hardware problem ?
Alma J Wetzker
almaw
Mon May 17 11:58:24 PDT 2004
Vu Pham wrote:
> ----- Original Message -----
> From: "Keith Morse" <kgmorse at mpcu.com>
> To: <linux-users at linux-sxs.org>
> Sent: Tuesday, January 20, 2004 1:05 AM
> Subject: Re: hardware problem ?
>
>
>
>>On Sun, 18 Jan 2004, Vu Pham wrote:
>>
>>
>>>----- Original Message -----
>>>From: "Net Llama!" <netllama at linux-sxs.org>
>>>To: <linux-users at linux-sxs.org>
>>>Sent: Sunday, January 18, 2004 6:21 PM
>>>Subject: Re: hardware problem ?
>>>
>>>
>>>
>>>>No, the problem is the very large number of tcp/ip connections hitting
>>>>your box. You need to increase the number of connection tracking
>
> table
>
>>>>entries. You can review your table with:
>>>>
>>>># cat /proc/net/ip_conntrack
>>>>
>>>>The max number of connections is set in
>>>>
>>>># cat /proc/sys/net/ipv4/ip_conntrack_max
>>>>
>>>>You can increase it with:
>>>>
>>>># echo "some_number" > /proc/sys/net/ipv4/ip_conntrack_max
>>>
>>>Thanks a lot for this tip. I am googling for how to fix this. I will add
>>>this now.
>>>
>>>
>>>>Did the output of ifconfig for each interface show any errors? What
>>>>kind of NIC(s) do you have? There are some cases of the old eepro100
>>>>driver hanging under very heavy network load traffic (like you
>>>>apparently have).
>>>
>>>I viewed ifconfig -all this morning and there were no error reported.
>>>if0 is the main network interface that connects to the Internet.
>>>if1 is the network card for internal workstation
>>>if2 is the network card for backup, it connects to the Internet thru an
>
> ISDN
>
>>>line.
>>>
>>>the gateway is for the router on if0.
>>>
>>>This configuration has worked for about 8 months, then suddenly 3 weeks
>
> ago,
>
>>>and then this morning, that problem occurred.
>>>
>>>It *temporarily fixed it by restarting the server.
>>
>>
>>Then be very suspicious. What you describe above sounds exactly like the
>>scenario I experienced when a ms-blast worm struck our internal
>>infrastructure. I'd recommend at least looking at the packets flowing
>>thru the firewall with tools like tcpdump (simplest), ethereal (more
>>complex but easier to read), and ntop (seriously slick tool). My firewall
>>supports about 250 nodes and never had a problem with ip_conntrack_max
>>until that ms-blast worm.
>>
>>AND...
>>
>>permit few/deny all for BOTH directions of packets thru a firewall.
>
>
> Thanks, Keith. I will check these things.
>
> Vu
This showed up on Yahoo about a new "beagle" virus used by spammers.
http://news.yahoo.com/news?tmpl=story&u=/nm/20040120/tc_nm/tech_internet_virus_dc_6
-- Alma
More information about the Linux-users
mailing list