You may be able to increase the ip_conntrack_max on your router. I had a terrible verizon dsl router that would have its connection tracking capacity exhausted by pings to games servers. I was able to partially resolve the problem my telnetting (yea I know) into the router and setting the ip_conntrack_max from 1000 to 65000. You might also want to reduce the amount of time TCP spends in TIME-WAIT.
Ultimately I replaced the router with a pi based solution with much greater resources.
On 2013-09-18 11:04, Gordon Morehouse wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Addendum to addendum: the router fail is definitely caused by Tor connections filling up the router's ip_conntrack table - once it gets near full, it somehow interferes with a couple other services on my router (especially DNSmasq) even if there is free RAM. I will need to figure out some iptables tricks for the Pi, which I've long known, to prevent this, just no time yet.
Note that somehow, due to a brief enough hiccup I guess, my Pi relay retained Named, Stable and Fast this morning, so as soon as I restarted it it was instantly slammed with thousands of connections.
I may need to do the kludge of rate-limiting incoming connections to the Tor ports for now, using iptables.
Also of note: regarding the ntp and time/clock issue: it appears that because I was using a particular stripped image of Raspbian, some spurious .conf and init.d files were left for the Raspbian 'ntp' package, which I purged, and ensured that only 'ntpdate' (for setting the clock at startup, run in /etc/rc.local) and 'openntpd' are installed.
Best,
- -Gordon M.
Gordon Morehouse:
Addendum: restarting tor instantly puts my router into a tailspin this morning. This is a WRT54G (old school, 3.0 hardware, 200MHz MIPS). While that's old, there are many, many consumer routers out there with similar specs and worse firmware. In this case it causes major problems with DNS.
I'd like to figure out what is going on with this in order to prevent it from happening as part of the Cipollini project[1] so (when the time comes) we're not distributing images for Raspberry Pi which crash people's routers. :(
Request timeout for icmp_seq 847981 64 bytes from 192.168.1.1: icmp_seq=61550 ttl=64 time=1.136 ms Request timeout for icmp_seq 847983 Request timeout for icmp_seq 847984 Request timeout for icmp_seq 847985 64 bytes from 192.168.1.1: icmp_seq=61554 ttl=64 time=0.917 ms Request timeout for icmp_seq 847987 64 bytes from 192.168.1.1: icmp_seq=61556 ttl=64 time=0.929 ms Request timeout for icmp_seq 847989 Request timeout for icmp_seq 847990 64 bytes from 192.168.1.1: icmp_seq=61559 ttl=64 time=0.929 ms 64 bytes from 192.168.1.1: icmp_seq=61560 ttl=64 time=0.922 ms Request timeout for icmp_seq 847993 Request timeout for icmp_seq 847994
Best, -Gordon M.
Gordon Morehouse:
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Sent from my thing that sends email. -----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSOcEIAAoJED/jpRoe7/ujY6QIAImt9T6uaH6OYIZsLkmNAwTm 3d+QyDVAz/tewS732QOqhnqqB4eMAnWsec7wNQB0ZmD5H1pkqFDlZqNxQqeAF/Zv VNNM2IG8nCJGLuvkKE24ta/qpwpLAZY6LvObzTNh9IxYfIteMY4+zU06XRd5jS1J QN5+RPMOAhL50kaGjVW65r2lDB5/XQdBEoIA3LI4yVCaEUCtBEzC3S3jlzPIxqR7 LVrBACMi0W6A43m3OMvxpejFWMahoATYiZVYmZWc/LysGgmyn70rav47rh9/0psh gRvnHAF+5YHytgSrDxW1+H9fmA0PnAlbv8YGNkvwLCXGo39oChUc9W34Im9kuSc= =x7pi -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays