From: josh <josh876@poczta.onet.pl>
To: lartc@vger.kernel.org
Subject: [LARTC] Stranger than IPTABLES?
Date: Thu, 06 Jun 2002 22:13:32 +0000 [thread overview]
Message-ID: <marc-lartc-102340161221340@msgid-missing> (raw)
Hi there!
This post is somehow connected with my other posts about problems with HTB. In fact - in my case it can be problem of linux kernel :-/?
Ok, here is the hardware and software:
Linux Debian working on classic pentium 120MHz.
Kernel 2.4.18.
MLDonkey is working for some period of time.
It is generating traffic very intensively.
Here you can see the output of 'netstat -t'.
http://josh876.republika.pl/netstat.txt
Ok, here is the situation:
I can see the LED from modem is blinking very fast - no - it is not blinking it is static light.
As you can see after opening netstat.txt 99% of traffic is generated by mldonkey's 4662 and 4661 ports.
Now I am appending these rules:
iptables -t filter -A INPUT -p tcp \
--destination-port 4662 -j DROP
iptables -t filter -A INPUT -p tcp \
--source-port 4662 -j DROP
iptables -t filter -A OUTPUT -p tcp \
--destination-port 4662 -j DROP
iptables -t filter -A OUTPUT -p tcp \
--source-port 4662 -j DROP
and same ones for port 4661.
What is happening?
It looks like Linux is trying to drop these packets, but they are braking down VERY slowly. It seems like linux is unable to handle that and there are still many packets out of iptables control.
Look at this:
here you can see 'netstat -n' output written after (about half of minute) appending iptables DROP rules:
http://josh876.republika.pl/netstat-dropped.txt
modem's LED is blinkink randomly from time to time but and it is slowing. But MLDonkey is still reporting downloading.
..and this is after few minutes
http://josh876.republika.pl/netstat-dropped-few-minutes.txt
MLDonkey is generally not reporting downloading, but it is still happening that it will show download for a very short while.
The conclusion is, that if IPTABLES has big prolems slowing this damned thing it is also possible that HTB cannot manage it... :-((
What do you think?
p.s.
here is someting taken from MLDonkey configuraton:
(I dont know what this means exactly, but it seems like mldonkey has a limit of 5 download attempting per secound)
max_clients_per_second = 5
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2002-06-06 22:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-06 22:13 josh [this message]
2002-06-07 17:51 ` [LARTC] Stranger than IPTABLES? Martin Devera
2002-06-07 18:02 ` Ciprian Niculescu
2002-06-07 18:11 ` Julián Muñoz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102340161221340@msgid-missing \
--to=josh876@poczta.onet.pl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.