I am going to have to agree with on this one. the daemon in.identd has nothing to do
with
IP MASQ. It is used primarily to identify a user with a specific TCP/IP connection for
the
purpose of logging.
Barry Treahy wrote:
> Please correct me, but the processes that is spinning out of control:
>
> > USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
> > nobody 929 99.9 1.9 832 264 ? R May 2 42900:35 in.identd -w -t120
>
> has nothing to do with masqing, does it? Isn't in.identd the TCP/IP IDENT protocol
> server which listens for inbound IP activity and directs it to the correct service?
>
> Perhaps I'm missing something, but I thought masqing was a kernel function, not part
>of
> an external process and if in.identd is spinning out of control, wouldn't it make
>more
> sense to try and figure out why? Perhaps a netstat -n to see who/what is generating
> the rapid stream of new inbound traffic? Once a TCP or UDP sessions is establish, it
> doesn't need in.identd anylonger, correct?
>
> Barry
>
> Audie Pierre wrote:
>
> > There are other things to be considered before IP MASQ like your network topology,
> > ethernet interfaces used. I really don't know what you have as far as network
> > hardware.
> >
> > Guy Harper wrote:
> >
> > > Hello,
> > >
> > > I seem to be experiencing a performance issue with my IPM box.
> > >
> > > A general outline follows.....
> > >
> > > I have about 50 users all talking to a Notes server all day, through 1 IPM box,
> > > running Caldera Linux, kernel version 2.0.35. The box is a P100, 16MB RAM, with
> > > 2
> > > 3com 3c509 nic's. All my users (myself included) experience delays accessing
> > > their
> > > mail, etc.
> > >
> > > If I ping 20k to the notes machine through the IPM I get a 80ms round trip, if I
> > >
> > > ping from the same network I get a 30-40ms round trip.
> > >
> > > I am about to upgrade to 3com 3c905 PCI cards, so we shall see
> > >
> > > The machine is not swapping at all, so I discount RAM.....however, inspecting
> > > the
> > > task list reveals this process:
> > >
> > > USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
> > > nobody 929 99.9 1.9 832 264 ? R May 2 42900:35 in.identd -w -t120
> > >
> > > Ok, so I could use a faster processor, but I will learn nothing if that cures
> > > it....this command is initialized in inetd.conf, but I don't know what it is!!
> > >
> > > This is the IPM script I use at startup....
> > >
> > > **************************************************************************
> > > # IP Masquerade setup for 2.0.x kernels using IPFWADM
> > >
> > > /sbin/depmod -a
> > > /sbin/modprobe ip_masq_ftp
> > >
> > > #CRITICAL: Enable IP forwarding since it is disabled by default.
> > > echo "1" > /proc/sys/net/ipv4/ip_forward
> > >
> > > # MASQ timeouts
> > > #
> > > # 2 hrs timeout for TCP session timeouts
> > > # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
> > > # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a
> > > # 30sec firewall timeout in ICQ itself)
> > > #
> > > /sbin/ipfwadm -M -s 7200 10 60
> > >
> > > # Enable IP forwarding and Masquerading
> > >
> > > ipfwadm -F -p deny
> > > ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
> > > ***************************************************************************
> > >
> > > Perhaps I am missing something?
> > >
> > > Help!!
> > >
> > > Thanks,
> > >
> > > Guy
> > >
> > > _______________________________________________
> > > Masq maillist - [EMAIL PROTECTED]
> > > http://tiffany.indyramp.com/mailman/listinfo/masq
> > > Admin requests can be handled by web (above) or [EMAIL PROTECTED]
> >
> > _______________________________________________
> > Masq maillist - [EMAIL PROTECTED]
> > http://tiffany.indyramp.com/mailman/listinfo/masq
> > Admin requests can be handled by web (above) or [EMAIL PROTECTED]
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> http://tiffany.indyramp.com/mailman/listinfo/masq
> Admin requests can be handled by web (above) or [EMAIL PROTECTED]
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
