off
neighbour table overflow
neighbour table overflow
neighbour table overflow
portmap: server 159.75.55.94 not responding, timed out
Root-NFS: Unable to get nfsd port number from server, using default
Looking up port of RPC 100005/1 on 159.75.55.94
neighbour table overflow
neighbour table overflow
neighbour table overflow
neighbour table overflow
portmap: server 159.75.55.94 not responding, timed out
Root-NFS: Unable to get mountd port number from server, using default
neighbour table overflow
neighbour table overflow
neighbour table overflow
neighbour table overflow
mount: server 159.75.55.94 not responding, timed out
Root-NFS: Server returned error -5 while mounting /tftpboot/tqmboard
VFS: Unable to mount root fs via NFS, trying floppy.
request_module[block-major-2]: Root fs not mounted
VFS: Cannot open root device 02:00
Kernel panic: VFS: Unable to mount root fs on 02:00
Rebooting in 180 seconds..


** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/

Re: Neighbour table overflow

[Wolfgang Denk]

In message <0D9416AE7F95D411A8710008C7332F3F054382@GUILDFORD4_NT> you wrote:
>
> Is there anything else that I should change?

No.

> => bootp;setenv bootargs init=/bin/bash root=/dev/nfs rw nfsroot=$(serverip):$(rootpath) ip=$(ipaddr):$(serverip):$(gatewayip):$(netmask):$(hostname)::off;bootm
> BOOTP broadcast 1
> ARP broadcast 1
> TFTP from server 159.75.55.94; our IP address is 159.75.55.219
> Filename '/tftpboot/pImage-TQM860L'.
> Load address: 0x100000
> Loading:
> #######################################################################
> ####

You can be sure the hardware's working.

> Boot arguments: init=/bin/bash root=/dev/nfs rw nfsroot=159.75.55.94:
> ip=159.75.
> 55.219:159.75.55.94::255.255.255.0:tqmboard::off

I don't see any root path here.

Please  run  the  "bootp"  command  manually,  and  check  thet   the
"rootpath"  environment  variable  is  set after it. If it's missing,
check your BOOTP server configuration.

Wolfgang Denk

--
Software Engineering:  Embedded and Realtime Systems,  Embedded Linux
Phone: (+49)-8142-4596-87  Fax: (+49)-8142-4596-88  Email: wd@denx.de
Visit us at Embedded Systems: Feb 14-16 2001, Nuremberg, Halle 12/K01
(with TQ Components); our presentation "Starke Zwerge: Embedded Linux
auf PowerPC-Systemen" on Thursday, Feb 15 2001, 13:30 Forum Halle 11.

** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/

Re: Neighbour table overflow

[Ard van Breemen]

On Tue, Nov 26, 2002 at 12:39:41PM -0600, g_netfilter@netfids.com wrote:
> Friends, I have some logs like this:
> 
> Nov 26 11:29:46 firewall kernel: NET: 96 messages suppressed.
> Nov 26 11:29:46 firewall kernel: Neighbour table overflow.
> Nov 26 11:29:52 firewall kernel: NET: 52 messages suppressed.
> Nov 26 11:29:52 firewall kernel: Neighbour table overflow.
> Nov 26 11:29:56 firewall kernel: NET: 83 messages suppressed.
> Nov 26 11:29:56 firewall kernel: Neighbour table overflow.
> Nov 26 11:30:08 firewall kernel: NET: 19 messages suppressed.
> Nov 26 11:30:08 firewall kernel: Neighbour table overflow.
> 
> Im running Red Hat 7.3 kernel 2.4.18-3 and iptables 1.2.5-3, please could
> you tell me if those logs are showing some attempts of attacks?
First of all: this has nothing to do with netfilter, just with
the routing and cacheing of the routes.

I guess that you have an internet connection, serving a lot of
different IP's, *and* that this system sees more than 128
different mac addresses, right?

