From: Matthew Schumacher <matt.s@aptalaska.net>
To: netfilter@lists.netfilter.org
Subject: ip_conntrack table is full with razor requests. Something isn't timing out.
Date: Tue, 01 Mar 2005 08:32:05 -0900 [thread overview]
Message-ID: <4224A715.8030907@aptalaska.net> (raw)
List,
Since upgrading to 2.6.10 I have been having problems with my
ip_conntrack table filling up. It appears it is full of razor
(http://razor.sf.net) requests from my internal mail server.
I raised the ip_conntrack_max to 8192 and there are only a few hosts
behind nat so I am certain something isn't getting flushed out.
How do I go about diagnosing this. What specifically does ip_conntrack
need to see in the tcp session to mark the session as expired in the table?
Thanks,
schu
tcp 6 424864 ESTABLISHED src=192.168.98.2 dst=66.151.150.12
sport=51075 dport=2703 packets=9 bytes=421 src=66.151.150.12
dst=64.181.100.18 sport=2703 dport=51075 packets=7 bytes=577 [ASSURED]
mark=0 use=1
tcp 6 401401 ESTABLISHED src=192.168.98.2 dst=66.151.150.35
sport=50791 dport=2703 packets=7 bytes=317 src=66.151.150.35
dst=64.181.100.18 sport=2703 dport=50791 packets=5 bytes=370 [ASSURED]
mark=0 use=1
tcp 6 393358 ESTABLISHED src=192.168.98.2 dst=66.151.150.12
sport=50627 dport=2703 packets=8 bytes=365 src=66.151.150.12
dst=64.181.100.18 sport=2703 dport=50627 packets=5 bytes=370 [ASSURED]
mark=0 use=1
tcp 6 376557 ESTABLISHED src=192.168.98.2 dst=66.151.150.35
sport=49950 dport=2703 packets=9 bytes=421 src=66.151.150.35
dst=64.181.100.18 sport=2703 dport=49950 packets=7 bytes=577 [ASSURED]
mark=0 use=1
tcp 6 369805 ESTABLISHED src=192.168.98.2 dst=66.151.150.12
sport=48990 dport=2703 packets=7 bytes=317 src=66.151.150.12
dst=64.181.100.18 sport=2703 dport=48990 packets=5 bytes=370 [ASSURED]
mark=0 use=1
tcp 6 368538 ESTABLISHED src=192.168.98.2 dst=66.151.150.35
sport=48738 dport=2703 packets=7 bytes=317 src=66.151.150.35
dst=64.181.100.18 sport=2703 dport=48738 packets=5 bytes=370 [ASSURED]
mark=0 use=1
tcp 6 365641 ESTABLISHED src=192.168.98.2 dst=66.151.150.12
sport=47914 dport=2703 packets=9 bytes=421 src=66.151.150.12
dst=64.181.100.18 sport=2703 dport=47914 packets=7 bytes=577 [ASSURED]
mark=0 use=1
next reply other threads:[~2005-03-01 17:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-01 17:32 Matthew Schumacher [this message]
2005-03-01 22:26 ` ip_conntrack table is full with razor requests. Something isn't timing out Michael Tautschnig
2005-03-01 23:47 ` Matthew Schumacher
2005-03-02 10:14 ` KOVACS Krisztian
2005-03-02 17:15 ` Michael Tautschnig
2005-03-02 7:59 ` Jozsef Kadlecsik
2005-03-02 18:58 ` Matthew Schumacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4224A715.8030907@aptalaska.net \
--to=matt.s@aptalaska.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.