openwrt 报错 'nf_conntrack: table full' 路由表连接数爆满问题

最近更新openwrt后,若全速启动PT会出现以下错误

1
nf_conntrack: table full, dropping packet

且出现此错误时管理界面的活动连接爆满

可通过增大系统最大连接数缓解此问题

查看连接数及其配置

1
2
3
4
cat /proc/sys/net/netfilter/nf_conntrack_max
cat /proc/sys/net/nf_conntrack_max
sysctl net.netfilter.nf_conntrack_max
sysctl net.nf_conntrack_max

修改最大连接数

1
2
sysctl -w net.netfilter.nf_conntrack_max=65535
sysctl net.netfilter.nf_conntrack_max

或者可以将以下命令加入到luci中启动项页面中的本地启动脚本
其中参数的大小可以根据内存大小调整,有必要时可以在后面加一个0 (如果有那个必要且内存够大的话

1
sysctl -w net.netfilter.nf_conntrack_max=65535

Ref :

1
2
https://blog.huzhifeng.com/2015/03/14/nf_conntrack-table-full/
https://www.pc-freak.net/blog/resolving-nf_conntrack-table-full-dropping-packet-flood-message-in-dmesg-linux-kernel-log/

使用mount挂载特定目录到公共文件夹以便解决文件访问权限与修改更新之间的冲突

神秘代码:

1
mount -o bind,ro,username=nginx /home/jeremie/WingImaging/WebFront/dist/ /usr/share/nginx/webfront/

fstab:

1
2
3
4
5
6
7
8
9
10
11

#
# /etc/fstab
# Created by anaconda on Tue Jan 16 10:02:13 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=b0a16d98-3b8c-400f-948d-0092477704fe / ext4 defaults 1 1
UUID=1c944257-c4f0-4023-88c6-ded8ef40ebda /data1 ext4 defaults 0 2
/home/jeremie/WingImaging/WebFront/dist/ /usr/share/nginx/webfront/ none defaults,noauto,x-systemd.automount,nofail,bind,ro,username=nginx 0 0

原理:
使用mount的bind模式,将特定文件夹挂载到另一位置,并施以特定用户身份和特定访问权限以便其他程序读取
在fstab中以此种方式设置可实现同样的功能

注意其中的noauto,x-systemd.automount两个参数,表示其只在首次访问时才自动挂载,以便等待真实文件系统准备就绪
其中的nofail参数表示允许失败
bind,ro,username=nginx参数表示此挂载为bind模式,且read only,挂载后用户身份为nginx

curl强制指定域名解析结果

https://stackoverflow.com/questions/12941703/use-curl-with-sni-server-name-indication

1
curl -vik --resolve example.com:443:198.18.110.10 https://example.com/

此方法可用于跳过DNS强制使用指定的hostname从指定ip获取数据

适用于以下情况等

  1. 需要强制跳过dns解析,例如dns过期、dns无效、dns被污染、无dns等原因
  2. 需要测试指定ip是否能对指定hostname做出响应
  3. 需要伪造SNI连接指定ip获取数据

部署RSSHUB

按照官网手动部署文档
https://docs.rsshub.app/install/#shou-dong-bu-shu

启用redis缓存,并使用yarn启动和管理,使用systemd设置环境变量

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
git clone https://github.com/DIYgod/RSSHub.git
cd RSSHub

yay -S yarn npm nodejs redis

yarn


systemctl start redis
systemctl enable redis






nano /etc/systemd/system/RSSHub.service




[Unit]
Description=RSSHub Server Service
Requires=network.target
After=network.target

[Service]
Type=simple
User=jeremie
Restart=always
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment=CACHE_TYPE=redis
Environment=CACHE_EXPIRE=600
Environment=HTTP_BASIC_AUTH_NAME=username
Environment=HTTP_BASIC_AUTH_PASS=passwd
Environment=PORT=11200
Environment=LISTEN_INADDR_ANY=0
WorkingDirectory=/home/jeremie/RSSHub
Restart=always
ExecStart=/bin/yarn run start -o --watch

[Install]
WantedBy=multi-user.target




systemctl start RSSHub
systemctl status RSSHub
systemctl enable RSSHub

nginx 反向代理配置
ref: https://blog.csdn.net/physicsdandan/article/details/45667357

1
2
3
4
5
6
7
8
9
10
11
12
13

server {
listen 127.0.0.1:11080;
server_name rsshub.jeremie.moe;


location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:11200;
}

}

firefox在新窗口中打开标签页的配置方法

打开 about:config 将以下设置设为true

1
2
3
4
5
browser.urlbar.openintab
browser.search.openintab
browser.tabs.loadBookmarksInTabs
browser.tabs.loadDivertedInBackground
browser.tabs.insertAfterCurrent


follow from:
https://www.jianshu.com/p/1814e0594086

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

不在当前标签页打开书签
browser.tabs.loadBookmarksInTabs
改为 true


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

新标签页打开链接,而不是窗口
browser.link.open_newwindow.restriction
改为 0

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

新标签页打开地址栏
browser.urlbar.openintab
改为 true

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

新标签页打开搜索栏
browser.search.openintab
改为 true

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

关闭最后一个标签页的时候同时关闭浏览器
browser.tabs.closeWindowWithLastTab
改为 true

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

双击关闭标签
browser.tabs.closeTabByDblclick
改为 true

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

中键书签前台打开
browser.tabs.loadBookmarksInBackground
改为 false

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

后台页面打开外部链接
browser.tabs.loadDivertedInBackground
改为 ture

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

中键点击不关闭书签菜单
browser.bookmarks.openInTabClosesMenu
改为 false

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

支持新的用户脚本 WE API
extensions.webextensions.userScripts.enabled
改成 true

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

禁用 pocket
extensions.pocket.enabled
改成 false

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

给Firefox设置远程DNS解析,破解DNS劫持与污染
network.proxy.socks_remote_dns
改为 true

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

紧邻当前标签新建标签页
browser.tabs.insertAfterCurrent
改为 true

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

破解右键限制
dom.event.contextmenu.enabled
改为 false

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

browser.urlbar.trimURLs
默认是true,效果是自动隐藏地址栏中的http(s)://等协议名称
如果不喜欢隐藏,改为false即可。

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

取消标签动画
toolkit.cosmeticAnimations.enabled
改为 false

qbittorrent archlinux vps 搭建方法

pacman -S qbittorrent-nox

首次安装时需使用本地用户身份手动启动一次并手工设置绑定端口,此时相关初始设置会保存在用户本地配置文件中

/usr/bin/qbittorrent-nox –webui-port=8181

~/.config/qBittorrent/qBittorrent.conf

随后指定用户启动服务即可使用

systemctl start [email protected]

systemctl status [email protected]

journalctl -exu [email protected]

systemctl enable [email protected]

WebUI默认账号密码是 admin adminadmin 参考资料: https://github.com/qbittorrent/qBittorrent/wiki/Running-qBittorrent-without-X-server https://github.com/lgallard/qBittorrent-Controller/wiki/How-to-enable-the-qBittorrent-Web-UI https://github.com/qbittorrent/qBittorrent/issues/4532 https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password