One of our RHEL 5.3 servers has trouble about 30% of the time with TCP-based communications, but it does not seem to be firewall issues. From another computer on the same switch, you can SSH to the server sometimes and other times the SSH command will just hang. When it hangs, you can often just Ctrl+C and try it again and it works. Same with HTTP connections. You'll get part of a web page and then FireFox will just hang waiting for the rest and eventually time out. Same goes for communication initiated FROM the server. SSH'ing from the server to any outside server or connecting to any web site works sometimes, but most times not. iptables if off. No other firewalls are running. Tcpdump shows communication gets so far and then stops. It does not matter whether tou run tcpdump on that server or the client connecting to it. Either way you see the connection stops working. MEANWHILE, pinging with small or large packets works flawlessly. 10,000 packets, zero drops.
I've recently installed Ubunter 9.10 Server Edition to use as a NAT firewall for the lab I run. I'm using iptables to do NAT forwarding and everything works great except that, occasionally, connections seem to break. Ssh connections close with "Connection reset by peer" and HTTP connections just stall out.I believe this has to do with the firewall's internal network interface occasionally dropping packets.
I have a small office network (about 30 machine) with linux gateway (6Mbps internet bandwidth). Every user get only 500Kbps bandwidth, and they use the internet very poor. The internet getting slow lately, and I noticed that there are huge amount of small packets (78 byte, 48 byte) coming to linux machines. My question is: How can I solve which machine(s) sending those small packets? Do you have any ideas with netstat command?
Using netstat I can get a lot of network related information which is pretty useful at times. But when I use for example 'netstat -s' it gives me a lot of counts for bits transferred or data packets transferred etc. Now one thing I am not sure of is that for how long those counts will keep rolling and when will they get reset (when I restart the machine?, when I restart the network services? Or if there is some kinda threshold set on it?) How exactly netstat counts those things (I mean what is the source of those counts for netstat).
I've run into a of a routing issue pertaining to packets leaving a firewall, traversing and IPSec tunnel, hitting the target and then returning via a different tunnel, finally arriving back on the source firewall but on a different interface from where it started. Once the packet has returned to the firewall it is dropped I've been unable to discover the reason for the drop. Two sides to the system, Firewall A and Firewall B. Each firewall provides the default gateway to its respective side and offers a backup IPSec tunnel to the high capacity tunnel handled internally. The Layer 3 Switch uses OSPF and takes care of the bulk of the behind the scenes routing between the sides. In case of failure the Layer 3 switches direct traffic to use the Firewall tunnels to route traffic.
I'm running a Debian Squeeze 6.0.1a box that's connected to my ISP via an L2TP connection that's managed by OpenL2TPD. The box is configured to perform NAT from local clients (on eth0) to the internet (on ppp0).
However, I'm having an issue with TCP packets that are sent from the box itself to the internet (packets originally coming from the local clients get sent and received over the internet just fine)
I'm using this Python app to test this:
Code: #!/usr/bin/env python import socket, time s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(('', 5003)) s.listen(1) while 1: conn, addr = s.accept()
with my other ethernet card problem solved, I suddenly run into this:
Code: eth1 Link encap:Ethernet HWaddr 00:02:e3:16:37:4c inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::202:e3ff:fe16:374c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
This card was working perfectly fine up until....an hour ago and it started doing this. My iptables isn't blocking it somehow, because I didn't change anything. I tried reverting to an older kernel and that didn't help. It's not the network cable, it works fine in any other card. Also, the dropped packets seem to count down? It seems to go down by exactly one every time I run ifconfig, no matter the length of time in between running it.
As is known, there is a queue lies between the kernel subsystem and the network driver for incoming data. And if data come when this queue has no space for it, the data got dropped by kernel. Is there some way to see how many packets are dropped due to this buff penury? I tried netstat -s but could not find something useful. On the other hand, I found this 12176 packets collapsed in receive queue due to low socket buffer from netstat -s. I think this is something related to the per-socket buffer, but not the incoming queue between the network driver and kernel. Is this right?
I am trying to figure out what command to use to show the number of DROPPED and INVALID packets that the firewall is handling.I'm going to put these commands into a log analyzer script which will run every 15 minutes with cron. The firewall is running and operating the way I want it to. I'm running CentOS 5.4.
