[РЕШЕНО] linux 4.0.1-1 - net.ipv4.ip_forward перестал работать

casper	# 7 лет, 4 месяца назад (отредактировано 7 лет, 4 месяца назад)
Темы: 18 Сообщения: 122 Участник с: 01 ноября 2011	Всем доброго времени суток и с майскими праздниками. Дома долгое время работала следующая схема: Сервачок (Arch Linux, hostapd, iptables) + локальная сеть. Сегодня с обновлениями прилетело ядро 4.0.1-1, вроде никакие сервисы не поломались, все работает, но на клиентах в локалке инет пропал. Подозреваю, что не работает именно net.ipv4.ip_forward, так как сервачок еще является openvpn клиентом до одного офиса, так вот, теперь это офис доступен только с сервачка, а с локалки нет. `media ~ $ uname -a Linux media 4.0.1-1-ARCH #1 SMP PREEMPT Wed Apr 29 12:00:26 CEST 2015 x86_64 GNU/Linux iptables -A POSTROUTING -s 10.16.0.0/24 -o ppp0 -j MASQUERADE media ~ $ ip a show ppp0 7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3 link/ppp inet $EXT_IP peer $PEER scope global ppp0 valid_lft forever preferred_lft forever` На ядро 3.19 откатится еще не пробовал, но если идей не поступит, то это первый вариант решения проблемы. Пока обошел установкой polipo. Всем заранее спасибо за ответы.

# 7 лет, 4 месяца назад (отредактировано 7 лет, 4 месяца назад)

Сообщения: 122

Участник с: 01 ноября 2011

Всем доброго времени суток и с майскими праздниками.

Дома долгое время работала следующая схема:
Сервачок (Arch Linux, hostapd, iptables) + локальная сеть.

Сегодня с обновлениями прилетело ядро 4.0.1-1, вроде никакие сервисы не поломались, все работает, но на клиентах в локалке инет пропал.
Подозреваю, что не работает именно net.ipv4.ip_forward, так как сервачок еще является openvpn клиентом до одного офиса, так вот, теперь это офис доступен только с сервачка, а с локалки нет.

media ~ $  uname -a
Linux media 4.0.1-1-ARCH #1 SMP PREEMPT Wed Apr 29 12:00:26 CEST 2015 x86_64 GNU/Linux

iptables -A POSTROUTING -s 10.16.0.0/24 -o ppp0 -j MASQUERADE

media ~ $  ip a show ppp0
7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    link/ppp
    inet $EXT_IP peer $PEER scope global ppp0
       valid_lft forever preferred_lft forever

На ядро 3.19 откатится еще не пробовал, но если идей не поступит, то это первый вариант решения проблемы. Пока обошел установкой polipo.

Всем заранее спасибо за ответы.

Natrio	# 7 лет, 4 месяца назад
Темы: 47 Сообщения: 4763 Участник с: 08 января 2011	У меня форвардинг работает как обычно, ядро 4.0.1-1-ARCH i686 Так что не факт, что дело именно в нём, скорее что-то другое отвалилось. Я бы посмотрел текущее состояние сети и попробовал проследить путь пакетов.

casper	# 7 лет, 4 месяца назад
Темы: 18 Сообщения: 122 Участник с: 01 ноября 2011	Странно, я даже не знаю на что еще грешить. Между интерфейсами сарвака трафик так и не ходит. Попробую откатить ядро на 3.19.

casper	# 7 лет, 4 месяца назад
Темы: 18 Сообщения: 122 Участник с: 01 ноября 2011	Откат ядра ни к чему не привел, трафик все также не ходит. tcpdump -i br0 icmp показывает эхо запросы, но ответов нет. tcpdump -i ppp0 icmp ничего не показывает.

