关于IPTABLES和udp checksum
发表于 : 2010-03-17 10:59
iptables:
发现fwbuilder非常方便的能创建iptables规则,请问有使用手册吗?或者,谁能写个教程啊?
udp checksum:
有一台服务器,安装了ubuntu 8.04,使用了IPTABLES作为防火墙,以前很正常,目前客户端有时候会无法访问外网,从服务器上看系统日志,有很多udp checksum的记录。
[44566.831807] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 49
[44571.841119] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 46
[44571.841127] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 46
[44576.868429] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 48
[44576.868587] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 46
[44581.877001] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 47
[44581.877016] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 49
[44586.895746] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 47
[44591.918286] printk: 1 messages suppressed.
[44591.918292] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 49
[44596.940055] printk: 1 messages suppressed.
[44596.940062] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 48
[44601.958042] printk: 1 messages suppressed.
[44601.958050] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 46
之后,我在/etc/sysctl.conf中增加了:
net.inet.udp.checksum = 0
net.core.netdev_max_backlog = 3000
net.ipv4.tcp_max_orphans = 2048
net.ipv4.netfilter.ip_conntrack_checksum = 0
net.netfilter.nf_conntrack_checksum = 0
但是现在还是有这种情况发生,请问如何处理呢?
另外,网卡有大量的drops和overruns.
请高手赐教。
发现fwbuilder非常方便的能创建iptables规则,请问有使用手册吗?或者,谁能写个教程啊?
udp checksum:
有一台服务器,安装了ubuntu 8.04,使用了IPTABLES作为防火墙,以前很正常,目前客户端有时候会无法访问外网,从服务器上看系统日志,有很多udp checksum的记录。
[44566.831807] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 49
[44571.841119] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 46
[44571.841127] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 46
[44576.868429] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 48
[44576.868587] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 46
[44581.877001] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 47
[44581.877016] UDP: bad checksum. From 211.140.139.3:5290 to 61.188.271.44:8183 ulen 49
[44586.895746] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 47
[44591.918286] printk: 1 messages suppressed.
[44591.918292] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 49
[44596.940055] printk: 1 messages suppressed.
[44596.940062] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 48
[44601.958042] printk: 1 messages suppressed.
[44601.958050] UDP: bad checksum. From 211.140.139.3:5289 to 61.188.271.44:8183 ulen 46
之后,我在/etc/sysctl.conf中增加了:
net.inet.udp.checksum = 0
net.core.netdev_max_backlog = 3000
net.ipv4.tcp_max_orphans = 2048
net.ipv4.netfilter.ip_conntrack_checksum = 0
net.netfilter.nf_conntrack_checksum = 0
但是现在还是有这种情况发生,请问如何处理呢?
另外,网卡有大量的drops和overruns.
请高手赐教。