Re: Some weird issue with return traffic with redirect rule

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Some weird issue with return traffic with redirect rule
Date: Mon, 20 Oct 2008 16:24:17 -0500	[thread overview]
Message-ID: <48FCF701.20709@riverviewtech.net> (raw)
In-Reply-To: <cc64e8ce0810171246j131d3651rea38e4efee507608@mail.gmail.com>

On 10/17/08 14:46, Pranav Desai wrote:
> Too many clients will have to change their settings. Not feasible in 
> our case.

*nod*

This is where auto-configure scripts come in to play.

If you can't, you cant.  No point in ruffling any feathers over it.  If 
transparent proxying is working for you then go for it.

> There is no info there, and the tables are not getting full. Here are 
> the conntrack settings.
> 
> net.ipv4.ip_conntrack_max = 1048576
> net.ipv4.netfilter.ip_conntrack_buckets = 1048576
> net.ipv4.netfilter.ip_conntrack_count = 63908
> net.ipv4.netfilter.ip_conntrack_max = 1048576

If conntrack is not getting full I wonder if some packets are 
accidentally not being associated and thus not being handled correctly.

Dare I say it, you may be looking at setting up TCPDump (or the likes) 
to record all packets.  That way when you do have packets that did not 
get handled correctly you can go back and look at the rest of the 
packets that should have been associated but were not.

Grant. . . .

next prev parent reply	other threads:[~2008-10-20 21:24 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-17  6:30 Some weird issue with return traffic with redirect rule Pranav Desai
2008-10-17 17:19 ` Grant Taylor
2008-10-17 19:46   ` Pranav Desai
2008-10-20 21:24     ` Grant Taylor [this message]
2008-10-21  2:02       ` Pranav Desai
2008-10-21 22:53         ` Pranav Desai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48FCF701.20709@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.