LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-08-2012, 02:07 AM   #1
aaronanderson
LQ Newbie
 
Registered: Aug 2008
Posts: 9

Rep: Reputation: 0
iptables connection limits


I recently upgraded from Ubuntu natty to precise which upgraded my kernel from 2.6.32 to 3.2.0. Since the upgrade yesterday I've noticed that certain websites don't load correctly. It appears to be sites that have a large number of images (500+) don't fully load. Looking at the network graph in chrome (F12) it shows that they timeout. I'm wondering if there is some kind of maximum concurrent connections or something.

If I use a socks proxy through ssh (ssh -D) everything works fine so it's definitely something with the iptables masquerade in 3.2.0.

My firewall script is MonMotha's firewall script (http://ostatic.com/mothafirewall).

I realize that this is somewhat vague but any thoughts are greatly appreciated.

Aaron
 
Old 07-08-2012, 03:47 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,218

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
I don't known how others but I can't download this MonMotha - site is down. Maybe it is too old. You can paste here output of "iptables -S".
 
Old 07-08-2012, 06:52 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,286
Blog Entries: 54

Rep: Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854
...yeah I'd expect at least a (Safe For LQ) web site address to test ourselves, output of 'cat /proc/net/ip_tables_names|while read TABLE; do iptables -t $TABLE --line-numbers -nvxL; done' as well as 'sysctl -a | egrep "ipv4|conntrack";'. And since it's not a Linux Security issue I'm moving this thread to /Networking.
 
Old 07-09-2012, 01:59 PM   #4
aaronanderson
LQ Newbie
 
Registered: Aug 2008
Posts: 9

Original Poster
Rep: Reputation: 0
Sorry that the website doesn't work. I've had this script for years.

My iptables output is here: http://pastebin.com/rqkkJpbg
My firewall script is here: http://pastebin.com/tLp2FBwR

I've changed my gateway device from my linux box to a dlink router. No problems so it's definitely something with iptables.
I'm going to try and compile the latest kernel (3.4.4) and see if that fixes the problem.

If there are any other suggestions, that would be greatly appreciated.
 
Old 07-10-2012, 05:06 AM   #5
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,218

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Well, from what I see initial packets are going to INETOUT where are accepted and answers go through INETIN, where already established connection are accepted. It seems ok. There are some ealier rules, where some packets with specified destination ports are limited in TCPACCEPT chain, maybe web browser used them. To check if this is issue, move rule "-A INETIN -m state --state ESTABLISHED -j ACCEPT" on the beginning of INETIN chain and check if something changed.

Check logs, maybe some messages are there. Also do what unSpawn wrote.
 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptables: appropriate limits? DJRcomputing Linux - Networking 4 07-02-2011 07:07 AM
BitTorrent > Question about connection limits pgreptom Linux - Software 1 04-25-2009 01:17 AM
limits are not working (limits.conf) PkerC Red Hat 3 06-22-2006 10:14 AM
limits using debs without an internet connection? softgun Debian 7 07-09-2003 01:41 AM
iptables icmp limits dunkyb Linux - Security 0 05-08-2003 05:10 PM


All times are GMT -5. The time now is 05:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration