netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Serious masquerade problem

from [Rusty Russell] [Permanent Link][Original]
To: Bjoern Smith <smith@xxxxxxxxxxxxxxxxxx>
Subject: Re: Serious masquerade problem
From: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
Date: Thu, 07 Mar 2002 13:15:58 +1100
Cc: netdev@xxxxxxxxxxx
In-reply-to: Your message of "Wed, 06 Mar 2002 15:34:41 BST." <3C862901.171A34C7@passad.compound.se>
Sender: owner-netdev@xxxxxxxxxxx 
In message <3C862901.171A34C7@xxxxxxxxxxxxxxxxxx> you write:
> Mar  6 14:35:22 albatross kernel: Neighbour table overflow.
> Mar  6 14:35:22 albatross kernel: MASQUERADE: No route: Rusty's brain
> broke!
> Mar  6 14:35:25 albatross last message repeated 144 times
> 
> After a while the system gets all messed up and cannot even be
> rebooted from the console. Just pulling the plug helps.

This means that no route could be found for the masqueraded packets.
I've never seen this before, but I think the real problem is the
neighbour table overflow.

CC:'d to netdev..

> This is our system:
> Celeron (Coppermine)/700MHz (Dell PowerApp 110)
> 256Mbyte RAM
> Linux RedHat 7.1
> kernel-2.4.9-31 (not recompiled)
> 
> 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 255.255.255.255 0.0.0.0         255.255.255.255 UH    0      0        0
> eth0
> 212.247.164.192 0.0.0.0         255.255.255.224 U     0      0        0
> eth0
> 212.247.164.224 0.0.0.0         255.255.255.224 U     0      0        0
> eth1
> 193.12.201.0    212.247.164.197 255.255.255.0   UG    0      0        0
> eth0
> 192.0.1.0       0.0.0.0         255.255.255.0   U     0      0        0
> eth0
> 172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0
> eth0
> 172.19.0.0      212.247.164.197 255.255.0.0     UG    0      0        0
> eth0
> 172.20.0.0      212.247.164.197 255.255.0.0     UG    0      0        0
> eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0
> lo
> 0.0.0.0         212.247.164.254 0.0.0.0         UG    0      0        0
> eth1
> 
> 
> Interfaces:
> eth0      Link encap:Ethernet  HWaddr 00:02:B3:86:37:24
>           inet addr:212.247.164.195  Bcast:212.247.164.223 =
> 
> Mask:255.255.255.224
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:3584842 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:3984789 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:5 Base address:0x4000
>  =
> 
> eth0:0    Link encap:Ethernet  HWaddr 00:02:B3:86:37:24
>           inet addr:192.0.1.1  Bcast:192.0.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           Interrupt:5 Base address:0x4000
>  =
> 
> eth0:1    Link encap:Ethernet  HWaddr 00:02:B3:86:37:24
>           inet addr:172.18.0.1  Bcast:172.18.255.255  Mask:255.255.0.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           Interrupt:5 Base address:0x4000
>  =
> 
> eth1      Link encap:Ethernet  HWaddr 00:02:B3:86:37:25
>           inet addr:212.247.164.253  Bcast:212.247.164.255 =
> 
> Mask:255.255.255.224
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:1591438 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1192510 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:69390 txqueuelen:100
>           Interrupt:5 Base address:0x6000
>  =
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:21252 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:21252 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
> 
> 
> # /sbin/ip rule list
> 0:      from all lookup local
> 32765:  from 172.20.0.0/16 lookup telia
> 32766:  from all lookup main
> 32767:  from all lookup 253
> 
> # /sbin/ip route list table telia
> default via 212.247.164.196 dev eth0
> 
> 
> # /sbin/iptables -L -vn -t nat
> Chain PREROUTING (policy ACCEPT 230K packets, 11M bytes)
>  pkts bytes target     prot opt in     out     source              =
> 
> destination
>     0     0 DROP       all  --  eth1   *       192.168.0.0/16      =
> 
> 0.0.0.0/0
>    10  3536 DROP       all  --  eth1   *       10.0.0.0/8          =
> 
> 0.0.0.0/0
>  =
> 
> Chain POSTROUTING (policy ACCEPT 55939 packets, 3347K bytes)
>  pkts bytes target     prot opt in     out     source              =
> 
> destination
> 15062  782K MASQUERADE  all  --  *      eth1    172.18.0.0/16       =
> 
> 0.0.0.0/0
>     1    57 MASQUERADE  all  --  *      eth1    172.19.0.0/16       =
> 
> 0.0.0.0/0
>  7764  399K MASQUERADE  all  --  *      eth1    172.20.0.0/16       =
> 
> 0.0.0.0/0
> 44041 2247K MASQUERADE  all  --  *      eth0    172.20.0.0/16       =
> 
> 0.0.0.0/0
>  =
> 
> Chain OUTPUT (policy ACCEPT 11777 packets, 1058K bytes)
>  pkts bytes target     prot opt in     out     source              =
> 
> destination
--
  Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Serious masquerade problem, Rusty Russell <=
Previous by Date:  Re: [BETA-0.95] Sixth test release of Tigon3 driver, Cacophonix
Next by Date:  [BK PATCHES] lotsa net driver merges, Jeff Garzik
Previous by Thread:  Re: [BETA-0.95] Sixth test release of Tigon3 driver, Cacophonix
Next by Thread:  [BK PATCHES] lotsa net driver merges, Jeff Garzik
Indexes:  [Date] [Thread] [Top] [All Lists]