[tor-relays] 0.2.4.17-rc on Pi, a couple weeks on

josh josh at allensw.com
Wed Sep 18 17:16:48 UTC 2013


You may be able to increase the ip_conntrack_max on your router. I had 
a terrible verizon dsl router that would have its connection tracking 
capacity exhausted by pings to games servers. I was able to partially 
resolve the problem my telnetting (yea I know) into the router and 
setting the ip_conntrack_max from 1000 to 65000.  You might also want to 
reduce the amount of time TCP spends in TIME-WAIT.

Ultimately I replaced the router with a pi based solution with much 
greater resources.


On 2013-09-18 11:04, Gordon Morehouse wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Addendum to addendum: the router fail is definitely caused by Tor
> connections filling up the router's ip_conntrack table - once it gets
> near full, it somehow interferes with a couple other services on my
> router (especially DNSmasq) even if there is free RAM.  I will need 
> to
> figure out some iptables tricks for the Pi, which I've long known, to
> prevent this, just no time yet.
>
> Note that somehow, due to a brief enough hiccup I guess, my Pi relay
> retained Named, Stable and Fast this morning, so as soon as I
> restarted it it was instantly slammed with thousands of connections.
>
> I may need to do the kludge of rate-limiting incoming connections to
> the Tor ports for now, using iptables.
>
> Also of note: regarding the ntp and time/clock issue: it appears that
> because I was using a particular stripped image of Raspbian, some
> spurious .conf and init.d files were left for the Raspbian 'ntp'
> package, which I purged, and ensured that only 'ntpdate' (for setting
> the clock at startup, run in /etc/rc.local) and 'openntpd' are 
> installed.
>
> Best,
> - -Gordon M.
>
>
> Gordon Morehouse:
>> Addendum: restarting tor instantly puts my router into a tailspin
>> this morning.  This is a WRT54G (old school, 3.0 hardware, 200MHz
>> MIPS). While that's old, there are many, many consumer routers out
>> there with similar specs and worse firmware.  In this case it
>> causes major problems with DNS.
>>
>> I'd like to figure out what is going on with this in order to
>> prevent it from happening as part of the Cipollini project[1] so
>> (when the time comes) we're not distributing images for Raspberry
>> Pi which crash people's routers.  :(
>>
>> Request timeout for icmp_seq 847981 64 bytes from 192.168.1.1:
>> icmp_seq=61550 ttl=64 time=1.136 ms Request timeout for icmp_seq
>> 847983 Request timeout for icmp_seq 847984 Request timeout for
>> icmp_seq 847985 64 bytes from 192.168.1.1: icmp_seq=61554 ttl=64
>> time=0.917 ms Request timeout for icmp_seq 847987 64 bytes from
>> 192.168.1.1: icmp_seq=61556 ttl=64 time=0.929 ms Request timeout
>> for icmp_seq 847989 Request timeout for icmp_seq 847990 64 bytes
>> from 192.168.1.1: icmp_seq=61559 ttl=64 time=0.929 ms 64 bytes
>> from 192.168.1.1: icmp_seq=61560 ttl=64 time=0.922 ms Request
>> timeout for icmp_seq 847993 Request timeout for icmp_seq 847994
>>
>> Best, -Gordon M.
>>
>>
>>
>> Gordon Morehouse:
>>
>>
>> _______________________________________________ tor-relays mailing
>> list tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
> - --
> Sent from my thing that sends email.
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAEBCgAGBQJSOcEIAAoJED/jpRoe7/ujY6QIAImt9T6uaH6OYIZsLkmNAwTm
> 3d+QyDVAz/tewS732QOqhnqqB4eMAnWsec7wNQB0ZmD5H1pkqFDlZqNxQqeAF/Zv
> VNNM2IG8nCJGLuvkKE24ta/qpwpLAZY6LvObzTNh9IxYfIteMY4+zU06XRd5jS1J
> QN5+RPMOAhL50kaGjVW65r2lDB5/XQdBEoIA3LI4yVCaEUCtBEzC3S3jlzPIxqR7
> LVrBACMi0W6A43m3OMvxpejFWMahoATYiZVYmZWc/LysGgmyn70rav47rh9/0psh
> gRvnHAF+5YHytgSrDxW1+H9fmA0PnAlbv8YGNkvwLCXGo39oChUc9W34Im9kuSc=
> =x7pi
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


More information about the tor-relays mailing list