casper	# 7 лет, 4 месяца назад
Темы: 18 Сообщения: 122 Участник с: 01 ноября 2011	Вот список пакетов, которые обновились, может кто подскажет, что из этого могло вызвать проблему: [2015-05-04 10:47] [ALPM] upgraded tzdata (2015b-1 -> 2015d-1) [2015-05-04 10:47] [ALPM] upgraded glibc (2.21-2 -> 2.21-3) [2015-05-04 10:47] [ALPM] upgraded readline (6.3.006-1 -> 6.3.008-1) [2015-05-04 10:47] [ALPM] upgraded nettle (2.7.1-1 -> 3.1.1-1) [2015-05-04 10:47] [ALPM] upgraded gnutls (3.3.14-2 -> 3.4.0-1) [2015-05-04 10:47] [ALPM] upgraded aiccu (20070115-4 -> 20070115-5) [2015-05-04 10:47] [ALPM] upgraded libgpg-error (1.18-1 -> 1.19-1) [2015-05-04 10:47] [ALPM] upgraded libsystemd (218-2 -> 219-6) [2015-05-04 10:47] [ALPM] upgraded apr (1.5.1-1 -> 1.5.2-1) [2015-05-04 10:47] [ALPM] upgraded boost-libs (1.57.0-4 -> 1.58.0-1) [2015-05-04 10:47] [ALPM] upgraded systemd (218-2 -> 219-6) [2015-05-04 10:47] [ALPM] upgraded libcups (2.0.2-3 -> 2.0.2-4) [2015-05-04 10:47] [ALPM] upgraded kbproto (1.0.6-2 -> 1.0.7-1) [2015-05-04 10:47] [ALPM] upgraded libxrender (0.9.8-1 -> 0.9.9-1) [2015-05-04 10:47] [ALPM] upgraded libedit (20141030_3.1-1 -> 20150325_3.1-1) [2015-05-04 10:47] [ALPM] upgraded llvm-libs (3.6.0-4 -> 3.6.0-5) [2015-05-04 10:47] [ALPM] upgraded libpciaccess (0.13.3-1 -> 0.13.4-1) [2015-05-04 10:47] [ALPM] upgraded mesa (10.5.2-1 -> 10.5.4-1) [2015-05-04 10:47] [ALPM] upgraded mesa-libgl (10.5.2-1 -> 10.5.4-1) [2015-05-04 10:47] [ALPM] upgraded cups-filters (1.0.67-2 -> 1.0.68-1) [2015-05-04 10:47] [ALPM] upgraded sqlite (3.8.8.3-1 -> 3.8.9-1) [2015-05-04 10:47] [ALPM] upgraded cups (2.0.2-3 -> 2.0.2-4) [2015-05-04 10:47] [ALPM] upgraded curl (7.41.0-1 -> 7.42.0-1) [2015-05-04 10:47] [ALPM] upgraded dnsmasq (2.72-1 -> 2.72-2) [2015-05-04 10:47] [ALPM] upgraded dnssec-anchors (20140629-1 -> 20150403-1) [2015-05-04 10:47] [ALPM] upgraded libbluray (0.7.0-1 -> 0.8.0-1) [2015-05-04 10:47] [ALPM] upgraded libvorbis (1.3.4-1 -> 1.3.5-1) [2015-05-04 10:47] [ALPM] upgraded libssh (0.6.4-1 -> 0.6.5-1) [2015-05-04 10:47] [ALPM] upgraded libvpx (1.3.0-1 -> 1.4.0-2) [2015-05-04 10:47] [ALPM] upgraded ffmpeg (1:2.6.1-2 -> 1:2.6.2-1) [2015-05-04 10:47] [ALPM] upgraded ffmpeg-compat (1:0.10.15-2 -> 1:0.10.16-1) [2015-05-04 10:47] [ALPM] upgraded libxt (1.1.4-1 -> 1.1.5-1) [2015-05-04 10:47] [ALPM] upgraded gd (2.1.1-1 -> 2.1.1-2) [2015-05-04 10:47] [ALPM] upgraded geoip-database (20150303-1 -> 20150407-1) [2015-05-04 10:47] [ALPM] upgraded git (2.3.5-1 -> 2.3.7-1) [2015-05-04 10:47] [ALPM] upgraded gsettings-desktop-schemas (3.16.0-1 -> 3.16.1-1) [2015-05-04 10:47] [ALPM] upgraded glib-networking (2.44.0-1 -> 2.44.0-2) [2015-05-04 10:47] [ALPM] upgraded npth (1.1-1 -> 1.2-1) [2015-05-04 10:47] [ALPM] upgraded libksba (1.3.2-1 -> 1.3.3-1) [2015-05-04 10:47] [ALPM] upgraded libassuan (2.1.3-1 -> 2.2.0-1) [2015-05-04 10:47] [ALPM] upgraded gnupg (2.1.2-3 -> 2.1.3-3) [2015-05-04 10:47] [ALPM] upgraded lib32-nettle (2.7.1-1 -> 3.1.1-1) [2015-05-04 10:47] [ALPM] upgraded lib32-p11-kit (0.23.1-1 -> 0.23.1-2) [2015-05-04 10:47] [ALPM] upgraded lib32-gnutls (3.3.13-1 -> 3.4.0-1) [2015-05-04 10:47] [ALPM] upgraded lib32-util-linux (2.26-1 -> 2.26.1-1) [2015-05-04 10:47] [ALPM] upgraded libcacard (2.2.1-3 -> 2.2.1-4) [2015-05-04 10:47] [ALPM] upgraded libfontenc (1.1.2-1 -> 1.1.3-1) [2015-05-04 10:47] [ALPM] upgraded libmicrohttpd (0.9.39-1 -> 0.9.39-2) [2015-05-04 10:47] [ALPM] upgraded libtorrent-rasterbar (1:0.16.17-3 -> 1:0.16.17-4) [2015-05-04 