Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linode.com Related Forums » Feature Request/Bug Report
  Previous topic | Next topic 
Author Message
waster
 Post subject: iptables+connlimit
PostPosted: Thu Mar 20, 2008 9:53 am 
Offline
Newbie

Joined: Tue Mar 18, 2008 4:36 pm
Posts: 4
Hello,
Was playing with the iptables and suddenly had the problem.

I'v tried to add the following rule to limit number of connections to 80 port:

-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j REJECT


And get the following error in /var/log/messages:

kernel: ip_tables: connlimit match: invalid size 32 != 16

Do zcat /proc/config.gz | grep -i connlimit and get CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y - so connlimit is supported by the kernel?

Is it possible to load connlimit iptables module or it is a bug?

OS: Debian 4.0
IPTables: 1.3.6.0
Top
   
Reply with quote  
Stever
 Post subject:
PostPosted: Thu Mar 20, 2008 2:12 pm 
Offline
Senior Member

Joined: Fri Dec 07, 2007 1:37 am
Posts: 385
Location: NC, USA
I have seen messages sorta like that when iptables was built against a different kernel than that which is running. I don't know which distro you are using, but that may be the direction to start looking.
Top
   
Reply with quote  
waster
 Post subject:
PostPosted: Thu Mar 20, 2008 4:07 pm 
Offline
Newbie

Joined: Tue Mar 18, 2008 4:36 pm
Posts: 4
IPtables was installed using apt-get, so I think the problem is not in compatibility.
Top
   
Reply with quote  
Jay
 Post subject:
PostPosted: Thu Mar 20, 2008 8:31 pm 
Offline
Senior Member

Joined: Sun Nov 14, 2004 6:37 pm
Posts: 138
Website: http://oldos.org
WLM: jasonlfaulkner@hotmail.com
Yahoo Messenger: jasonfncsu
AOL: jaylfaulkner
Location: NC, USA
waster wrote:
IPtables was installed using apt-get, so I think the problem is not in compatibility.


Actually, it very well could be.

Linodes use custom built kernels, not the "standard" kernel.

_________________
Jay Faulkner
http://oldos.org
Top
   
Reply with quote  
dswartz
PostPosted: Mon Mar 24, 2008 2:20 pm 
Offline
Senior Newbie

Joined: Mon Feb 18, 2008 10:15 am
Posts: 13
the size 32 != 16 sounds like one piece wants a shortword and the other a longword. a sanity check, in other words...
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linode.com Related Forums » Feature Request/Bug Report


Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group