Re: Changing the ip_ct_tcp_timeout_established value

[" Björn Eberth " <Bjoern.Eberth@web.de>]

Hi there,

thx for the answer, but it seems as this doesnt fix my problem.
It seems as if the value in "ip_conntrack_tcp_timeout_established" isnt interpreted, cause i see lots of entries like this in the ip_conntrack table:
tcp      6 231752 ESTABLISHED src=yyy.yyy.yyy.yyy dst=xxx.xxx.xxx.xxx sport=3139 dport=6881 src=xxx.xxx.xxx.xxx dst=zzz.zzz.zzz.zzz sport=6881 dport=3139 [ASSURED] use=1

The third field is the timeout value i think? So this would be 231752 seconds, which is much larger then the value in ip_conntrack_tcp_timeout_established.
Im running a 2.4.27 kernel with iptables 1.2.11. Is the value ignored in this versions by design?
Any advices?

Regards
Bjoern

Moritz Gartenmeister <moritz@uplink-verein.ch> schrieb am 27.03.05 19:36:21:
> 
> hi bjoern
> 
> i changed this value to ten minutes. this reduced the ip_conntrack_count from 8000 to 3000 and it 
> saves memory.
> 
> i don't notice any problems. it's possible that if you are using connections without keepalive 
> function, that they will probably suffer. but i assume, that connections without traffic for ten 
> minutes are anormal closed.
> 
> regards
> moritz
> 
> Björn Eberth wrote:
> > Hi there,
> > 
> > the default value for "ip_conntrack_tcp_timeout_established" is set to 5 days.
> > My problem is, that after about 2 days of using a filesharing client the ip_conntrack table runs full.
> > Im using a dial-up connection with 24 hours reconnect.
> > So my question is: Could i run into problems, if i set this value to 24 hours or something like this?
> > 
> > Regards
> > Bjoern
> > 
> > 


______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193