hardware problem ?

Vu Pham vu
Mon May 17 11:58:24 PDT 2004 

----- Original Message ----- 
From: "Keith Morse" <kgmorse at mpcu.com>
To: <linux-users at linux-sxs.org>
Sent: Tuesday, January 20, 2004 1:05 AM
Subject: Re: hardware problem ?


> On Sun, 18 Jan 2004, Vu Pham wrote:
>
> >
> > ----- Original Message ----- 
> > From: "Net Llama!" <netllama at linux-sxs.org>
> > To: <linux-users at linux-sxs.org>
> > Sent: Sunday, January 18, 2004 6:21 PM
> > Subject: Re: hardware problem ?
> >
> >
> > >
> > > No, the problem is the very large number of tcp/ip connections hitting
> > > your box.  You need to increase the number of connection tracking
table
> > > entries.  You can review your table with:
> > >
> > > # cat /proc/net/ip_conntrack
> > >
> > > The max number of connections is set in
> > >
> > > # cat /proc/sys/net/ipv4/ip_conntrack_max
> > >
> > > You can increase it with:
> > >
> > > # echo "some_number" > /proc/sys/net/ipv4/ip_conntrack_max
> >
> > Thanks a lot for this tip. I am googling for how to fix this. I will add
> > this now.
> >
> > >
> > > Did the output of ifconfig for each interface show any errors?  What
> > > kind of NIC(s) do you have?  There are some cases of the old eepro100
> > > driver hanging under very heavy network load traffic (like you
> > > apparently have).
> >
> > I viewed ifconfig -all this morning  and there were no error reported.
> > if0 is the main network interface that connects to the Internet.
> > if1 is the network card for internal workstation
> > if2 is the network card for backup, it connects to the Internet thru an
ISDN
> > line.
> >
> > the gateway is for the router on if0.
> >
> > This configuration has worked for about 8 months, then suddenly 3 weeks
ago,
> > and then this morning, that problem occurred.
> >
> > It *temporarily fixed it by restarting the server.
>
>
> Then be very suspicious.  What you describe above sounds exactly like the
> scenario I experienced when a ms-blast worm struck our internal
> infrastructure.  I'd recommend at least looking at the packets flowing
> thru the firewall with tools like tcpdump (simplest), ethereal (more
> complex but easier to read), and ntop (seriously slick tool).  My firewall
> supports about 250 nodes and never had a problem with ip_conntrack_max
> until that ms-blast worm.
>
> AND...
>
> permit few/deny all for BOTH directions of packets thru a firewall.

Thanks, Keith. I will check these things.

Vu

More information about the Linux-users mailing list