Re: NAT stops working - Fabien Germain

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Fabien Germain <fabien.germain@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: NAT stops working
Date: Wed, 20 Apr 2005 17:07:40 +0200	[thread overview]
Message-ID: <20a523fb05042008073a9b1f7c@mail.gmail.com> (raw)
In-Reply-To: <1114008620.28578.7.camel@plasma.starken.com>

Hi Daniel,

Did you try to increase ip_conntrack_max ?
(/proc/sys/net/ipv4/netfilter/ip_conntrack_max)
If you use p2p for example, you can quickly reach the limit.

Hope it helps.
Fabien



On 4/20/05, Daniel Wittenberg <daniel-wittenberg@starken.com> wrote:
> We've got a high-speed wireless and DSL connection so I decided to try
> and load-balance the out-going connections.  I run a little script that
> does:
> 
> route flush scope global
> route flush cache
> route add default scope global equalize nexthop via <external gw 1> dev
> eth0 weight 1 nexthop via <external gw 2> dev eth1
> 
> This appears to work for awhile, then incoming connections stop getting
> nat'd to their internal addresses.  I reboot or reset the firewall
> (flush all the tables and re-run this script) and things are good again
> for awhile.  I tried flooding some of the external IP's that are nat'd
> and it seems like after a certain amount of traffic the nat just stops
> working.  tcpdump shows traffic on the external interface coming in, but
> not going out anywhere.
> 
> Anyone have ideas on how to debug this further or things to check?
> 
> Thanks,
> Dan
> 
>

next prev parent reply	other threads:[~2005-04-20 15:07 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-20 14:50 NAT stops working Daniel Wittenberg
2005-04-20 15:07 ` Fabien Germain [this message]
2005-04-20 15:26   ` Daniel Wittenberg
  -- strict thread matches above, loose matches on Subject: below --
2005-04-20 15:05 Baake, Matthias

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20a523fb05042008073a9b1f7c@mail.gmail.com \
    --to=fabien.germain@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.