iptables overflow

由 lijinshi112 在 09-18-2003 10:48 发表:

iptables overflow

我单位有近100个终端,通过redhat linux 8 iptables+squid上网,最近经常出现以下消息:

NET:1XXX suppressed.

Neighbour table overflow.

请教各位究竟是什么问题?QQQ!!!


由 lijinshi112 在 09-18-2003 11:11 发表:

**and my eth0 & iptables.conf **

[root@proxy0 root]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

ACCEPT all -- 172.16.0.0/16 anywhere

ACCEPT all -- 172.17.0.0/16 anywhere

ACCEPT all -- 172.18.0.0/16 anywhere

ACCEPT all -- 172.19.0.0/16 anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

[root@proxy0 root]# ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:E0:18:BE:0B:84

inet addr:10.10.40.6 Bcast:10.10.40.7 Mask:255.255.255.252

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:980287 errors:0 dropped:0 overruns:0 frame:0

TX packets:2095936 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:431959448 (411.9 Mb) TX bytes:490654896 (467.9 Mb)

Interrupt:9 Base address:0xb000

eth1 Link encap:Ethernet HWaddr 00:50:FC:3C:9A:96

inet addr:172.19.255.254 Bcast:172.19.255.255 Mask:255.255.0.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:747530 errors:0 dropped:0 overruns:0 frame:0

TX packets:98659 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:73436660 (70.0 Mb) TX bytes:21136482 (20.1 Mb)

Interrupt:9 Base address:0xe000

eth1:0 Link encap:Ethernet HWaddr 00:50:FC:3C:9A:96

inet addr:172.18.255.254 Bcast:172.18.255.255 Mask:255.255.0.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:9 Base address:0xe000

eth2 Link encap:Ethernet HWaddr 00:00:E8:4D:25:91

inet addr:172.16.255.254 Bcast:172.16.255.255 Mask:255.255.0.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:2346301 errors:0 dropped:0 overruns:0 frame:0

TX packets:724719 errors:6 dropped:0 overruns:0 carrier:4

collisions:0 txqueuelen:100

RX bytes:498869731 (475.7 Mb) TX bytes:397131865 (378.7 Mb)

Interrupt:9 Base address:0xc000

eth2:0 Link encap:Ethernet HWaddr 00:00:E8:4D:25:91

inet addr:172.17.255.254 Bcast:172.17.255.255 Mask:255.255.0.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:9 Base address:0xc000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:22112 errors:0 dropped:0 overruns:0 frame:0

TX packets:22112 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:1774090 (1.6 Mb) TX bytes:1774090 (1.6 Mb)

[root@proxy0 sysconfig]# cat iptables

Generated by iptables-save v1.2.6a on Thu Jul 10 10:53:02 2003

*nat

:PREROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 172.16.0.0/255.255.0.0 -o eth0 -j SNAT --to-source 10.10.40.6

-A POSTROUTING -s 172.17.0.0/255.255.0.0 -o eth0 -j SNAT --to-source 10.10.40.6

-A POSTROUTING -s 172.18.0.0/255.255.0.0 -o eth0 -j SNAT --to-source 10.10.40.6

-A POSTROUTING -s 172.19.0.0/255.255.0.0 -o eth0 -j SNAT --to-source 10.10.40.6

COMMIT

Completed on Thu Jul 10 10:53:02 2003

Generated by iptables-save v1.2.6a on Thu Jul 10 10:53:02 2003

*mangle

:PREROUTING ACCEPT [1143:105011]

:INPUT ACCEPT [1143:105011]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [1161:106319]

:POSTROUTING ACCEPT [1161:106319]

COMMIT

Completed on Thu Jul 10 10:53:02 2003

Generated by iptables-save v1.2.6a on Thu Jul 10 10:53:02 2003

*filter

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A FORWARD -s 172.16.0.0/255.255.0.0 -j ACCEPT

-A FORWARD -s 172.17.0.0/255.255.0.0 -j ACCEPT

-A FORWARD -s 172.18.0.0/255.255.0.0 -j ACCEPT

-A FORWARD -s 172.19.0.0/255.255.0.0 -j ACCEPT

COMMIT

Completed on Thu Jul 10 10:53:02 2003


由 dragondk 在 09-18-2003 15:50 发表:


你的netmask太大了,你只有100台机器,用24位的netmask就可以的,否则不正常的arp会造成overflow的。我在 www.linuxaid.com.cn 有具体的回答,解决的方法就是使用ip/24,重新设置你的网络。


由 lijinshi112 在 09-18-2003 20:12 发表:

QQQ

QQQ!!!


由 cx6445 在 09-19-2003 16:31 发表:


怎么会和netmask有关系,我更大的netmask用着还没事呢


由 dragondk 在 09-19-2003 20:18 发表:


Neighbour table overflow 在正常情况下是指arp buffer overflow.arp buffer中只会缓存与接口在同一网络的mac地址, 当你的netmask不适当时,由于错误的软件或攻击会造成arp buffer中有很多未能正确解悉的地址,造成overflow.比如在双网卡的网关上,一个ip 10.0.0.1/16 一个 192.168.0.1/24.当192.168.0.x要求访问10.0.0.2-10.0.254.254的机器时,你应该可以想像有多少mac地址要缓存.如果一个攻击足够快的话,它肯定会使arp buffer overflow.你说呢.

另外不是

Published At
Categories with 服务器类
Tagged with
comments powered by Disqus