Re: Linux 2.4.18 Kernel Panics related to Netfilter/iptables

mk@fashaf.co.za
Tue, 3 Sep 2002 11:05:00 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andi Kleen: "Re: TCP Segmentation Offloading (TSO)"
Previous message: Terry Barnaby: "Re: Linux kernel lockup with BVM SCSI controller on MCPN765 PPC board"
In reply to: Rusty Russell: "Re: Linux 2.4.18 Kernel Panics related to Netfilter/iptables"

--RASg3xLB4tUQ4RcS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> On Mon, 2 Sep 2002 10:21:56 +0200
> >=20
> > One of my machines running kernel 2.4.18 is getting kernel panics inter=
mittently (30minutes to 4/5 hours).=20
> >=20
> > from the logs I believe is the culprit:
> >=20
> > kernel: LIST_DELETE: ip_conntrack_core.c:165 `&ct->tuplehash[IP_CT_DIR_=
REPLY]'(c6c78e44) not in &ip_conntrack_hash [hash_conntrack(&ct->tuplehash[=
IP_CT_DIR_REPLY].tuple)].
>=20
> This problem has been plaguing us for a while. You're using gcc 2.96, wh=
ich is interesting.
>=20
> What connection tracking/NAT modules have you got?
ipt_LOG ipt_limit ipt_state iptable_filter ipt_MASQUERADE iptable_nat

> What kind of traffic are you getting? (eg. are you getting IRC traffic? =
FTP traffic?).
There is nothing really to hectic that is using NAT as most of the traffic =
goes via a proxy. I'd say the only things that use NAT would be services th=
at dont support an http proxy, kazaa,edonkey,SMTP,pop.
The following ports are NAT'ed 25 22 80 (not really used) 9034 59651 4661 4=
662

This is the NAT part the gateway config:
$IPTABLES -t nat -A POSTROUTING -o $WAN -j MASQUERADE
$IPTABLES -A FORWARD -i $LAN -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG --log=
-level DEBUG --log-prefix "IPT FORWARD packet died: "

Traffic is pretty low in general. If there is any other information i can g=
ive you please let me know.

Regards
Merritt
>=20
> I really want to chase this down, but I've yet to find the cause.
>=20
> Rusty.
> --=20
> there are those who do and those who hang on and you don't see too
> many doers quoting their contemporaries. -- Larry McVoy
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

--RASg3xLB4tUQ4RcS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9dHs887jO8qqRzyURAvmfAJ0YTtaKZ+TLLSRsu/k6IY51jvjH/ACggs/c
hs98Y1WNfvmCHB8iE9th/oQ=
=23Yb
-----END PGP SIGNATURE-----

--RASg3xLB4tUQ4RcS--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: TCP Segmentation Offloading (TSO)"
Previous message: Terry Barnaby: "Re: Linux kernel lockup with BVM SCSI controller on MCPN765 PPC board"
In reply to: Rusty Russell: "Re: Linux 2.4.18 Kernel Panics related to Netfilter/iptables"