OpenVZ Forum


Home » General » Discussions » High numiptent, any problems?
High numiptent, any problems? [message #16301] Fri, 31 August 2007 02:38 Go to next message
devonblzx is currently offline  devonblzx
Messages: 127
Registered: December 2006
Senior Member
I notice the default install of APF uses approximately 820 on the numiptent limit. Your wiki says this is not a good idea to let each user use this much as it will slow down the network performance. Is this true? I noticed that disabling things like USE_DS and USE_RD and such and I have gotten to 222, but I would much rather have those on as it protects the server more from Spam and Hacker IP's.

Anyone notice any issues with allowing multiple users a high numiptent?

http://static.openvz.org/userbars/openvz-user-2.png
ByteOnSite President

Report message to a moderator

Re: High numiptent, any problems? [message #16308 is a reply to message #16301] Fri, 31 August 2007 10:10 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
You can work around the problem by having those USE_DS and USE_RD applied to the host's iptables, thus protecting all VEs at once.

As for the performance degradation -- don't blindly trust what wiki says, conduct the tests and measure it yourself to find out if it's affecting and if it is, how worse.

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: High numiptent, any problems? [message #16325 is a reply to message #16308] Fri, 31 August 2007 17:16 Go to previous messageGo to next message
devonblzx is currently offline  devonblzx
Messages: 127
Registered: December 2006
Senior Member
How would I get the APF applied to all of the VPS's when I install it on the host node? It seems to only block the ports for the host node, not the VPS's.

http://static.openvz.org/userbars/openvz-user-2.png
ByteOnSite President

Report message to a moderator

Re: High numiptent, any problems? [message #27114 is a reply to message #16301] Sat, 09 February 2008 23:16 Go to previous messageGo to next message
ricoche is currently offline  ricoche
Messages: 17
Registered: January 2008
Location: Nagano Japan
Junior Member
Hi there,

I'm encountering this same problem with numiptent values reaching 714 now. How would I add the USE_DS and USE_RD to the host's iptables? I'm not sure how to do that or even if it's necessary, but I'll do some research on that. Right now I have my limit bumped up to 850 so it doesn't take down the VE.

Thanks,

Jim

Report message to a moderator

Re: High numiptent, any problems? [message #28196 is a reply to message #27114] Tue, 11 March 2008 10:48 Go to previous messageGo to next message
sara3 is currently offline  sara3
Messages: 38
Registered: February 2008
Member
having same problem
apf install on HOST only protect the host and not the ves
if it block an ip it will be blocked from main ip only but can access all other ve ips with no limitation or protection

Report message to a moderator

Re: High numiptent, any problems? [message #28418 is a reply to message #28196] Mon, 17 March 2008 22:57 Go to previous message
locutius is currently offline  locutius
Messages: 125
Registered: August 2007
Senior Member
is there a solution to this?

how to install apf on the HN to protect all VE?

Report message to a moderator

Previous Topic: I can't use Grub and LILO problems with debian OpenVZ packages
Next Topic: fsync_enable sysctl?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Jul 14 04:26:11 GMT 2024

Total time taken to generate the page: 0.02172 seconds
Powered by FUDforum Powered by Virtuozzo Containers