Summary of questions on Linux noodles

Source: Internet
Author: User

1,/var/log/messages log found relevant information: Kernel:nf_conntrack:table full, dropping packet. What happens when this information is present? How do I fix it? (This question for the people on the net summary, learn by themselves)

Answer: This error means that the connection tracking table is full and start dropping packets.

These results can cause business access to be slow. Here's how to fix it:

Scenario 1: Perform the relevant system parameters can be tuned.

sysctl-a | grep nf_conntrack (in the/etc/sysctl.conf file):

Net.netfilter.nf_conntrack_max  =   1048576  net.netfilter.ip_conntrack_tcp _timeout_established  =   3600  net.netfilter.nf_conntrack_tcp_timeout_ close_wait  =   60  net.netfilter.nf_conntrack_tcp_timeout_fin_wait   =   120  net.netfilter.nf_conntrack_tcp_timeout_time_wait  =    12 Scenario 2: Use the Naked table to add a "do not track" identity. The following example is more suitable for desktop systems or for random servers. Because it turns on the state mechanism of the connection, it facilitates and communicates externally. Modify  /etc/sysconfig/iptables  file:*raw #  does not enable tracing for TCP connections, resolves issues that ip_contrack are not able to connect  -A  Prerouting -p tcp -m tcp --dport 80 -j notrack -a prerouting  -p tcp -m tcp --dport 22 -j notrack -a prerouting -p  tcp -m tcp --dport 21 -j notrack -a prerouting -p tcp  -m tcp --dport 11211 -j notrack -a prerouting -p tcp -m tcp --dport 60000:60100 -j  notrack -a prerouting -p tcp -s 192.168.10.1 -j notrack -a  Output -p tcp -m tcp --sport 80 -j notrack -a output -p  tcp -m tcp --sport 22 -j notrack -a output -p tcp  -m tcp --sport 21 -j NOTRACK -A OUTPUT -p tcp -m  tcp --sport 11211 -j notrack -a output -p tcp -m tcp -- sport 60000:60100 -j notrack -a output -p tcp -s 192.168.10.1  -j NOTRACK COMMIT *filter #  Allow Ping -a input -p icmp -j  ACCEPT #  on the local circuit, 5th card release  -A INPUT -i lo -j ACCEPT -A  input -i eth4 -j accept #  connection Status Tracking, established connection allows data transfer  -A INPUT -m state --state  Established,related,invalid,untracked -j accept # filter table exists but does not exist in raw, the connection status is tracked by default  -a  input -s 192.168.10.31 -p tcp --dport 2669 -j accept -a  input -j reject --reject-with icmp-host-prohibited -a forward -j  reject --reject-with icmp-host-prohibited commit Scenario 3: If security is not required, such as in the intranet. In this case, you can use the following method to resolve the shutdown firewall and set the chkconfig iptables off chkconfig ip6tables off  to not automatically open Service iptables stop service ip6tables stop Remember: Do not pass iptables instructions (such as  ) in the firewall shutdown state IPTABLES -NL) To view the current status! Because this causes the firewall to be started, and the rule is empty. Although there is no blocking effect, all connection states are logged, wasting resources and impacting performance and possibly causing the firewall to drop packets actively! Scenario 4: Increase the size of the firewall tracking table, optimize the corresponding system parameters   1, the maximum number of rows of the state tracking table set, theoretical maximum  CONNTRACK_MAX = RAMSIZE  (in  bytes)  / 16384 /  (arch / 32)  &Nbsp;   64G 64-bit operating system as an example,conntrack_max = 64*1024*1024*1024/16384/2 = 2097152      immediate effect Please execute: sysctl –w net.netfilter.nf_conntrack_max = 2097152  2, Its hash table size is usually 1/8 of the total table and the maximum is 1/2. conntrack_buckets = conntrack_max / 8     the same 64G 64-bit operating system, the best hash range is   262144 ~ 1048576 .      run status through  sysctl net.netfilter.nf_conntrack_buckets  to view through file  /sys/ module/nf_conntrack/parameters/hashsize  set up      or create a new  /etc/modprobe.d/ iptables.conf  Reload the module before it takes effect: options nf_conntrack hashsize = 262144

2, please execute the command to take out the eth0 IP address in Linux (please use cut, the ability can also be used awk,sed command answer respectively)

Ifconfig bond0 | Sed-n 2p | cut-d:-f2 |cut-c 1-13ifconfig bond0 | Sed-n 2p | Awk-f ' [:]+ ' {print $4} ' ifconfig bond0 | Awk-f ' [:]+ ' nr==2 {print $4} ' ifconfig bond0 | grep "Inet addr:*" | Awk-f ' [:]+ ' {print $4} ' ifconfig bond0 | Sed-n 2p | Sed ' s#^.*addr:# #g ' |sed ' s#b.*$# #g '

Explanation: The string used to handle the desired target (the obtained string, such as the IP address of the preceding question) is generally intended to The beginning (^.*) to match the beginning, the matching end negotiates the actual characters, such as: "^.*ADDR:" Expression matches, and the end matches the same way as the beginning

Remove Bcast

Ifconfig bond0 |sed-n 2p | Sed ' s#^.*75[[:space:]]# #g ' | Sed ' s#:.*$# #g ' ifconfig bond0 |sed-n 2p | Sed ' s#^.*75 # #g ' | Sed ' s#:.*$# #g '

Use grouped methods to match

Sed ' s# (DDD) (FFF) \1\2# #g ' Ifconfig bond0 | Sed-n ' s#^.*addr:\ (. *\) B.*$#\1#GP '



3. Find all the files in the current directory and replace the www.a.org string in the file with www.b.cc

Find. -type f-name "*.txt" | Xargs sed-i ' s#www.a.org#www.b.cc#g ' find. -type f-name "*.txt"-exec sed-i ' s#www.a.org#www.b.cc#g ' {} \;


4. Please give the example of Date command in the following format: 11-02-26

Date +%fdate +%y-%m-%d display time Division seconds date +%y-%m-%d\%tdate +%f\%tcp space.sh space.sh$ (date +%f) backed up by the end or CP space.sh SPACE.S H ' Date +%f ' (anti-quote) results are: space.sh2017-05-04 printed three days ago: Date +%f--date "3 day" after three days of printing: Date +%f-d "3 day" date +%f-d "+3 da Y


5.

Write a shell script to transfer files larger than 20K in the/root/script directory to the/root/file directory

Method 1:#!/bin/bashfor file in ' ls-l/root/script ' doif [-f $file]; thenif [' ls-l $file |awk ' {print $ '-gt 10000]; THENMV $file/root/filefifidone
Method 2:#/BIN/BASH#=========BK file Great 20K to other dirctorycd/root/scriptfile= ' ls-lk ' Dir=/root/fileif [-D $dir] th En echo "directory is Exsit" find. -size +10k | Xargs-i ' {} ' mv {} $dir else mkdir-p/root/file find. -size +10k | Xargs-i ' {} ' mv {} $dirfi


This article is from the Linux Learning Summary blog, so be sure to keep this source http://myybaby.blog.51cto.com/1555499/1951727

Summary of questions on Linux noodles

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.