I'm looking for an open source/free network emulator tool that I could use on Mac OS X, to simulate a slow network connection, limited bandwidth and other network characteristics such as dropped packets etc for both UDP/TCP connections (or even on the physical layer).
I'm looking for the simplest solution that would allow me to run TCP/UDP servers and have a few clients connect to them on localhost emulating various network connections. I'm mainly wondering if I can use something like Linux's netem on Mac OS X (or even better cross-platform Windows/Linux/Mac). Perhaps I can run VirtualBox and a Linux kernel running netem, has anyone had luck with that?[URL]...
I've been receiving a LOT of log cruft ever since I installed my WUSB100V2 (using the rt2870sta community driver from the Linux kernel) and was wondering what it all meant.
Many times when these messages occur it is accompanied by slow network speeds and many DNS queries and outgoing SYNs being dropped. I have searched for documentation for these (error?) messages and have come up empty as far as what they mean or how I can stop them from occurring.
I reside on the opposite side of the building from my WAP. I have taken steps to improve the signal strength, but the signal quality hovers between 50% and 70%, sometimes dropping to 40% for unknown reasons.
I switched over to Fedora a couple of days ago. I'm using the built-in firewall shipped with it but I can't find out how to enable logging of dropped packets. Among others I'd like to use psad that needs firewall logging. Is there an easy way to do this? I'm not an iptables "expert".
my NIC drives me crazy and I need some help to gather all relevant informations to file a decent bug report. Maybe someone could guide me through this process.My mainboard is an AsRock Z68 Pro3
I use a dual-boot setup with Windows7 installed in parallel to Fedora 15-x64. Whenever I had Windows in use and jjust reboot the system into Fedora, the NIC does not work as expected. Instead it goes in an endless "em1: link up" loop which results in very low bandwith or even complete network timeouts. This happens in Firefox as well as with yum or ping.
Originally Posted by dmesg [ 58.763294] r8169 0000:05:00.0: em1: link up [ 59.686773] r8169 0000:05:00.0: em1: link up [ 61.936454] r8169 0000:05:00.0: em1: link up
If I directly cold boot into Fedora (after the power cord has been removed and the system got completely re-initialized) there are no problems at alll and I get a fast and stable network conection. This also happens with other linux distributions, for example SysRescCD.
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
While running some live tests last week I saw an odd situation where netstat appeared to be displaying the wrong PID and process name for TCP connections. I'm trying to figure out if this is just a strange netstat bug or if it could indicate something odd is happening with our software.
We have a main program which establishes a number of connections, including connecting to a JMS server and listening/accepting a TCP connection. The main program also creates a child process which it uses to communicate with another server. On at least three occasions we saw a situation we saw netstat reporting all the expected TCP connections (correct ip/port for both source and destination), however the child process, instead of the main, was listed for the PID. The main process was still running but netstat no longer reported any TCP connections established by the main program. The main program continued to function correctly, the JMS communication continued to work and we believe the other TCP connection was functioning correctly despite the program supposedly not having any TCP connections.
I'm wondering if this could simply be a bug and/or obscure functionality of netstat that I don't understand which would cause netstat to report the child process as 'owning' the parents TCP connections. I don't know how this would happen or why the parent would continue functioning despite the problem otherwise.
While issuing the command netstat -M it shows netstat: no support for `ip_masquerade' on this system. But this system is used as a gateway and iptable rules are set for ip forwarding. Also internet is getting another machine through this machine. What about the message?
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
I've been experiencing some home web-server slowdown issues lately, and I wanted to see if it's a problem with the server itself. I'm not sure if this might be the problem, but upon checking netstat -tn, I see over 15 instances of the following:
where 192.168.2.9 is the server's local address, the local address port varies, and the foreign address is the server's web address. If anyone knows what might be causing this and/or how to fix i
We are running a combination of Apache-2 with mod_jk connecting to tomcat workers running on separate hardware.Strange: "netstat -tn" on the Apache server outputs identical combinations of source address, source port, destination address and destination port.
Has anybody else experienced this phenomenon? (I googled and searched LQ but couldn't find anybody else reporting this)Is netstat broken, or is there another explanation?
My wireless connection keeps getting dropped very frequently. I am on a Dell XPS m1530 and I will just be on the interent and it just disconnects from wireless and I have to connect back. It is super annoying. I am on the latest version of ubuntu.