| View previous topic :: View next topic |
| Author |
Message |
redsmayday
n00b
Joined: 18 Jun 2018
Posts: 6
|
 Posted: Mon Jun 18, 2018 3:31 am Post subject: iptables: Memory allocation problem. |
 |
|
I have a gentoo server running CSF. I cannot restart the csf by csf -r after I added country deny such as "FR,DE", and keep getting
| Code: | iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
Error: FASTSTART: (TCP_OUT IPv4) [] [iptables-restore: line 17 failed]. Try rest arting csf with FASTSTART disabled, at line 4735
|
Server memory is as following:
| Code: |
16597188 K total memory
6995852 K used memory
2721840 K active memory
3871436 K inactive memory
9601336 K free memory
349092 K buffer memory
5938516 K swap cache
2047844 K total swap
0 K used swap
2047844 K free swap
3156973 non-nice user cpu ticks
375900 nice user cpu ticks
2113409 system cpu ticks
5918899468 idle cpu ticks
1320304 IO-wait cpu ticks
5460220 IRQ cpu ticks
6684823 softirq cpu ticks
0 stolen cpu ticks
15861626 pages paged in
315324943 pages paged out
0 pages swapped in
0 pages swapped out
3182143506 interrupts
3346516201 CPU context switches
1521864963 boot time
2623257 forks
|
Server support supports CentOS, but not gentoo told me as following,
I added a value in the grub config in /etc/default/grub
From :
| Code: | | GRUB_CMDLINE_LINUX_DEFAULT="" |
To :
| Code: | | GRUB_CMDLINE_LINUX_DEFAULT="quiet vmalloc=384M" |
Now grub need to be rebuild to apply the new rules.
Unfortunately, we do not support Gentoo as operating system and we don't want to take the risk to broke your system.
In the file it's write to perform this command to update the changes : grub2-mkconfig -o /boot/grub2/grub.cfg
Since we do not support this OS, i don't want to take the chance to run this command.
I found this article https://wiki.gentoo.org/wiki/GRUB2 with the same command.
I can't guarantee you that it will work or not. We do not work with gentoo.
Try to contact a Gentoo expert to know exactly if the command can be run without any issues before.
If it works, the server should be rebooted after the changes to apply the new value.
Unfortunately, we can't help you more than that on this issue, it's a related to kernel OS that we do not support.
Could any professionals can tell me if above memory solutions is good for my gentoo server or not, thank you.
[Moderator edit: added [code] tags to preserve output layout. -Hu] |
|
| Back to top |
|
 |
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5934
|
| Posted: Mon Jun 18, 2018 3:56 am Post subject: |
|
|
I'm not familiar with CSF, but iptables memory allocation issues can sometimes stem from having too many open connections with conntrack enabled. Or possibly too many rules. I had issues a few years back with a "basic" iptables setup with 60K rules, wound up having to consolidate with ipset.
edit: the grub kernel line change you want to make should be fine.
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
redsmayday
n00b
Joined: 18 Jun 2018
Posts: 6
|
| Posted: Mon Jun 18, 2018 2:16 pm Post subject: |
|
|
| bunder wrote: | I'm not familiar with CSF, but iptables memory allocation issues can sometimes stem from having too many open connections with conntrack enabled. Or possibly too many rules. I had issues a few years back with a "basic" iptables setup with 60K rules, wound up having to consolidate with ipset.
edit: the grub kernel line change you want to make should be fine. |
Thank you very much bunder for your reply. Will ask the server support to help me to apply the changes for the memory.
Plus: I could not fine the "basic" iptables from your previous posts, would you pls share me the link. |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5934
|
| Posted: Mon Jun 18, 2018 2:33 pm Post subject: |
|
|
it was a custom script i wrote, with a fairly extensive block list... but iptables rules are processed one at a time until it finds a match or hits the end of the chain, and the more rules you need the longer it takes to process. ipset speeds up that process by having one rule with a faster match lookup. conntrack also takes up a fair bit of memory, but only when you're managing many thousands of connections. i think you should have plenty of memory for that though.
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
redsmayday
n00b
Joined: 18 Jun 2018
Posts: 6
|
| Posted: Tue Jun 19, 2018 1:18 am Post subject: |
|
|
| I see, thank you bunder very much for your help. Will try and see. |
|
| Back to top |
|
|
redsmayday
n00b
Joined: 18 Jun 2018
Posts: 6
|
| Posted: Sun Jun 24, 2018 2:15 pm Post subject: |
|
|
edit: the grub kernel line change you want to make should be fine.[/quote]
Hi bunder, this memory size change do you think is reversible, say if the system goes wrong, we can change this line back to what is was "GRUB_CMDLINE_LINUX_DEFAULT=""", and system will go back to the status of before memory changing status? Thank you very much! |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5934
|
| Posted: Tue Jun 26, 2018 11:59 am Post subject: |
|
|
Sure, you can change the value or remove it then grub-mkconfig and reboot.
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
redsmayday
n00b
Joined: 18 Jun 2018
Posts: 6
|
| Posted: Tue Sep 18, 2018 12:45 pm Post subject: It worked. Thank you bunder. |
|
|
| bunder wrote: | | Sure, you can change the value or remove it then grub-mkconfig and reboot. |
Hi bunder, the change has been applied by my server provider after getting your confirmation and backup. Really appreciate your help! |
|
| Back to top |
|
|
|
Networking & Security
