On Wed, Mar 25, 2009 at 12:54:03PM -0600, Andrew McNabb wrote: > I've tried increasing /proc/sys/net/nf_conntrack_max, and I'll see if > that helps, but the real question is why nf_conntrack is being used at > all on a machine that isn't a firewall. If it helps, this is a Fedora > 10 machine. I'm curious whether anyone has seen something like this > before.
I found that the "nf_nat" and "iptable_nat" kernel modules were loaded. I'm really confused how these got loaded in the first place, since the "iptables" and "ip6tables" are disabled in chkconfig. Now that the modules are unloaded, the packet dropping seems to have stopped. It's kind of scary to lose packets randomly. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
