Cedric Berger ([EMAIL PROTECTED]) wrote: > Here is the problem I think: 40MB of kernel memory for routing table > entries... > It might be PF table stuff..., not sure yet. > > Do you reload your "ban" table very often?
Whenever I notice a new IP address that needs my attention. Unfortunately this can often be several times in an evening. > Do you you have a big routing table, or IPSec table? I don't use IPSec. The routing table grows automatically without my attention, and I rarely look at it. I'm just running a simple little NAT box that also happens to be a P2P search node, web server, DNS server, mail server, etc. At the time I sent my last e-mail, the box had been up approximately two weeks, so I figured I'd upgrade CVS before rebooting it. I did that, and now my 3.5-beta -current box has been up 22 hours. "netstat -rn | wc" shows 79 lines. Here's the top section (before the IPv6 stuff, which I don't use, as far as I know). ======================================================================= Internet: Destination Gateway Flags Refs Use Mtu Interface default 209.142.155.254 UGS 470 4603644 1492 tun0 12.169.2.37 209.142.155.254 UGHD 0 4600038 1492 L tun0 24.57.88.139 209.142.155.254 UGHD 1 4603283 1492 L tun0 24.204.73.174 209.142.155.254 UGHD 0 4602201 1492 L tun0 62.34.2.173 209.142.155.254 UGHD 1 4575857 1492 L tun0 62.49.7.13 209.142.155.254 UGHD 1 4586241 1492 L tun0 62.174.241.107 209.142.155.254 UGHD 1 4595161 1492 L tun0 62.234.101.184 209.142.155.254 UGHD 1 4594391 1492 L tun0 66.127.219.96 209.142.155.254 UGHD 0 4576111 1492 L tun0 67.68.146.35 209.142.155.254 UGHD 0 4588130 1492 L tun0 67.83.57.90 209.142.155.254 UGHD 1 4568565 1492 L tun0 68.111.105.34 209.142.155.254 UGHD 1 4602356 1492 L tun0 69.157.144.35 209.142.155.254 UGHD 1 4600227 1492 L tun0 80.37.133.135 209.142.155.254 UGHD 1 4586106 1492 L tun0 80.53.98.82 209.142.155.254 UGHD 2 4577373 1492 L tun0 80.218.93.112 209.142.155.254 UGHD 2 4588722 1492 L tun0 81.131.249.79 209.142.155.254 UGHD 1 4590363 1492 L tun0 81.204.8.47 209.142.155.254 UGHD 1 4601940 1492 L tun0 83.117.42.105 209.142.155.254 UGHD 0 4568129 1492 L tun0 83.117.114.175 209.142.155.254 UGHD 1 4602150 1492 L tun0 127/8 127.0.0.1 UGRS 0 0 33224 lo0 127.0.0.1 127.0.0.1 UH 8 37799 33224 lo0 129.81.189.207 209.142.155.254 UGHD 1 4596125 1492 L tun0 129.93.193.216 209.142.155.254 UGHD 0 4587780 1492 L tun0 134.197.63.131 209.142.155.254 UGHD 1 4600673 1492 L tun0 153.91.164.158 209.142.155.254 UGHD 1 4593471 1492 L tun0 192.168.2/24 link#1 UC 3 0 - dc0 192.168.2.1 127.0.0.1 UGHS 0 1860 33224 lo0 192.168.2.2 0:20:78:1e:e9:bf UHLc 0 5363 - dc0 192.168.2.5 0:4:75:e6:56:22 UHLc 7 395126 - dc0 192.168.2.22 0:c:6e:e7:52:44 UHLc 3 31258 - dc0 193.77.154.39 209.142.155.254 UGHD 1 4600532 1492 L tun0 199.74.89.61 209.142.155.254 UGHD 1 4587786 1492 L tun0 200.39.198.58 209.142.155.254 UGHD 0 4588880 1492 L tun0 200.77.160.227 209.142.155.254 UGHD 1 4600106 1492 L tun0 200.95.6.184 209.142.155.254 UGHD 0 4598104 1492 L tun0 200.225.247.87 209.142.155.254 UGHD 0 4569783 1492 L tun0 203.173.21.196 209.142.155.254 UGHD 1 4598989 1492 L tun0 209.142.155.254 209.142.155.49 UH 35 0 1492 tun0 213.46.82.94 209.142.155.254 UGHD 0 4579892 1492 L tun0 213.98.18.48 209.142.155.254 UGHD 1 4585547 1492 L tun0 216.165.50.243 209.142.155.254 UGHD 1 4587643 1492 L tun0 216.178.93.164 209.142.155.254 UGHD 1 4583765 1492 L tun0 224/4 127.0.0.1 URS 0 0 33224 lo0 ======================================================================= Apart from 192.168.2.* which is obviously my LAN, and 209.142.155.254 which is the other end of my DSL pppoe connection, and the loopback/multicast addresses, I have no idea what the others are. I assume they were placed there after someone connected to me from that address, or someone on my LAN surfed to a web site, etc. Just picking one at random: 199.74.89.61 is dhcp089061.res-hall.northwestern.edu, and is currently connected to my OpenFT port. If the routing table really does grow every time some spammer or P2P user connects to me from the Internet, and never gets pruned, then this resembles a denial of service attack. :-/ But I have a hard time believing I'd be the only person seeing such a problem. -- Greg Wooledge | "Truth belongs to everybody." [EMAIL PROTECTED] | - The Red Hot Chili Peppers http://wooledge.org/~greg/ |
signature.asc
Description: Digital signature
