Facebook
Twitter
Matt Sonnentag
Basic Pleskian
Hi All,
Hoping someone can shed some light on this annoying problem with apf.
I regularly - but not always get an error when adding a deny rule: iptables: Unknown error 4294967295
Rarely, but sometimes I also receive the following error: iptables too many links
I know everyone is going to say just google it, lots of stuff out there. yes there is for virtual servers. This is not, its a plain old centos 5 box with no virtualization, Plesk 8.6, iptables version 1.3.5, kernel 2.6.18-164.11.1.el5.centos.plus
I believe All of the modules are loaded that apf needs, but here is my lsmod:
Module Size Used by
xt_conntrack 6593 0
ip_conntrack_irc 10545 0
ip_nat_ftp 7361 0
xt_state 6209 18
ip_conntrack_ftp 11569 1 ip_nat_ftp
iptable_nat 11077 0
ip_nat 21101 2 ip_nat_ftp,iptable_nat
ip_conntrack 53281 7 xt_conntrack,ip_conntrack_irc,ip_nat_ftp,xt_state,ip_conntrack_ftp,iptable_nat,ip_nat
nfnetlink 10713 2 ip_nat,ip_conntrack
iptable_filter 7105 1
iptable_mangle 6849 1
ip_tables 17029 3 iptable_nat,iptable_filter,iptable_mangle
xt_tcpmss 6337 0
ipt_tos 5825 0
nfsd 204337 5
exportfs 9665 1 nfsd
nfs_acl 7617 1 nfsd
auth_rpcgss 43105 1 nfsd
ipt_ECN 7105 102
nls_utf8 6209 0
cifs 228065 0
xt_length 6081 0
xt_mac 6081 0
xt_multiport 7233 4
ipt_TCPMSS 8001 1
ipt_ULOG 11717 0
ipt_TOS 6337 18
ipt_ecn 6337 0
ipt_ttl 5953 0
ipt_owner 6081 0
ipt_recent 12497 46
autofs4 29253 3
ipmi_devintf 13129 0
ipmi_si 42829 0
ipmi_msghandler 39153 2 ipmi_devintf,ipmi_si
hidp 23105 2
l2cap 29505 5 hidp
bluetooth 53925 2 hidp,l2cap
lockd 63081 1 nfsd
sunrpc 145405 8 nfsd,nfs_acl,auth_rpcgss,lockd
ipt_REJECT 9665 46
xt_limit 6721 1090
ipt_LOG 10049 1020
xt_tcpudp 7105 373
ip6table_filter 6849 0
ip6_tables 18053 1 ip6table_filter
x_tables 17349 22 xt_conntrack,xt_state,iptable_nat,ip_tables,xt_tcpmss,ipt_tos,ipt_ECN,xt_length,xt_mac,xt_multiport,ipt_TCPMSS,ipt_ULOG,ipt_TOS,ipt_ecn,ipt_ttl,ipt_owner,ipt_recent,ipt_REJECT,xt_limit,ipt_LOG,xt_tcpudp,ip6_tables
ipv6 267617 40
xfrm_nalgo 13381 1 ipv6
crypto_api 12609 1 xfrm_nalgo
dm_mirror 24393 0
dm_multipath 24909 0
scsi_dh 11713 1 dm_multipath
video 21193 0
hwmon 7365 0
backlight 10049 1 video
sbs 18533 0
i2c_ec 9025 1 sbs
button 10705 0
battery 13637 0
asus_acpi 19289 0
ac 9157 0
parport_pc 29157 0
lp 15849 0
parport 37513 2 parport_pc,lp
floppy 57125 0
sg 36573 0
ide_cd 40161 0
pcspkr 7105 0
i2c_i801 11725 0
serio_raw 10693 0
i2c_core 23745 2 i2c_ec,i2c_i801
i3000_edac 9413 0
cdrom 36577 1 ide_cd
edac_mc 26257 1 i3000_edac
tg3 114501 0
dm_raid45 67145 0
dm_message 6977 1 dm_raid45
dm_region_hash 15681 1 dm_raid45
dm_log 14657 3 dm_mirror,dm_raid45,dm_region_hash
dm_mod 63225 4 dm_mirror,dm_multipath,dm_raid45,dm_log
dm_mem_cache 9537 1 dm_raid45
pata_acpi 9665 0
ata_piix 23621 3
ata_generic 10565 0
libata 157317 3 pata_acpi,ata_piix,ata_generic
sd_mod 25281 4
scsi_mod 141717 4 scsi_dh,sg,libata,sd_mod
ext3 125001 2
jbd 57065 1 ext3
uhci_hcd 25421 0
ohci_hcd 24553 0
ehci_hcd 33869 0
These errors occur randomly, I might not see them all week and then the next day I get them with every apf -d. Load on the server is not drastically different at any point in time and I am pulling my hair out.
I have tried MONOKERNEL 0 & 1 - no difference
I have updated iptables-config to tell it to load all of the modules required:
IPTABLES_MODULES="ip_conntrack_ftp ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
This seems to have helped reduce the frequency of the errors. Any help, pointers, tips, shots in the dark would be much appreciated.