I used to fix it by raising the gc_thresh1 over the amount of mac
addressess I normally would see:
echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh1

This is what I think happens:
All the routing information is cached on an IP-IP pair basis.
Part of the information is the *destination* mac address.
A new entry in the routing-cache will lock the neighbour entry in
the neighbour table (mac address table) cache by upping it's
usage counters.
So for every new source ip to a common local ip, the mac address
of that local-ip will be locked for every new ip.

If you have more than /proc/sys/net/ipv4/neigh/default/gc_thresh1
in the neighbour table, the garbage collector will try to free
entries in the neighbour table.

(From this point on I am just guessing and trying to understand
the source code:)
If I am correct, it will mark entries to be freed, so that they
wont be used anymore. So to be able to use a specific destination
again, it needs to make a new entry in the neighbour table. So
instead of cleaning up the tables, your neighbour (arp) table
will be filled fast if you see more new source ip's than that old
neighbour entries are discarded by having their usage counts down
to 0.

If somebody else knows the true truth about how it exactly works,
please tell me. I will make notes of it for the lartc so it can
be a FAQ.

-- 
procedure signature;
begin  { telegraaf.com
} writeln('<ard@telegraafnet.nl> SMA-IS | Geeks don't get viruses');
end

Neighbour table overflow

[g_netfilter]

Friends, I have some logs like this:

Nov 26 11:29:46 firewall kernel: NET: 96 messages suppressed.
Nov 26 11:29:46 firewall kernel: Neighbour table overflow.
Nov 26 11:29:52 firewall kernel: NET: 52 messages suppressed.
Nov 26 11:29:52 firewall kernel: Neighbour table overflow.
Nov 26 11:29:56 firewall kernel: NET: 83 messages suppressed.
Nov 26 11:29:56 firewall kernel: Neighbour table overflow.
Nov 26 11:30:08 firewall kernel: NET: 19 messages suppressed.
Nov 26 11:30:08 firewall kernel: Neighbour table overflow.

Im running Red Hat 7.3 kernel 2.4.18-3 and iptables 1.2.5-3, please could
you tell me if those logs are showing some attempts of attacks?

Regards,
Geffrey

Re: Neighbour table overflow

[Arnt Karlsen]

On Tue, 26 Nov 2002 12:39:41 -0600 (CST), 
<g_netfilter@netfids.com> wrote in message 
<35211.200.60.189.231.1038335981.squirrel@www.netfids.com>:

> Im running Red Hat 7.3 kernel 2.4.18-3 and iptables 1.2.5-3, please
> could you tell me if those logs are showing some attempts of attacks?

..easy, prey.  http://rhn.redhat.com/errata/rh73-errata.html

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Re: Neighbour table overflow

[Roberto Nibali]

> (From this point on I am just guessing and trying to understand
> the source code:)
> If I am correct, it will mark entries to be freed, so that they
> wont be used anymore. So to be able to use a specific destination
> again, it needs to make a new entry in the neighbour table. So
> instead of cleaning up the tables, your neighbour (arp) table
> will be filled fast if you see more new source ip's than that old
> neighbour entries are discarded by having their usage counts down
> to 0.

If you haven't already, please take a look at net/core/neighbour.c:neigh_alloc()

          unsigned long now = jiffies;
          if (tbl->entries > tbl->gc_thresh3 ||
              (tbl->entries > tbl->gc_thresh2 &&
               now - tbl->last_flush > 5*HZ)) {
                  if (neigh_forced_gc(tbl) == 0 &&
                      tbl->entries > tbl->gc_thresh3)
                          return NULL;
          }

It's pretty straightforward and should give you everything you need.

> If somebody else knows the true truth about how it exactly works,
> please tell me. I will make notes of it for the lartc so it can
> be a FAQ.

I might write some documents about this because I recently had
someone on the LVS project with the same problems. However, if someone
from the LARTC guys writes it before I do, I won't be disappointed either.

Cheers,
Roberto Nibali, ratz
-- 
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

Neighbour table overflow.