10:47] [ALPM] upgraded libvirt (1.2.14-1 -> 1.2.14-2) [2015-05-04 10:47] [ALPM] upgraded libwbclient (4.2.0-1 -> 4.2.1-1) [2015-05-04 10:47] [ALPM] upgraded libxaw (1.0.12-1 -> 1.0.13-1) [2015-05-04 10:47] [ALPM] upgraded linux-firmware (20150206.17657c3-1 -> 20150410.ec89525-1) [2015-05-04 10:48] [ALPM] upgraded linux (3.19.3-3 -> 4.0.1-1) [2015-05-04 10:48] [ALPM] upgraded linux-headers (3.19.3-3 -> 4.0.1-1) [2015-05-04 10:48] [ALPM] upgraded lxc (1:1.1.1-2 -> 1:1.1.2-1) [2015-05-04 10:48] [ALPM] upgraded man-pages (3.82-1 -> 3.83-1) [2015-05-04 10:48] [ALPM] upgraded nano (2.4.0-1 -> 2.4.1-1) [2015-05-04 10:48] [ALPM] upgraded netctl (1.10-1 -> 1.10-2) [2015-05-04 10:48] [ALPM] upgraded nginx (1.6.3-1 -> 1.8.0-1) [2015-05-04 10:48] [ALPM] upgraded ntfs-3g (2014.2.15-1 -> 2015.3.14-1) [2015-05-04 10:48] [ALPM] upgraded php (5.6.7-2 -> 5.6.8-2) [2015-05-04 10:48] [ALPM] upgraded php-gd (5.6.7-2 -> 5.6.8-2) [2015-05-04 10:48] [ALPM] upgraded owncloud (8.0.2-1 -> 8.0.3-2) [2015-05-04 10:48] [ALPM] upgraded perl-xml-libxml (2.0118-3 -> 2.0121-1) [2015-05-04 10:48] [ALPM] upgraded php-fpm (5.6.7-2 -> 5.6.8-2) [2015-05-04 10:48] [ALPM] upgraded php-intl (5.6.7-2 -> 5.6.8-2) [2015-05-04 10:48] [ALPM] upgraded php-ldap (5.6.7-2 -> 5.6.8-2) [2015-05-04 10:48] [ALPM] upgraded php-mcrypt (5.6.7-2 -> 5.6.8-2) [2015-05-04 10:48] [ALPM] upgraded php-sqlite (5.6.7-2 -> 5.6.8-2) [2015-05-04 10:48] [ALPM] upgraded python-greenlet (0.4.5-2 -> 0.4.6-1) [2015-05-04 10:48] [ALPM] upgraded python-setuptools (1:15.0-1 -> 1:15.2-1) [2015-05-04 10:48] [ALPM] upgraded python2-beaker (1.6.5-1 -> 1.7.0-1) [2015-05-04 10:48] [ALPM] upgraded python2-ply (3.4-4 -> 3.6-1) [2015-05-04 10:48] [ALPM] upgraded python2-pycparser (2.10-4 -> 2.12-1) [2015-05-04 10:48] [ALPM] upgraded python2-cryptography (0.8.1-2 -> 0.8.2-1) [2015-05-04 10:48] [ALPM] upgraded python2-lxml (3.4.2-2 -> 3.4.4-1) [2015-05-04 10:48] [ALPM] upgraded python2-pillow (2.7.0-3 -> 2.8.1-1) [2015-05-04 10:48] [ALPM] upgraded python2-setuptools (1:15.0-1 -> 1:15.2-1) [2015-05-04 10:48] [ALPM] upgraded python2-twisted (15.0.0-1 -> 15.1.0-1) [2015-05-04 10:48] [ALPM] upgraded seabios (1.7.5-2 -> 1.8.1-1) [2015-05-04 10:48] [ALPM] upgraded qemu (2.2.1-3 -> 2.2.1-4) [2015-05-04 10:48] [ALPM] upgraded rpcbind (0.2.2-2 -> 0.2.3-1) [2015-05-04 10:49] [ALPM] upgraded ruby (2.2.1-1 -> 2.2.2-1) [2015-05-04 10:49] [ALPM] upgraded s-nail (14.7.11-1 -> 14.8.0-1) [2015-05-04 10:49] [ALPM] upgraded talloc (2.1.1-1 -> 2.1.2-1) [2015-05-04 10:49] [ALPM] upgraded smbclient (4.2.0-1 -> 4.2.1-1) [2015-05-04 10:49] [ALPM] upgraded samba (4.2.0-1 -> 4.2.1-1) [2015-05-04 10:49] [ALPM] upgraded sox (14.4.1-4 -> 14.4.2-1) [2015-05-04 10:49] [ALPM] upgraded systemd-sysvcompat (218-2 -> 219-6) [2015-05-04 10:49] [ALPM] upgraded tcpdump (4.7.3-1 -> 4.7.4-1) [2015-05-04 10:49] [ALPM] upgraded unrar (1:5.2.6-1 -> 1:5.2.7-1) [2015-05-04 10:49] [ALPM] upgraded vim-runtime (7.4.663-2 -> 7.4.712-1) [2015-05-04 10:49] [ALPM] upgraded vim (7.4.663-2 -> 7.4.712-1) [2015-05-04 10:49] [ALPM] upgraded vnstat (1.13-1 -> 1.14-1) [2015-05-04 10:49] [ALPM] upgraded wpa_supplicant (2.3-1 -> 1:2.3-1) [2015-05-04 10:50] [ALPM] upgraded megatools (1.9.94-1 -> 1.9.95-1) [2015-05-04 11:01] [ALPM] upgraded plex-media-server (0.9.11.16.958-1 -> 0.9.12.0.1071-1) [2015-05-04 11:01] [ALPM] upgraded ympd-git (1.2.3.r25.gd344ec0-1 -> 1.2.3.r32.g51c371b-1) [2015-05-04 11:06] [ALPM] upgraded zabbix-agent (2.4.4-1 -> 2.4.5-1)

