I solved it ! Problem was a hardware defect of the network card connecting to the "outside" of the firewall machine, somehow the mac address was incomplete in packets coming from this interface. We have an identical standby machine at that site that we reconfigured to act as the main proxy/firewall and everything works fine now. Thanks for all replies, Philipp Philipp Rusch schrieb:
Hi all,
yesterday I updated my SuSE 8.1 system with the recommended (auto) updates through YOU. I noticed that there was a kernel update in the list, but I didn't mind.
Today, when under stress, my firewall gives hundres of messages like:
Sep 10 11:53:27 proxy1 kernel: NET: 39 messages suppressed. Sep 10 11:53:27 proxy1 kernel: Neighbour table overflow. Sep 10 11:53:27 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:53:32 proxy1 last message repeated 61 times Sep 10 11:53:32 proxy1 kernel: NET: 59 messages suppressed. Sep 10 11:53:32 proxy1 kernel: Neighbour table overflow. Sep 10 11:53:32 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:53:38 proxy1 last message repeated 60 times Sep 10 11:53:38 proxy1 kernel: NET: 59 messages suppressed. Sep 10 11:53:38 proxy1 kernel: Neighbour table overflow. Sep 10 11:53:38 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:53:43 proxy1 last message repeated 59 times Sep 10 11:53:43 proxy1 kernel: NET: 59 messages suppressed. Sep 10 11:53:43 proxy1 kernel: Neighbour table overflow. Sep 10 11:53:43 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:53:49 proxy1 last message repeated 59 times Sep 10 11:53:49 proxy1 kernel: NET: 59 messages suppressed. Sep 10 11:53:49 proxy1 kernel: Neighbour table overflow. Sep 10 11:53:49 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:53:52 proxy1 last message repeated 11 times Sep 10 11:53:52 proxy1 kernel: NET: 11 messages suppressed. Sep 10 11:53:52 proxy1 kernel: Neighbour table overflow. Sep 10 11:53:55 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:53:59 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:53:59 proxy1 kernel: NET: 1 messages suppressed. Sep 10 11:53:59 proxy1 kernel: Neighbour table overflow. Sep 10 11:54:03 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:54:03 proxy1 kernel: Neighbour table overflow. Sep 10 11:54:03 proxy1 kernel: neigh_alloc(): neighbour table flood for neigh_table c0329840 Sep 10 11:54:08 proxy1 last message repeated 3 times Sep 10 11:54:08 proxy1 kernel: NET: 3 messages suppressed. Sep 10 11:54:08 proxy1 kernel: Neighbour table overflow.
I did NOT change a thing besides those updates and rebooted. The firewall is done through iptables and configured with the "shorewall" script which have been in use for over a year now without any problems. Now the firewall simply stops after a certain while.
Unfotunately I cannot log in because the SSH process is crashing as well and I am not on site, but I managed to get the logs via email.
Any hint / help is appreciated very much.
Thank you in advance, Philipp Rusch
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here