[Dominik Karall]

[-- Attachment #1: Type: text/plain, Size: 622 bytes --]

can anybody explain why i get thousands of "Neighbour table overflow." 
messages? i didn't get such ones with older kernels (~2.6.6).
here is a dmesg output:

printk: 54050 messages suppressed.
Neighbour table overflow.
printk: 10403 messages suppressed.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
Neighbour table overflow.
printk: 58524 messages suppressed.

this couldn't be ok, or?

best regards,
dominik

[-- Attachment #2: Type: application/pgp-signature, Size: 307 bytes --]

Re: Neighbour table overflow.

[Chris Wedgwood]

On Tue, Oct 26, 2004 at 07:39:31PM +0200, Dominik Karall wrote:

> can anybody explain why i get thousands of "Neighbour table
> overflow."  messages? i didn't get such ones with older kernels
> (~2.6.6).

is loopback down?

Re: Neighbour table overflow.

[Ernst Herzberg]

On Tuesday 26 October 2004 19:39, Dominik Karall wrote:
> can anybody explain why i get thousands of "Neighbour table overflow."
> messages? i didn't get such ones with older kernels (~2.6.6).

Do you set a default gateway?

Re: Neighbour table overflow.

[Dominik Karall]

[-- Attachment #1: Type: text/plain, Size: 320 bytes --]

On Tuesday 26 October 2004 23:23, Chris Wedgwood wrote:
> On Tue, Oct 26, 2004 at 07:39:31PM +0200, Dominik Karall wrote:
> > can anybody explain why i get thousands of "Neighbour table
> > overflow."  messages? i didn't get such ones with older kernels
> > (~2.6.6).
>
> is loopback down?

no, loopback is up.

dominik

[-- Attachment #2: Type: application/pgp-signature, Size: 307 bytes --]

Re: Neighbour table overflow.

[Dominik Karall]

[-- Attachment #1: Type: text/plain, Size: 342 bytes --]

On Tuesday 26 October 2004 23:52, Ernst Herzberg wrote:
> On Tuesday 26 October 2004 19:39, Dominik Karall wrote:
> > can anybody explain why i get thousands of "Neighbour table overflow."
> > messages? i didn't get such ones with older kernels (~2.6.6).
>
> Do you set a default gateway?

yes, default gateway is set to our server.

dominik

[-- Attachment #2: Type: application/pgp-signature, Size: 307 bytes --]

Re: Neighbour table overflow.

[David S. Miller]

On Wed, 27 Oct 2004 00:11:26 +0200
Dominik Karall <dominik.karall@gmx.net> wrote:

> On Tuesday 26 October 2004 23:52, Ernst Herzberg wrote:
> > On Tuesday 26 October 2004 19:39, Dominik Karall wrote:
> > > can anybody explain why i get thousands of "Neighbour table overflow."
> > > messages? i didn't get such ones with older kernels (~2.6.6).
> >
> > Do you set a default gateway?
> 
> yes, default gateway is set to our server.

Do you use a large subnet mask?  For example /16 or /8 or
something like that?

If so, you will need to bump up the neighbour table garbage
collection thresholds under /proc/sys/net/ipv4/neight/default/
Specifically gc_thresh1, gc_thresh2, and gc_thresh3

You probably have a huge number of machines on your subnet.

Re: Neighbour table overflow.

[Wichert Akkerman]

Previously David S. Miller wrote:
> You probably have a huge number of machines on your subnet.

I got the same error recently on a router running 5 subnets ranging
from /25 to /26 sizes. More annoyingly the interface stopped working
after that message until I did an ifdown && ifup on it. 

Wichert.

-- 
Wichert Akkerman <wichert@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

Re: Neighbour table overflow.