casper

# 7 лет, 4 месяца назад

Темы: 18

Сообщения: 122

Участник с: 01 ноября 2011

Вот список пакетов, которые обновились, может кто подскажет, что из этого могло вызвать проблему:

[2015-05-04 10:47] [ALPM] upgraded tzdata (2015b-1 -> 2015d-1)
[2015-05-04 10:47] [ALPM] upgraded glibc (2.21-2 -> 2.21-3)
[2015-05-04 10:47] [ALPM] upgraded readline (6.3.006-1 -> 6.3.008-1)
[2015-05-04 10:47] [ALPM] upgraded nettle (2.7.1-1 -> 3.1.1-1)
[2015-05-04 10:47] [ALPM] upgraded gnutls (3.3.14-2 -> 3.4.0-1)
[2015-05-04 10:47] [ALPM] upgraded aiccu (20070115-4 -> 20070115-5)
[2015-05-04 10:47] [ALPM] upgraded libgpg-error (1.18-1 -> 1.19-1)
[2015-05-04 10:47] [ALPM] upgraded libsystemd (218-2 -> 219-6)
[2015-05-04 10:47] [ALPM] upgraded apr (1.5.1-1 -> 1.5.2-1)
[2015-05-04 10:47] [ALPM] upgraded boost-libs (1.57.0-4 -> 1.58.0-1)
[2015-05-04 10:47] [ALPM] upgraded systemd (218-2 -> 219-6)
[2015-05-04 10:47] [ALPM] upgraded libcups (2.0.2-3 -> 2.0.2-4)
[2015-05-04 10:47] [ALPM] upgraded kbproto (1.0.6-2 -> 1.0.7-1)
[2015-05-04 10:47] [ALPM] upgraded libxrender (0.9.8-1 -> 0.9.9-1)
[2015-05-04 10:47] [ALPM] upgraded libedit (20141030_3.1-1 -> 20150325_3.1-1)
[2015-05-04 10:47] [ALPM] upgraded llvm-libs (3.6.0-4 -> 3.6.0-5)
[2015-05-04 10:47] [ALPM] upgraded libpciaccess (0.13.3-1 -> 0.13.4-1)
[2015-05-04 10:47] [ALPM] upgraded mesa (10.5.2-1 -> 10.5.4-1)
[2015-05-04 10:47] [ALPM] upgraded mesa-libgl (10.5.2-1 -> 10.5.4-1)
[2015-05-04 10:47] [ALPM] upgraded cups-filters (1.0.67-2 -> 1.0.68-1)
[2015-05-04 10:47] [ALPM] upgraded sqlite (3.8.8.3-1 -> 3.8.9-1)
[2015-05-04 10:47] [ALPM] upgraded cups (2.0.2-3 -> 2.0.2-4)
[2015-05-04 10:47] [ALPM] upgraded curl (7.41.0-1 -> 7.42.0-1)
[2015-05-04 10:47] [ALPM] upgraded dnsmasq (2.72-1 -> 2.72-2)
[2015-05-04 10:47] [ALPM] upgraded dnssec-anchors (20140629-1 -> 20150403-1)
[2015-05-04 10:47] [ALPM] upgraded libbluray (0.7.0-1 -> 0.8.0-1)
[2015-05-04 10:47] [ALPM] upgraded libvorbis (1.3.4-1 -> 1.3.5-1)
[2015-05-04 10:47] [ALPM] upgraded libssh (0.6.4-1 -> 0.6.5-1)
[2015-05-04 10:47] [ALPM] upgraded libvpx (1.3.0-1 -> 1.4.0-2)
[2015-05-04 10:47] [ALPM] upgraded ffmpeg (1:2.6.1-2 -> 1:2.6.2-1)
[2015-05-04 10:47] [ALPM] upgraded ffmpeg-compat (1:0.10.15-2 -> 1:0.10.16-1)
[2015-05-04 10:47] [ALPM] upgraded libxt (1.1.4-1 -> 1.1.5-1)
