Re: need urgent help with 2.2.17 + ipchains

From: William Stearns (wstearns@pobox.com)
Date: Tue Nov 07 2000 - 17:20:42 EST

Next message: Dan Browning: "Re: [HARDLOCK] 2.2.17 locks up hard on Ultra66/PDC20262 in DMA mode when using ide + raid-A0 + eepro100 patches"
Previous message: kernel@kvack.org: "Re: Dual XEON - >>SLOW<< on SMP"
In reply to: Michael Kummer: "need urgent help with 2.2.17 + ipchains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good afternoon, Michael,
(The linux-kernel mailing list is not really the best place for
userspace issues. You should probably use the ipmasq list for future
questions. See http://netfilter.kernelnotes.org/ipchains/ for the
ipchains homepage and http://ipmasq.cjb.net for info on that list.)

On Tue, 7 Nov 2000, Michael Kummer wrote:

> i have the following very nasty problem.
> everytime i execute ipchains -F [rule] my box freezes for 25 minutes!
> i run slackware on 2.2.17.
>
> a friend of mine told me that he had a simliar problem and fixed it with
> downgrading shlibs.

One other possibility is to make sure that all of your dns rules
are at the top of your firewall, and that those dns rules only use ip
addresses and networks ("-d 12.13.14.15" as opposed to "-d
dns1.myisp.net").
To check which rule(s) is/are giving you heartache, go to the top
of your firewall script and add "set -x" as the second line, just under
"#!/bin/bash". Bash will show each line before it is executed. The lines
that sit there for two minutes are probably the ones that are having
trouble with dns lookups.

> -- CUT --
> Linux version 2.2.17 (root@gatekeeper) (gcc version egcs-2.91.66
> 19990314/Linux (egcs-1.1.2 release)) #2 Sun Sep 17 00:56:47 /e$Detected
> 166591 kHz processor.
> Console: colour VGA+ 80x25
> Calibrating delay loop... 332.60 BogoMIPS
> Memory: 128092k/131072k available (1012k kernel code, 408k reserved, 1516k
> data, 44k init)

        Oh, that's way too much memory for a firewall. Mail me half of
it. ;-)
        Cheers,
        - Bill

---------------------------------------------------------------------------
"Bastard Operators from Hell" anagrams to "Shatterproof Armored Balls"
(Courtesy of Jens Benecke <jens@pinguin.conetix.de>)
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com). Mason, Buildkernel, named2hosts,
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Browning: "Re: [HARDLOCK] 2.2.17 locks up hard on Ultra66/PDC20262 in DMA mode when using ide + raid-A0 + eepro100 patches"
Previous message: kernel@kvack.org: "Re: Dual XEON - >>SLOW<< on SMP"
In reply to: Michael Kummer: "need urgent help with 2.2.17 + ipchains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Nov 07 2000 - 21:00:23 EST