[Dominik Karall]

[-- Attachment #1: Type: text/plain, Size: 1137 bytes --]

On Wednesday 27 October 2004 01:06, David S. Miller wrote:
> On Wed, 27 Oct 2004 00:11:26 +0200
>
> Dominik Karall <dominik.karall@gmx.net> wrote:
> > On Tuesday 26 October 2004 23:52, Ernst Herzberg wrote:
> > > On Tuesday 26 October 2004 19:39, Dominik Karall wrote:
> > > > can anybody explain why i get thousands of "Neighbour table
> > > > overflow." messages? i didn't get such ones with older kernels
> > > > (~2.6.6).
> > >
> > > Do you set a default gateway?
> >
> > yes, default gateway is set to our server.
>
> Do you use a large subnet mask?  For example /16 or /8 or
> something like that?
>
> If so, you will need to bump up the neighbour table garbage
> collection thresholds under /proc/sys/net/ipv4/neight/default/
> Specifically gc_thresh1, gc_thresh2, and gc_thresh3
>
> You probably have a huge number of machines on your subnet.

the subnet mask is set to 255.255.0.0, and there are machines from 172.16.0.1 
to 172.16.1.254. but not all ips are reserved. there are "only" about 100 
machines in the network.
i will try to change the values of gc_thresh*, maybe it helps. thx!

dominik

[-- Attachment #2: Type: application/pgp-signature, Size: 307 bytes --]

Re: Neighbour table overflow.

[John Pearson]

You may also be the 'victim' of a poorly configured router.

Out-of-the box, Cisco routers come with proxy ARP enabled;
they will reply to ARP requests for any IP they can route,
that isn't routed via the interface they receive an ARP 
request on.  This makes them more 'plug-and-playful' for 
equipment that talks IP, but doesn't understand routing
(assuming any still exists).

Check the output of
  arp -an
and see if there isn't a single MAC accounting for the lion's
share of your ARP cache.  If there is, seek and destroy^H^H^H^H^Hfang


On Wed, Oct 27, 2004 at 02:30:32AM +0200, Dominik Karall wrote
> --nextPart2038980.5ceDjSAWoH
> Content-Type: text/plain;
>   charset=3D"iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> 
> On Wednesday 27 October 2004 01:06, David S. Miller wrote:
> > On Wed, 27 Oct 2004 00:11:26 +0200
> >
> > Dominik Karall <dominik.karall@gmx.net> wrote:
> > > On Tuesday 26 October 2004 23:52, Ernst Herzberg wrote:
> > > > On Tuesday 26 October 2004 19:39, Dominik Karall wrote:
> > > > > can anybody explain why i get thousands of "Neighbour table
> > > > > overflow." messages? i didn't get such ones with older kernels
> > > > > (~2.6.6).
> > > >
> > > > Do you set a default gateway?
> > >
> > > yes, default gateway is set to our server.
> >
> > Do you use a large subnet mask?  For example /16 or /8 or
> > something like that?
> >
> > If so, you will need to bump up the neighbour table garbage
> > collection thresholds under /proc/sys/net/ipv4/neight/default/
> > Specifically gc_thresh1, gc_thresh2, and gc_thresh3
> >
> > You probably have a huge number of machines on your subnet.
> 
> the subnet mask is set to 255.255.0.0, and there are machines from 172.16=
> .0=3D
> =3D2E1=3D20
> to 172.16.1.254. but not all ips are reserved. there are "only" about 100=
> =3D20
> machines in the network.
> i will try to change the values of gc_thresh*, maybe it helps. thx!
> 
> dominik
> 
> --nextPart2038980.5ceDjSAWoH
> Content-Type: application/pgp-signature
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> 
> iQCVAwUAQX7sKgvcoSHvsHMnAQJXqgP/eFTl/SzsI83Q/WgZmlaJ9xPCXsSxFbQm
> 2UmR4cHDZti6mOzKeAOI/O91S+xTkFvdYmVgm+k+TAaUpy6OHa1Lx84y9H7uMa7P
> 7afLf9+qQ00pi+uUp9srhihpiwt1yEYRWuvc9NaZhYfl9EJdeQmGNy6M7tlSwV07
> mxTCNjVqBBU=3D
> =3DZ8MD
> -----END PGP SIGNATURE-----
> 
> --nextPart2038980.5ceDjSAWoH--
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" i=
> n
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
> 
> --__--__--

-- 
Voice: +61 8 8202 9040
Email: jpearson@sa.pracom.com.au

Pracom Ltd
288 Glen Osmond Road
Fullarton, South Australia 5063

Ph: + 61 8 82029000
Fax: +61 8 82029001

CAUTION: This email and any attachments may contain information that is
confidential and subject to copyright. If you are not the
intended recipient, you must not read, use, disseminate, distribute or
copy this email or any attachments. If you have received this
email in error, please notify the sender immediately by reply email and
erase this email and any attachments.

