On Mon, 3 Nov 2003, Warren P wrote: > since i've upgraded squid to 2.5stable4, my ip_conntrack > table seems to be filling within hours, eventually i had to > increase it from 65528 to 163840. And after 3 days, it > neared this limit as well. Once the ip_conntrak is full, > the server starts dropping packets.
This is not normal, and a sign of a major bug in the version of ip_conntrack you are using. No matter what Squid is doing it MUST NOT be able to cause these symptoms in ip_conntrack, or else ip_conntrack is flawed. Please contact the netfilter developers to have this netfilter bug resolved. Note: I have not heard of this specific problem with ip_conntrack before, neither in the Squid discussions or the Netfilter developer discussions. Regards Henrik
