Patrick McHardy wrote:
Andrew Morton wrote:
"J.A. Magallon" <[email protected]> wrote:
Are there any known problems with iptables ?
No known problems.
I see strange things.
When I use bittorrent (azureus or bittorrent-gui), at the same time as
iptables (for nat and internet access for my ibook), when I stop a download
or exit from one of this apps my external network goes down.
I have tried the same without iptables loaded and it works fine.
I have observed this behavior on multiple machines, but I don't think it
is specifically an iptables "bug" or kernel "bug". Most of my
experience is with 2.4.x kernels, so I can't remark about the 2.6.x series.
The original poster didn't give enough info for me to correlate anything
with conviction, but, consulting the tea leaves :D I would venture to
guess that the machine that has the network "go down" has less than 128
MB of RAM and is probably running lower end NICs (i.e. 8139too).
There appears to be two or three issues interacting with one another in
these scenarios:
a.) The various Bit Torrent clients and their ilk can generate a
staggering number of conncurrent connections. This can quickly fill the
conntracks on machines with little RAM and cause problems.
b.) The lower end nics (either the hardware itself, or the drivers, I
don't know enough about how to isolate the two) do not appear to be able
to handle the massive number of interrupts that are generated in this
scenario.
c.) The problem is more likely to manifest on "fat pipe" connections (6
MB +)
I would also wager the problem goes away if the torrent clients are shut
down.
I would look there, if I hade the skills requried to tease out anything
useful :D
Various linux based firewall forums have posts describing the same
behavior as the OP of this thread.
Here is one relatively recent example:
http://community.smoothwall.org/forum/viewtopic.php?p=43812#43812
I hope that helps in some way!
What exactly do you mean with "network goes down"? Can you find out
where the packets disappear? Do they silently disappear, or do you get
an error code from sendmsg? What about received packets?
Regards
Patrick
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]