[2015-05-04 10:47] [ALPM] upgraded gd (2.1.1-1 -> 2.1.1-2)
[2015-05-04 10:47] [ALPM] upgraded geoip-database (20150303-1 -> 20150407-1)
[2015-05-04 10:47] [ALPM] upgraded git (2.3.5-1 -> 2.3.7-1)
[2015-05-04 10:47] [ALPM] upgraded gsettings-desktop-schemas (3.16.0-1 -> 3.16.1-1)
[2015-05-04 10:47] [ALPM] upgraded glib-networking (2.44.0-1 -> 2.44.0-2)
[2015-05-04 10:47] [ALPM] upgraded npth (1.1-1 -> 1.2-1)
[2015-05-04 10:47] [ALPM] upgraded libksba (1.3.2-1 -> 1.3.3-1)
[2015-05-04 10:47] [ALPM] upgraded libassuan (2.1.3-1 -> 2.2.0-1)
[2015-05-04 10:47] [ALPM] upgraded gnupg (2.1.2-3 -> 2.1.3-3)
[2015-05-04 10:47] [ALPM] upgraded lib32-nettle (2.7.1-1 -> 3.1.1-1)
[2015-05-04 10:47] [ALPM] upgraded lib32-p11-kit (0.23.1-1 -> 0.23.1-2)
[2015-05-04 10:47] [ALPM] upgraded lib32-gnutls (3.3.13-1 -> 3.4.0-1)
[2015-05-04 10:47] [ALPM] upgraded lib32-util-linux (2.26-1 -> 2.26.1-1)
[2015-05-04 10:47] [ALPM] upgraded libcacard (2.2.1-3 -> 2.2.1-4)
[2015-05-04 10:47] [ALPM] upgraded libfontenc (1.1.2-1 -> 1.1.3-1)
[2015-05-04 10:47] [ALPM] upgraded libmicrohttpd (0.9.39-1 -> 0.9.39-2)
[2015-05-04 10:47] [ALPM] upgraded libtorrent-rasterbar (1:0.16.17-3 -> 1:0.16.17-4)
[2015-05-04 10:47] [ALPM] upgraded libvirt (1.2.14-1 -> 1.2.14-2)
[2015-05-04 10:47] [ALPM] upgraded libwbclient (4.2.0-1 -> 4.2.1-1)
[2015-05-04 10:47] [ALPM] upgraded libxaw (1.0.12-1 -> 1.0.13-1)
[2015-05-04 10:47] [ALPM] upgraded linux-firmware (20150206.17657c3-1 -> 20150410.ec89525-1)
[2015-05-04 10:48] [ALPM] upgraded linux (3.19.3-3 -> 4.0.1-1)
[2015-05-04 10:48] [ALPM] upgraded linux-headers (3.19.3-3 -> 4.0.1-1)
[2015-05-04 10:48] [ALPM] upgraded lxc (1:1.1.1-2 -> 1:1.1.2-1)
[2015-05-04 10:48] [ALPM] upgraded man-pages (3.82-1 -> 3.83-1)
[2015-05-04 10:48] [ALPM] upgraded nano (2.4.0-1 -> 2.4.1-1)
[2015-05-04 10:48] [ALPM] upgraded netctl (1.10-1 -> 1.10-2)
[2015-05-04 10:48] [ALPM] upgraded nginx (1.6.3-1 -> 1.8.0-1)
[2015-05-04 10:48] [ALPM] upgraded ntfs-3g (2014.2.15-1 -> 2015.3.14-1)
[2015-05-04 10:48] [ALPM] upgraded php (5.6.7-2 -> 5.6.8-2)
[2015-05-04 10:48] [ALPM] upgraded php-gd (5.6.7-2 -> 5.6.8-2)
[2015-05-04 10:48] [ALPM] upgraded owncloud (8.0.2-1 -> 8.0.3-2)
[2015-05-04 10:48] [ALPM] upgraded perl-xml-libxml (2.0118-3 -> 2.0121-1)
[2015-05-04 10:48] [ALPM] upgraded php-fpm (5.6.7-2 -> 5.6.8-2)
