为什么网速慢，一会后就不能上网（IPTABLES）

linker_yxj · 发表于 2003-10-15 09:39:03

网络环境是需要拨号的FTTX+LAN，用RH9＋IPTABLE共享上网，IPTABLE的脚本如下：
＃！/bin/sh
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

就这样我用了一个月，今天装RH9的电脑都上不了网，除非重启并不执行上面的脚本。

在线等好心人回复

netsafe · 发表于 2003-10-15 16:35:45

用tcpdump看看。是否有可疑的网络流量。检查/proc/net/ip_conn???表是否添满。也许是冲击波病毒或者变种。

linker_yxj · 发表于 2003-10-15 17:22:51

这是cat /proc/net/ip_conntrack的内容，帮我看看.

tcp    6 431971 ESTABLISHED src=192.168.100.8 dst=192.168.100.2 sport=1034 dport=139 src=192.168.100.2 dst=192.168.100.8 sport=139 dport=1034 [ASSURED] use=1
tcp    6 109 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32855 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32855 [ASSURED] use=1
tcp    6 431983 ESTABLISHED src=192.168.100.5 dst=211.136.86.9 sport=1925 dport=3004 src=211.136.86.9 dst=219.141.1.113 sport=3004 dport=1925 [ASSURED] use=1
tcp    6 13 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32836 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32836 [ASSURED] use=1
tcp    6 33 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32840 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32840 [ASSURED] use=1
tcp    6 53 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32844 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32844 [ASSURED] use=1
tcp    6 74 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32848 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32848 [ASSURED] use=1
tcp    6 94 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32852 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32852 [ASSURED] use=1
tcp    6 114 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32856 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32856 [ASSURED] use=1
tcp    6 431991 ESTABLISHED src=192.168.100.5 dst=211.136.86.9 sport=1924 dport=2002 src=211.136.86.9 dst=219.141.1.113 sport=2002 dport=1924 [ASSURED] use=1
tcp    6 18 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32837 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32837 [ASSURED] use=1
udp    17 27 src=192.168.100.1 dst=192.168.100.255 sport=137 dport=137 [UNREPLIED] src=192.168.100.255 dst=192.168.100.1 sport=137 dport=137 use=1
tcp    6 38 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32841 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32841 [ASSURED] use=1
tcp    6 58 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32845 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32845 [ASSURED] use=1
udp    17 169 src=192.168.100.8 dst=202.104.129.252 sport=4000 dport=8000 src=202.104.129.252 dst=219.141.1.113 sport=8000 dport=4000 [ASSURED] use=1
udp    17 173 src=192.168.100.11 dst=202.104.129.254 sport=4000 dport=8000 src=202.104.129.254 dst=219.141.1.113 sport=8000 dport=4000 [ASSURED] use=1
tcp    6 79 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32849 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32849 [ASSURED] use=1
tcp    6 99 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32853 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32853 [ASSURED] use=1
tcp    6 431999 ESTABLISHED src=192.168.100.5 dst=211.136.86.9 sport=1919 dport=3004 src=211.136.86.9 dst=219.141.1.113 sport=3004 dport=1919 [ASSURED] use=1
tcp    6 119 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32857 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32857 [ASSURED] use=1
tcp    6 432000 ESTABLISHED src=192.168.100.127 dst=192.168.100.2 sport=4126 dport=23 src=192.168.100.2 dst=192.168.100.127 sport=23 dport=4126 [ASSURED] use=1
tcp    6 23 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32838 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32838 [ASSURED] use=1
tcp    6 43 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32842 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32842 [ASSURED] use=1
tcp    6 64 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32846 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32846 [ASSURED] use=1
tcp    6 84 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32850 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32850 [ASSURED] use=1
tcp    6 104 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32854 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32854 [ASSURED] use=1
tcp    6 431965 ESTABLISHED src=192.168.100.5 dst=211.136.86.9 sport=1926 dport=2002 src=211.136.86.9 dst=219.141.1.113 sport=2002 dport=1926 [ASSURED] use=1
tcp    6 8 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32835 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32835 [ASSURED] use=1
tcp    6 431974 ESTABLISHED src=192.168.100.8 dst=61.236.194.108 sport=1255 dport=80 src=61.236.194.108 dst=219.141.1.113 sport=80 dport=1255 [ASSURED] use=1
tcp    6 28 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32839 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32839 [ASSURED] use=1
tcp    6 48 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32843 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32843 [ASSURED] use=1
tcp    6 69 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32847 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32847 [ASSURED] use=1
tcp    6 89 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=32851 dport=631 src=127.0.0.1 dst=127.0.0.1 sport=631 dport=32851 [ASSURED] use=1

大熊宝宝 · 发表于 2003-10-16 00:00:18

估计是中病毒了

兄弟语出惊人 linux下有冲击波？？在说流量没有可疑啊

netsafe · 发表于 2003-10-16 07:50:36

linux系统本身是不能感染冲击波病毒的。但是冲击波是“蠕虫”的一种。除了感染microsoft的系统外，主要的危害就是产生大量的无用流量。使网络变慢。如果它产生的流量能经过FORWARD 链。那么它可以很快占满所有的ip_conntrack。一楼的兄弟如果ip_conntrack文件全的话。应该不是局域网有病毒。也许是你的linux系统问题。你看所有的本地流量都会进行nat。是否毛病在这里呢

		自动登录	找回密码
密码			注册