cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
and script who write host is down
simple perl script
#!/usr/bin/perl
#
use vars qw/ $p, @p, @inactive, @skip, @ping, %p /;
use Net::Ping;
$p =~ s/\s+/ /;
$p =~ s/\s+$//g;
@p = split "\n", $p;
for ( @p ) {
$_ =~ s/\s\C+$//g;
}
$p = `/usr/sbin/vzlist -H -o ip -S`;
$p =~ s/\s+/ /;
$p =~ s/\s+$//g;
@skip = split "\n", $p;
for ( @skip ) {
$_ =~ s/\s\C+$//g;
$p{$_} = 1;
}
for ( @p ) {
if ($p{$_}) {
} else {
push @ping, $_;
}
}
$p = Net::Ping->new("icmp");
foreach $host (@ping)
{
push @inactive, $host unless $p->ping($host, 1);
}
$p->close();
if ( @inactive ) {
open (FILE,'>>/var/log/ping_hosts.log');
print FILE localtime().': Down Hosts : '.(join ' ; ', @inactive)."\n";
close FILE;
$p = `/sbin/ifdown venet0`;
sleep(2);
$p = `/sbin/ifup venet0`;
}
when scripts write down hosts are realy down /i cant ping them from HN with ping xxx.xx.xxx.x/.
and inside VE no any iptable rules. And routes are clean.
[Updated on: Fri, 19 March 2010 17:27]
Report message to a moderator