problem of packet loss with e100 machine with fedora core 4
Bob Chiodini
rchiodin at bellsouth.net
Fri Dec 23 12:32:39 UTC 2005
On Fri, 2005-12-23 at 12:20 +0100, Eric Doutreleau wrote:
> Steffen Kluge wrote:
>
> >On Thu, 2005-12-22 at 13:10 -0600, Les Mikesell wrote:
> >
> >
> >>If you are sure that the port negotiation is working and
> >>both the nic and switch are running in full duplex it
> >>could be an interrupt sharing issue when running under
> >>Linux. I'm not sure how to solve it, though.
> >>
> >>
> >
> >That's an interesting point, I always wondered if/when overloading a
> >single interrupt (as ACPI does on my laptop) leads to performance
> >problems. It would be good to see the output of ``cat /proc/interrupts''
> >in this case.
> >
> >I fixed the interrupt overloading on my laptop by booting with
> >acpi=noirq, BTW.
> >
> >Cheers
> >Steffen.
> >
> >
> >
> Hi folks
>
> I have found something
> when i stop the firewall i don't lose packets anymore.
>
> i m wondering what could make the network freeze in my config
>
> i will try to remove some rules in order to see what rules is the culprit
>
> Here is my config
> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> ACCEPT
> # Ouverture pour portmapper (C. Bac)
> #-A RH-Firewall-1-INPUT -p tcp -m tcp -s 157.159.0.0/16 --dport 111 -j
> ACCEPT
> #-A RH-Firewall-1-INPUT -p udp -s 157.159.0.0/16 --dport 111 -j ACCEPT
> # Ouverture pour les postes de la salle
> -A RH-Firewall-1-INPUT -s 157.159.15.210 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.211 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.212 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.213 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.214 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.215 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.216 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.217 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.218 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.219 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.220 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.221 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 157.159.15.222 -p tcp --destination-port
> 1024:65535 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp -s 157.159.10.29 -d 0/0 --dport
> 5308 -j ACCEPT
> # Ouverture Multicast IGMP et classe D 224/4
> -A RH-Firewall-1-INPUT -p igmp -d 224.0.0.0/28 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 224.0.0.0/4 -j ACCEPT
> # Ouverture cfengine port pour cfrun ...
> -A RH-Firewall-1-INPUT -p tcp -m tcp -s 157.159.10.29 -d 0/0 --dport
> 5308 -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
>
Eric,
Consider putting a log rule in your IPTables config. You might get a
hint from the log.
Bob...
More information about the users
mailing list