[2015-05-04 10:48] [ALPM] upgraded php-intl (5.6.7-2 -> 5.6.8-2)
[2015-05-04 10:48] [ALPM] upgraded php-ldap (5.6.7-2 -> 5.6.8-2)
[2015-05-04 10:48] [ALPM] upgraded php-mcrypt (5.6.7-2 -> 5.6.8-2)
[2015-05-04 10:48] [ALPM] upgraded php-sqlite (5.6.7-2 -> 5.6.8-2)
[2015-05-04 10:48] [ALPM] upgraded python-greenlet (0.4.5-2 -> 0.4.6-1)
[2015-05-04 10:48] [ALPM] upgraded python-setuptools (1:15.0-1 -> 1:15.2-1)
[2015-05-04 10:48] [ALPM] upgraded python2-beaker (1.6.5-1 -> 1.7.0-1)
[2015-05-04 10:48] [ALPM] upgraded python2-ply (3.4-4 -> 3.6-1)
[2015-05-04 10:48] [ALPM] upgraded python2-pycparser (2.10-4 -> 2.12-1)
[2015-05-04 10:48] [ALPM] upgraded python2-cryptography (0.8.1-2 -> 0.8.2-1)
[2015-05-04 10:48] [ALPM] upgraded python2-lxml (3.4.2-2 -> 3.4.4-1)
[2015-05-04 10:48] [ALPM] upgraded python2-pillow (2.7.0-3 -> 2.8.1-1)
[2015-05-04 10:48] [ALPM] upgraded python2-setuptools (1:15.0-1 -> 1:15.2-1)
[2015-05-04 10:48] [ALPM] upgraded python2-twisted (15.0.0-1 -> 15.1.0-1)
[2015-05-04 10:48] [ALPM] upgraded seabios (1.7.5-2 -> 1.8.1-1)
[2015-05-04 10:48] [ALPM] upgraded qemu (2.2.1-3 -> 2.2.1-4)
[2015-05-04 10:48] [ALPM] upgraded rpcbind (0.2.2-2 -> 0.2.3-1)
[2015-05-04 10:49] [ALPM] upgraded ruby (2.2.1-1 -> 2.2.2-1)
[2015-05-04 10:49] [ALPM] upgraded s-nail (14.7.11-1 -> 14.8.0-1)
[2015-05-04 10:49] [ALPM] upgraded talloc (2.1.1-1 -> 2.1.2-1)
[2015-05-04 10:49] [ALPM] upgraded smbclient (4.2.0-1 -> 4.2.1-1)
[2015-05-04 10:49] [ALPM] upgraded samba (4.2.0-1 -> 4.2.1-1)
[2015-05-04 10:49] [ALPM] upgraded sox (14.4.1-4 -> 14.4.2-1)
[2015-05-04 10:49] [ALPM] upgraded systemd-sysvcompat (218-2 -> 219-6)
[2015-05-04 10:49] [ALPM] upgraded tcpdump (4.7.3-1 -> 4.7.4-1)
[2015-05-04 10:49] [ALPM] upgraded unrar (1:5.2.6-1 -> 1:5.2.7-1)
[2015-05-04 10:49] [ALPM] upgraded vim-runtime (7.4.663-2 -> 7.4.712-1)
[2015-05-04 10:49] [ALPM] upgraded vim (7.4.663-2 -> 7.4.712-1)
[2015-05-04 10:49] [ALPM] upgraded vnstat (1.13-1 -> 1.14-1)
[2015-05-04 10:49] [ALPM] upgraded wpa_supplicant (2.3-1 -> 1:2.3-1)
[2015-05-04 10:50] [ALPM] upgraded megatools (1.9.94-1 -> 1.9.95-1)
[2015-05-04 11:01] [ALPM] upgraded plex-media-server (0.9.11.16.958-1 -> 0.9.12.0.1071-1)
[2015-05-04 11:01] [ALPM] upgraded ympd-git (1.2.3.r25.gd344ec0-1 -> 1.2.3.r32.g51c371b-1)
[2015-05-04 11:06] [ALPM] upgraded zabbix-agent (2.4.4-1 -> 2.4.5-1)

