Joined: 17 Nov 2004
|Posted: Wed Nov 17, 2004 5:08 pm Post subject: iptables and memory allocation errors
|I have an interesting issue that I cannot seen to find an answer for. I
have been a nix guy for years and have run mostly RH on i86
architecture machines. Recently, at work, I needed a Linux for several
Sun boxes. Namely E220's & Netra T1 105's. I got plum tired of
Solaris on some machines, FreeBSD & and a mix of others. Gentoo works
great on the Sparc64's and I have production boxes running it smooth as silk.
I have purchased a couple Netra T1 105's for myself and was about to put
one on line to replace an older x86 box, and when I loaded my previous
firewall rules it gave me iptables - Memory allocation error's about half
way through the load. I have 512M ram in both boxes I own and the magic number to load seems to be 857 lines total.
These rules have loaded nicely in x86 boxes with 256M & 128M ram using iptables.
I have emerged the latest iptables (iptables-1.2.11-r3) and they are running under a linux-2.4.27-sparc kernel. Most everything is compiled in the kernel except ipt_state & iptable_mangle which are loaded as modules. Everything works fine as long as I trim down the list of banned IP's to a point where the common rules and banned IP's do not exceed the 857 lines in the list. However that means dropping the banned list from ~1200 to ~250.
Anybody have any thoughts as to how to get around this memory issue?
Any thoughts or suggestions would be greatly appreciated.