DISCLAIMER: Pracom uses virus-scanning technology but accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus.

Neighbour table overflow

[ro0ot]

Hi,

I had setup my bridge (br0) as below: -

ifconfig eth0 0.0.0.0
ifconfig eth5 0.0.0.0

brctl addbr br0

brctl addif br0 eth0
brctl addif br0 eth5

brctl stp br0 on

ifconfig br0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255

I had my firewall scripts setup correctly.

Once I connect both the interface (eth0 and eth5) to my network.  I 
can't ping to my router (connect to eth0) or ping to my other IP 
addresses (connect to eth5).  I check around and found out some messages 
pops up in /var/log/syslog file as below: -

Jan  2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes)
Jan  2 10:44:32 fw01 last message repeated 11 times
Jan  2 12:27:08 fw01 kernel: Neighbour table overflow.
Jan  2 12:27:11 fw01 last message repeated 9 times
Jan  2 12:27:13 fw01 kernel: NET: 10 messages suppressed.
Jan  2 12:27:13 fw01 kernel: Neighbour table overflow.
Jan  2 12:27:18 fw01 kernel: NET: 27 messages suppressed.
Jan  2 12:27:18 fw01 kernel: Neighbour table overflow.

Once I disconnect the cable from the eth5 interface, I can ping to my 
router.  I try to reconnect the cable back to the eth5 interface and run 
a ping to my router.  As the result, I can't ping the router and the 
similar messages pops up in the /var/log/syslog file.

How can I resolve this issue?

Regards,
ro0ot

Re: Neighbour table overflow

[Jason Opperisano]

On Tue, 2005-01-04 at 19:42, ro0ot wrote:
> Hi,
> 
> I had setup my bridge (br0) as below: -
> 
> ifconfig eth0 0.0.0.0
> ifconfig eth5 0.0.0.0
> 
> brctl addbr br0
> 
> brctl addif br0 eth0
> brctl addif br0 eth5
> 
> brctl stp br0 on
> 
> ifconfig br0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
> 
> I had my firewall scripts setup correctly.
> 
> Once I connect both the interface (eth0 and eth5) to my network.  I 
> can't ping to my router (connect to eth0) or ping to my other IP 
> addresses (connect to eth5).  I check around and found out some messages 
> pops up in /var/log/syslog file as below: -
> 
> Jan  2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes)
> Jan  2 10:44:32 fw01 last message repeated 11 times
> Jan  2 12:27:08 fw01 kernel: Neighbour table overflow.
> Jan  2 12:27:11 fw01 last message repeated 9 times
> Jan  2 12:27:13 fw01 kernel: NET: 10 messages suppressed.
> Jan  2 12:27:13 fw01 kernel: Neighbour table overflow.
> Jan  2 12:27:18 fw01 kernel: NET: 27 messages suppressed.
> Jan  2 12:27:18 fw01 kernel: Neighbour table overflow.
> 
> Once I disconnect the cable from the eth5 interface, I can ping to my 
> router.  I try to reconnect the cable back to the eth5 interface and run 
> a ping to my router.  As the result, I can't ping the router and the 
> similar messages pops up in the /var/log/syslog file.

1)  do you have a loopback interface up with the IP 127.0.0.1 on this
machine?

2) do you > 1024 hosts plugged into this layer 2 broadcast domain?

3) are you plugging both ports of an ethernet bridge into the same layer
2 broadcast domain, creating a broadcast storm?

-j
 
--
"It is better to remain silent and thought a fool, than open your
 mouth and remove all doubt."
	--The Simpsons

Neighbour table overflow

[Sebastiao Antonio Campos (GWA)]

After I had applied the solution bellow I got the follwing msg error:

Neighbour table overflow.