Natrio	# 7 лет, 4 месяца назад
Темы: 47 Сообщения: 4763 Участник с: 08 января 2011	Если можно, хотелось бы узнать побольше о текущем состоянии сетевой подсистемы: `iptables-save ip addr ip route` Кроме того, стоит посмотреть, не появилось ли чего в /etc/sysctl.d/ и /usr/lib/sysctl.d/

casper	# 7 лет, 4 месяца назад
Темы: 18 Сообщения: 122 Участник с: 01 ноября 2011	Вернул обратно новое ядро, выключил опенвпн-ы чтоб голову не заморачивать. Вот что имеем: media ~ $ iptables-save # Generated by iptables-save v1.4.21 on Mon May 4 16:45:26 2015 filter :INPUT DROP [63:6469] :FORWARD DROP [0:0] :OUTPUT ACCEPT [2371:341503] -A INPUT -i lo -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -i br0 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -p tcp -m multiport --dports 2222,6881,32400,8112,21,443,80,6601 -j ACCEPT -A INPUT -p tcp -m multiport --dports 10050,8080,5001,60001 -j ACCEPT -A INPUT -p udp -m multiport --dports 6881 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -j ACCEPT -A FORWARD -i br0 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Mon May 4 16:45:26 2015 # Generated by iptables-save v1.4.21 on Mon May 4 16:45:26 2015 nat :PREROUTING ACCEPT [2113:167861] :INPUT ACCEPT [1628:115102] :OUTPUT ACCEPT [5980:754249] :POSTROUTING ACCEPT [5980:754249] -A POSTROUTING -s 10.16.0.0/24 -o ppp0 -j MASQUERADE COMMIT # Completed on Mon May 4 16:45:26 2015 # Generated by iptables-save v1.4.21 on Mon May 4 16:45:26 2015 *mangle :PREROUTING ACCEPT [13271:2710425] :INPUT ACCEPT [12793:2645240] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [16064:2326798] :POSTROUTING ACCEPT [16614:2434127] -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A POSTROUTING -s 10.16.0.0/24 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Mon May 4 16:45:26 2015 media ~ $ ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000 link/ether 90:2b:34:dc:6c:4f brd ff:ff:ff:ff:ff:ff inet6 fe80::922b:34ff:fedc:6c4f/64 scope link valid_lft forever preferred_lft forever 3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 90:2b:34:dc:6c:4d brd ff:ff:ff:ff:ff:ff inet6 fe80::922b:34ff:fedc:6c4d/64 scope link valid_lft forever preferred_lft forever 4: wwp0s26u1u1i1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether de:22:c8:a3:a8:9e brd ff:ff:ff:ff:ff:ff 5: wlp0s26u1u3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000 link/ether c0:4a:00:27:23:f2 brd ff:ff:ff:ff:ff:ff inet6 fe80::c24a:ff:fe27:23f2/64 scope link valid_lft forever preferred_lft forever 6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 92:47:88:d0:e6:8d brd ff:ff:ff:ff:ff:ff inet 10.16.0.4/24 brd 10.16.0.255 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::9047:88ff:fed0:e68d/64 scope link valid_lft forever preferred_lft forever 7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3 link/ppp inet $PUB_IP peer 10.16.255.137/32 scope global ppp0 valid_lft forever preferred_lft forever `media ~ $ ip route default dev ppp0 scope link 10.16.0.0/24 dev br0 proto kernel scope link src 10.16.0.4 10.16.255.137 dev ppp0 proto kernel scope link src $PUB_IP`

casper

# 7 лет, 4 месяца назад

Темы: 18

Сообщения: 122

Участник с: 01 ноября 2011

Вернул обратно новое ядро, выключил опенвпн-ы чтоб голову не заморачивать. Вот что имеем:

media ~ $  iptables-save
# Generated by iptables-save v1.4.21 on Mon May  4 16:45:26 2015
*filter
:INPUT DROP [63:6469]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [2371:341503]
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 2222,6881,32400,8112,21,443,80,6601 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 10050,8080,5001,60001 -j ACCEPT
-A INPUT -p udp -m multiport --dports 6881 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon May  4 16:45:26 2015
# Generated by iptables-save v1.4.21 on Mon May  4 16:45:26 2015
*nat
:PREROUTING ACCEPT [2113:167861]
:INPUT ACCEPT [1628:115102]
:OUTPUT ACCEPT [5980:754249]
:POSTROUTING ACCEPT [5980:754249]
-A POSTROUTING -s 10.16.0.0/24 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon May  4 16:45:26 2015
# Generated by iptables-save v1.4.21 on Mon May  4 16:45:26 2015
*mangle
:PREROUTING ACCEPT [13271:2710425]
:INPUT ACCEPT [12793:2645240]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [16064:2326798]
:POSTROUTING ACCEPT [16614:2434127]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A POSTROUTING -s 10.16.0.0/24 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Mon May  4 16:45:26 2015

media ~ $  ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 90:2b:34:dc:6c:4f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::922b:34ff:fedc:6c4f/64 scope link
       valid_lft forever preferred_lft forever
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 90:2b:34:dc:6c:4d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::922b:34ff:fedc:6c4d/64 scope link
       valid_lft forever preferred_lft forever
4: wwp0s26u1u1i1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether de:22:c8:a3:a8:9e brd ff:ff:ff:ff:ff:ff
5: wlp0s26u1u3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
    link/ether c0:4a:00:27:23:f2 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c24a:ff:fe27:23f2/64 scope link
       valid_lft forever preferred_lft forever
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 92:47:88:d0:e6:8d brd ff:ff:ff:ff:ff:ff
    inet 10.16.0.4/24 brd 10.16.0.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::9047:88ff:fed0:e68d/64 scope link
       valid_lft forever preferred_lft forever
7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    link/ppp
    inet $PUB_IP peer 10.16.255.137/32 scope global ppp0
       valid_lft forever preferred_lft forever

