is there a way to dynamically change the limit : kernel: ip_conntrack:
maximum limit of 16384 entries exceeded ?
grepping in the documentation didn't tell much here.
either a newssus scan or a weird ftp server I tried to connect to,
caused the table to fill pretty fast and all other connections stopped
for a short time.
the entries are similar btw in /proc/net/ip_conntrack :
tcp 6 425335 ESTABLISHED src=203.45.72.96 dst=203.45.72.96
sport=28480 dport=21 [UNREPLIED] src=203.45.72.96 dst=203.45.72.96
sport=21 dport=28480 use=1
the source and dest are always the same. weird. currently 15443
entries.
--
Grobbebol's Home | Don't give in to spammers. -o)
http://www.xs4all.nl/~bengel | Use your real e-mail address /\
Linux 2.2.16 SMP 2x466MHz / 256 MB | on Usenet. _\_v
In message <[email protected]> you write:
>
> is there a way to dynamically change the limit : kernel: ip_conntrack:
> maximum limit of 16384 entries exceeded ?
echo 32768 > /proc/net/ipv4/ip_conntrack_max
Don't increase it too much, or your efficiency will go out the window
(the hash table size doesn't increase).
> either a newssus scan or a weird ftp server I tried to connect to,
> caused the table to fill pretty fast and all other connections stopped
> for a short time.
It will start dropping "unreplied" connections.
Rusty.
--
Premature optmztion is rt of all evl. --DK