Hoping someone can shed some light on this annoying problem with apf.
I regularly - but not always get an error when adding a deny rule: iptables: Unknown error 4294967295
Rarely, but sometimes I also receive the following error: iptables too many links
I know everyone is going to say just google it, lots of stuff out there. yes there is for virtual servers. This is not, its a plain old centos 5 box with no virtualization, Plesk 8.6, iptables version 1.3.5, kernel 2.6.18-164.11.1.el5.centos.plus
I believe All of the modules are loaded that apf needs, but here is my lsmod:
Module Size Used by
xt_conntrack 6593 0
ip_conntrack_irc 10545 0
ip_nat_ftp 7361 0
xt_state 6209 18
ip_conntrack_ftp 11569 1 ip_nat_ftp
iptable_nat 11077 0
ip_nat 21101 2 ip_nat_ftp,iptable_nat
ip_conntrack 53281 7 xt_conntrack,ip_conntrack_irc,ip_nat_ftp,xt_state,ip_conntrack_ftp,iptable_nat,ip_nat
nfnetlink 10713 2 ip_nat,ip_conntrack
iptable_filter 7105 1
iptable_mangle 6849 1
ip_tables 17029 3 iptable_nat,iptable_filter,iptable_mangle
xt_tcpmss 6337 0
ipt_tos 5825 0
nfsd 204337 5
exportfs 9665 1 nfsd
nfs_acl 7617 1 nfsd
auth_rpcgss 43105 1 nfsd
ipt_ECN 7105 102
nls_utf8 6209 0
cifs 228065 0
xt_length 6081 0
xt_mac 6081 0
xt_multiport 7233 4
ipt_TCPMSS 8001 1
ipt_ULOG 11717 0
ipt_TOS 6337 18
ipt_ecn 6337 0
ipt_ttl 5953 0
ipt_owner 6081 0
ipt_recent 12497 46
autofs4 29253 3
ipmi_devintf 13129 0
ipmi_si 42829 0
ipmi_msghandler 39153 2 ipmi_devintf,ipmi_si
hidp 23105 2
l2cap 29505 5 hidp
bluetooth 53925 2 hidp,l2cap
lockd 63081 1 nfsd
sunrpc 145405 8 nfsd,nfs_acl,auth_rpcgss,lockd
ipt_REJECT 9665 46
xt_limit 6721 1090
ipt_LOG 10049 1020
xt_tcpudp 7105 373
ip6table_filter 6849 0
ip6_tables 18053 1 ip6table_filter
x_tables 17349 22 xt_conntrack,xt_state,iptable_nat,ip_tables,xt_tcpmss,ipt_tos,ipt_ECN,xt_length,xt_mac,xt_multiport,ipt_TCPMSS,ipt_ULOG,ipt_TOS,ipt_ecn,ipt_ttl,ipt_owner,ipt_recent,ipt_REJECT,xt_limit,ipt_LOG,xt_tcpudp,ip6_tables
ipv6 267617 40
xfrm_nalgo 13381 1 ipv6
crypto_api 12609 1 xfrm_nalgo
dm_mirror 24393 0
dm_multipath 24909 0
scsi_dh 11713 1 dm_multipath
video 21193 0
hwmon 7365 0
backlight 10049 1 video
sbs 18533 0
i2c_ec 9025 1 sbs
button 10705 0
battery 13637 0
asus_acpi 19289 0
ac 9157 0
parport_pc 29157 0
lp 15849 0
parport 37513 2 parport_pc,lp
floppy 57125 0
sg 36573 0
ide_cd 40161 0
pcspkr 7105 0
i2c_i801 11725 0
serio_raw 10693 0
i2c_core 23745 2 i2c_ec,i2c_i801
i3000_edac 9413 0
cdrom 36577 1 ide_cd
edac_mc 26257 1 i3000_edac
tg3 114501 0
dm_raid45 67145 0
dm_message 6977 1 dm_raid45
dm_region_hash 15681 1 dm_raid45
dm_log 14657 3 dm_mirror,dm_raid45,dm_region_hash
dm_mod 63225 4 dm_mirror,dm_multipath,dm_raid45,dm_log
dm_mem_cache 9537 1 dm_raid45
pata_acpi 9665 0
ata_piix 23621 3
ata_generic 10565 0
libata 157317 3 pata_acpi,ata_piix,ata_generic
sd_mod 25281 4
scsi_mod 141717 4 scsi_dh,sg,libata,sd_mod
ext3 125001 2
jbd 57065 1 ext3
uhci_hcd 25421 0
ohci_hcd 24553 0
ehci_hcd 33869 0
These errors occur randomly, I might not see them all week and then the next day I get them with every apf -d. Load on the server is not drastically different at any point in time and I am pulling my hair out.
I have tried MONOKERNEL 0 & 1 - no difference
I have updated iptables-config to tell it to load all of the modules required:
IPTABLES_MODULES="ip_conntrack_ftp ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
This seems to have helped reduce the frequency of the errors. Any help, pointers, tips, shots in the dark would be much appreciated.