media ~ $  ip route
default dev ppp0  scope link
10.16.0.0/24 dev br0  proto kernel  scope link  src 10.16.0.4
10.16.255.137 dev ppp0  proto kernel  scope link  src $PUB_IP

killer1804	# 7 лет, 4 месяца назад
Темы: 54 Сообщения: 515 Участник с: 13 марта 2007	cat /proc/sys/net/ipv4/ip_forward

casper	# 7 лет, 4 месяца назад
Темы: 18 Сообщения: 122 Участник с: 01 ноября 2011	killer1804 cat /proc/sys/net/ipv4/ip_forward `media ~ $ cat /proc/sys/net/ipv4/ip_forward 1`

casper

# 7 лет, 4 месяца назад

Темы: 18

Сообщения: 122

Участник с: 01 ноября 2011

killer1804
cat /proc/sys/net/ipv4/ip_forward

media ~ $  cat /proc/sys/net/ipv4/ip_forward
1

casper	# 7 лет, 4 месяца назад (отредактировано 7 лет, 4 месяца назад)
Темы: 18 Сообщения: 122 Участник с: 01 ноября 2011	Natrio, вот еще забыл: `media ~ $ ls -ltr /etc/sysctl.d/ total 4 -rw-r--r-- 1 root root 199 May 4 11:40 99-sysctl.conf` `media ~ $ cat /etc/sysctl.d/99-sysctl.conf net.ipv4.ip_forward = 1` `media ~ $ ls -ltr /usr/lib/sysctl.d/ total 12 -rw-r--r-- 1 root root 1031 Apr 22 04:01 50-default.conf -rw-r--r-- 1 root root 518 Apr 22 04:01 50-coredump.conf -rw-r--r-- 1 root root 499 May 4 15:13 60-libvirtd.conf` media ~ $ cat /usr/lib/sysctl.d/60-libvirtd.conf # The kernel allocates aio memory on demand, and this number limits the # number of parallel aio requests; the only drawback of a larger limit is # that a malicious guest could issue parallel requests to cause the kernel # to set aside memory. Set this number at least as large as # 128 * (number of virtual disks on the host) # Libvirt uses a default of 1M requests to allow 8k disks, with at most # 64M of kernel memory if all disks hit an aio request at the same time. fs.aio-max-nr = 1048576 media /usr/lib/sysctl.d $ cat 50-default.conf # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # See sysctl.d(5) and core(5) for for details. # System Request functionality of the kernel (SYNC) kernel.sysrq = 16 # Append the PID to the core filename kernel.core_uses_pid = 1 # Source route verification net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_source_route = 0 # Promote secondary addresses when the primary address is removed net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 # Fair Queue CoDel packet scheduler to fight bufferbloat net.core.default_qdisc = fq_codel # Enable hard and soft link protection fs.protected_hardlinks = 1 fs.protected_symlinks = 1

casper

# 7 лет, 4 месяца назад (отредактировано 7 лет, 4 месяца назад)

Темы: 18

Сообщения: 122

Участник с: 01 ноября 2011

Natrio, вот еще забыл:

media ~ $  ls -ltr /etc/sysctl.d/
total 4
-rw-r--r-- 1 root root 199 May  4 11:40 99-sysctl.conf

media ~ $  cat /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward = 1

media ~ $  ls -ltr /usr/lib/sysctl.d/
total 12
-rw-r--r-- 1 root root 1031 Apr 22 04:01 50-default.conf
-rw-r--r-- 1 root root  518 Apr 22 04:01 50-coredump.conf
-rw-r--r-- 1 root root  499 May  4 15:13 60-libvirtd.conf

media ~ $  cat /usr/lib/sysctl.d/60-libvirtd.conf
# The kernel allocates aio memory on demand, and this number limits the
# number of parallel aio requests; the only drawback of a larger limit is
# that a malicious guest could issue parallel requests to cause the kernel
# to set aside memory.  Set this number at least as large as
#   128 * (number of virtual disks on the host)
# Libvirt uses a default of 1M requests to allow 8k disks, with at most
# 64M of kernel memory if all disks hit an aio request at the same time.
fs.aio-max-nr = 1048576

media /usr/lib/sysctl.d $  cat 50-default.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See sysctl.d(5) and core(5) for for details.

# System Request functionality of the kernel (SYNC)
kernel.sysrq = 16

# Append the PID to the core filename
kernel.core_uses_pid = 1

# Source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0

# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1

# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1