Are you sure the ip_conntrack itself isn't ACTUALLY full? Have you tried increase this increasing this via /proc/sys/net/ipv4/netfilter/ip_conntrack_max?
Just did it, thanks for reply. The 2.4 kernel I ran in the same box does not have such problem, maybe there is a change in the algorithm of calculating ip_contract_max in the recent kernel? What number you suggest (my firewall box has only 64Mb of RAM)
Thanks,
Kind regards, - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/