Page 1 of 1
Memory limitation
Posted: Fri Feb 20, 2009 2:42 am
by FRiC
Regarding the memory limitation starting with beta 4 as mentioned
here... what are some recommended ways to reduce memory usage? I'm having a problem where a user got infected by a virus, and is opening thousands of random connections to port 25, which crashes the router.
(Besides upgrading the router to one with more memory.)
Re: Memory limitation
Posted: Fri Feb 20, 2009 11:49 am
by Eric
I'm not sure about the best way to fix the memory issue. There aren't one or two applications that are clearly sucking up all the memory.
However, the best way to deal with a port being flooded, as you describe, may be to limit the number of connections allowed per minute using iptables. Unfortunately you can't (at least not yet) do this via the web interface, but it's pretty easy if you just ssh in.
Once you ssh in, try running the following, which will add a rule to iptables to limit new port 25 connections to 10/minute
Code: Select all
iptables -N limit25
iptables -I FORWARD -j limit25
iptables -I INPUT -j limit25
iptables -A limit25 -p tcp --dport 25 -m state --state NEW -m limit --limit 10/minute --limit-burst 10 -j RETURN
iptables -A limit25 -p tcp --dport 25 -m state --state NEW -j DROP
Re: Memory limitation
Posted: Sun Mar 22, 2009 9:42 am
by ynagy
I tried iptables-save but this script doesn't exist even I tried to save the changes on /etc/rc.d/ but I couldn't find the proper file.
Am i going to lose it after reboot? How to save it?
Re: Memory limitation
Posted: Sun Mar 22, 2009 10:52 am
by Eric
Put the iptables rules in a file called /etc/firewall.user
Then add the following lines to the end of /etc/config/firewall:
Code: Select all
config 'include'
option 'path' '/etc/firewall.user'