Hi, After I asked you how to work around with ip_conntrack table full, I tried with suggestion to use NOTRACK in squid box for port 3128. Number of ip_conntrack connections still increase till maximum limit.
I comprehend that it caused of rebooting squid box. Linux ip_conntrack keep all packets that has not seen in 3 ways hand shake that arounds 5 days. So it filled up a day later. Graeme, sorry to told you I reboot the system. I found a trick in google search. Setting a system config in /etc/sysctl.conf with net.ipv4.netfilter.ip_conntrack_tcp_loose = 0 will drop all packets like I mention above. I have some mrtg screenshots. Before using the trick http://host.psu.ac.th/~wiboon.w/proxy7-conn-past-to-070613.JPG After using the trick http://host.psu.ac.th/~wiboon.w/proxy7-cpu-conn-070613.JPG Graeme, can you confirm me that this trick is harmless for doing LVS with squid. Any suggestions? Regards, WIboon -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
