I'm running a NAT'ed firewall on my gateway box and recently I've been having problems with the connection chocking and I have been unable to ssh onto the box to see what was going on. I think (as I've not got loads of memory) its probably due to the maximum number of tracked connections being exceeded (the logs show ip_conntrack droping new conenction).
However I'm still unsure as to why I couldn't shell onto the box. After all the ssh connection doesn't need to tracked as it terminates on that box (and should't go through any of the -t nat tables). Or am I misunderstanding the workings of conntrack? Cheers, -- [EMAIL PROTECTED] http://www.bennee.com/~alex/
