Hi, I've been observing my ip_conntrack_count for a while. It never reaches the upper limit defined as 16384 in /proc/sys/net/ipv4/netfilter/ip_conntrack_max The problem occurs when it is around 400-500.
So this does not seem to be related to conntrack table being filled up. But it is resolving with "conntrack -F" command. Very interesting. What else can I do to understand the nature of this problem ? Below you are referring to CONNLIMIT. I didn't define anything like that but where it is being defined ? Maybe it is defined by default. I am desperately looking for help. This issue is really very disturbing. Thanks for any replies. Regards, ilker Re: [Shorewall-users] YNT: YNT: YNT: YNT: YNT: connection trackingproblem Tom Eastep Mon, 06 Apr 2009 13:31:51 -0700 İlker Aktuna (Koç.net) wrote: > So you are 100% sure that it's not caused by Shorewall or > misconfiguration of it ? Given that Shorewall is nothing but a configuration tool, problems where the firewall works for a while then stops working can't possibly be traced to Shorewall. Once 'shorewall start' has completed, there is no Shorewall code left running in your system at all. Unless you are using CONNLIMIT, there isn't any way that I know of that Shorewall could be mis-configured such that your problem could be resolved by 'conntrack -F'.
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