Tks


----- Original Message ----- 
From: "Sebastiao Antonio Campos (GWA)" <sa.campos@datasulsp.com.br>
To: "Netfilter list" <netfilter@lists.netfilter.org>; "Sertys"
<sertys@supportivo.org>
Sent: Tuesday, March 22, 2005 9:51 PM
Subject: Re: Two netwok cards to access the internet.


> Thanks.
>
> It is working good.
>
>
>
> ----- Original Message ----- 
> From: "Sertys" <sertys@supportivo.org>
> To: "Netfilter list" <netfilter@lists.netfilter.org>
> Sent: Tuesday, March 22, 2005 7:24 PM
> Subject: Re: Two netwok cards to access the internet.
>
>
> On Tue, 22 Mar 2005 18:54:26 -0300, Sebastião Antônio Campos
> <sa.campos@datasulsp.com.br> wrote:
>
> Well, that's easy. When you know the ports you want to map through the
> interfaces, just do
>
> iptables -t nat -A POSTROUTING -m multiport -p tcp -s 172.17.1.8 --dports
> 25,110,1723,1701,47 -o eth0 -j MASQUERADE
> iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -o eth2 -j MASQUERADE
> or even better
> iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -o eth2 -j SNAT
> --to-source $ETH2_IP
>
> Those are simple states, you might add --syn or -m state, it's a choice of
> yours anyway.
>
>
> > Hi!
> >
> > I have the following:
> >
> > A RedHat 9.0 with 3 Network cards: One we use in local network (eth1)
> > and the other (eth0 and eth2)  to access the internet.
> >
> > I'd like to separate the traffic. In the eth0 use only with the e-mail
> > server (pop, smtp, 1723, 1701 and protocol 47) and the eht0 with others
> > traffis (http, https, msn....).
> >
> > I tried
> >
> > iptables -t nat -A POSTROUTING -o eth2 -s 172.17.1.8 -j MASQUERADE
> > (--this ip addrs is pop and smtp server)
> > iptables -t nat -A POSTROUTING -o eth0 -s 172.17.0.0/16 -j MASQUERADE
> >
> > But when I did this I could not access the port 1723, 1701 and protocol
> > 47 using the eth2.
> >
> > I tried too use only iptables -t nat -A POSTROUTING -o eth2 -s
> > 172.17.0.0/16 -j MASQUERADE
> >
> > And I got the same prob.
> >
> > If I use iptables -t nat -A POSTROUTING  -s 172.17.0.0/16 -j MASQUERADE
> >
> > I will get a success access. Only when I use iptables -t nat -A
> > POSTROUTING  -s 172.17.0.0/16 -j MASQUERADE (without -o eth2 or -o
eth0).
> >
> >
> > Who could help me?
> >
> > Thanks
> >
> >
> > Sebastiгo Antфnio Campos
> > Infojoi Computadores Ltda
> > Joinville -SC - R. Iririъ, 3587
> > Cml. (47) 437-0796 - Cel. (47) 9927-5349
> > tiao@infojoi.com.br
> > http://www.lupusnet.com.br
>
>
>
> -- 
> www.supportivo.org
>
> I can't stop myself checking for pigs in the outlets. Everybody thinks i'm
> a punk, cause of the hairstyle(220V).
> end
>

Re: Neighbour table overflow

[Jason Opperisano]

On Wed, 2005-03-23 at 09:08, Sebastiao Antonio Campos (GWA) wrote:
> After I had applied the solution bellow I got the follwing msg error:
> 
> Neighbour table overflow.

IIRC--that error means you've filled up your arp table.  the values
(defaults shown) are controlled by the kernel parameters:

        net.ipv4.neigh.default.gc_thresh3 = 1024
        net.ipv4.neigh.default.gc_thresh2 = 512
        net.ipv4.neigh.default.gc_thresh1 = 128

how many hosts are on the physical subnets with your firewall machine?

i was surprised to see you say that everything was working, as your
question appeared to be about policy routing, yet setting up a SNAT
seemed to magically make it work--which made no sense to me.

-j

--
"Well, I'm not calling you a liar, but... I can't think of a way to
 finish that sentence."
	--The Simpsons