S19N's questions -server

S19N

Asked: 2016-12-31 06:30:07 +0800 CST

ip_conntrack_ftp inside LXC

1

ProFTPd instance on a LXC container behind NAT
LXC container is using bridged networking
PassivePorts 60000 61000 has been defined in proftpd.conf
nf_nat_ftp and nf_conntrack_ftp loaded on the host running the container

iptables inside the container contains

-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT

Why does Passive mode only work when I explicitly open passive ports with

-A INPUT -p tcp -m tcp --dport 60000:61000 -j ACCEPT

? Shouldn't this be automatically managed by the nf_conntrack_ftp helper module?

S19N

Asked: 2014-09-17 08:05:19 +0800 CST

iptables, ICMP and RELATED

9

I am using the following simple iptables rule that accepts related packets:

-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

I am letting ICMP echo-requests pass with this other rule:

-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

Should I explicitly add anything to receive "useful" ICMP messages like destination-unreachable, time-exceeded and parameter-problem, or the RELATED clause will already accept them?

S19N

Asked: 2012-08-08 06:46:33 +0800 CST

How to find biggest (in entries, not size) ext4 directory?

6

Ubuntu 10.04.3 LTS x86_64, I am seeing the following in /var/log/messages:

EXT4-fs warning (device sda3): ext4_dx_add_entry: Directory index full!

Relevant info from dumpe2fs:

Filesystem features:      has_journal ext_attr resize_inode dir_index filetype
  needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg
  dir_nlink extra_isize
Filesystem flags:         signed_directory_hash
Free blocks:              165479247
Free inodes:              454382328
Block size:               2048
Inode size:               256

I've already read some other questions, such as ext3_dx_add_entry: Directory index full and rm on a directory with millions of files; those made me think that there must be a directory with a big number of items in it somewhere.

Since it is a rather complex directory organization I have a basic problem: how can I find the directory which is generating those messages?

S19N

Asked: 2011-12-18 18:10:53 +0800 CST

KVM and bridge_stp setting

4

In which situation one should enable the bridge_stp for the host bridge when using KVM? Is it worth keeping it disabled when not needed?

ip_conntrack_ftp inside LXC

iptables, ICMP and RELATED

How to find biggest (in entries, not size) ext4 directory?

KVM and bridge_stp setting

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?