[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] 0.2.4.17-rc on Pi, a couple weeks on

You may be able to increase the ip_conntrack_max on your router. I had a terrible verizon dsl router that would have its connection tracking capacity exhausted by pings to games servers. I was able to partially resolve the problem my telnetting (yea I know) into the router and setting the ip_conntrack_max from 1000 to 65000. You might also want to reduce the amount of time TCP spends in TIME-WAIT.
Ultimately I replaced the router with a pi based solution with much greater resources. 


On 2013-09-18 11:04, Gordon Morehouse wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Addendum to addendum: the router fail is definitely caused by Tor
connections filling up the router's ip_conntrack table - once it gets
near full, it somehow interferes with a couple other services on my
router (especially DNSmasq) even if there is free RAM. I will need to 
figure out some iptables tricks for the Pi, which I've long known, to
prevent this, just no time yet.

Note that somehow, due to a brief enough hiccup I guess, my Pi relay
retained Named, Stable and Fast this morning, so as soon as I
restarted it it was instantly slammed with thousands of connections.

I may need to do the kludge of rate-limiting incoming connections to
the Tor ports for now, using iptables.

Also of note: regarding the ntp and time/clock issue: it appears that
because I was using a particular stripped image of Raspbian, some
spurious .conf and init.d files were left for the Raspbian 'ntp'
package, which I purged, and ensured that only 'ntpdate' (for setting
the clock at startup, run in /etc/rc.local) and 'openntpd' are installed. 

Best,
- -Gordon M.


Gordon Morehouse:

Addendum: restarting tor instantly puts my router into a tailspin
this morning.  This is a WRT54G (old school, 3.0 hardware, 200MHz
MIPS). While that's old, there are many, many consumer routers out
there with similar specs and worse firmware.  In this case it
causes major problems with DNS.

I'd like to figure out what is going on with this in order to
prevent it from happening as part of the Cipollini project[1] so
(when the time comes) we're not distributing images for Raspberry
Pi which crash people's routers.  :(

Request timeout for icmp_seq 847981 64 bytes from 192.168.1.1:
icmp_seq=61550 ttl=64 time=1.136 ms Request timeout for icmp_seq
847983 Request timeout for icmp_seq 847984 Request timeout for
icmp_seq 847985 64 bytes from 192.168.1.1: icmp_seq=61554 ttl=64
time=0.917 ms Request timeout for icmp_seq 847987 64 bytes from
192.168.1.1: icmp_seq=61556 ttl=64 time=0.929 ms Request timeout
for icmp_seq 847989 Request timeout for icmp_seq 847990 64 bytes
from 192.168.1.1: icmp_seq=61559 ttl=64 time=0.929 ms 64 bytes
from 192.168.1.1: icmp_seq=61560 ttl=64 time=0.922 ms Request
timeout for icmp_seq 847993 Request timeout for icmp_seq 847994

Best, -Gordon M.



Gordon Morehouse:


_______________________________________________ tor-relays mailing
list tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



- --
Sent from my thing that sends email.
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSOcEIAAoJED/jpRoe7/ujY6QIAImt9T6uaH6OYIZsLkmNAwTm
3d+QyDVAz/tewS732QOqhnqqB4eMAnWsec7wNQB0ZmD5H1pkqFDlZqNxQqeAF/Zv
VNNM2IG8nCJGLuvkKE24ta/qpwpLAZY6LvObzTNh9IxYfIteMY4+zU06XRd5jS1J
QN5+RPMOAhL50kaGjVW65r2lDB5/XQdBEoIA3LI4yVCaEUCtBEzC3S3jlzPIxqR7
LVrBACMi0W6A43m3OMvxpejFWMahoATYiZVYmZWc/LysGgmyn70rav47rh9/0psh
gRvnHAF+5YHytgSrDxW1+H9fmA0PnAlbv8YGNkvwLCXGo39oChUc9W34Im9kuSc=
=x7pi
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays