Hello On Tue, Jan 14, 2003 at 02:43:45PM +0100, Filip Sneppe wrote: > On Tue, 2003-01-14 at 13:12, Christian Hammers wrote: > > I had ipt_conntrack.o loaded (see last mail) and then removed. But still > > my /proc/net/ip_conntrack got filled up. > > Then I did "echo '10000' > /proc/sys/net/ipv4/ip_conntrack_max" and it > > still raised. > > Now, after waiting 10min or so the values are slightly falling (I had > > fear that it crashed when reaching 0xffff).. > > > > Are the first two events signs for a bug or is it expected behaviour > > that somehow the conntrack code remains in the kernel even if the module > > has been removed? > > You sure it's not due to a typo ? It's ip_conntrack.o, not > ipt_conntrack. After an rmmod, what does lsmod say ? Ok, that was just a typo while writing the mail. I always checked with lsmod as user root. Currently: /home/ch# lsmod Module Size Used by Not tainted ipt_LOG 3200 2 (autoclean) iptable_filter 1760 1 (autoclean) ip_tables 13184 2 [ipt_LOG iptable_filter] dummy 1088 1 eepro100 18444 3 mii 2320 0 [eepro100] unix 13892 14 (autoclean) > About the high nuber of tracked connections, are you > talking about /proc/net/ip_conntrack ? Yes. As wrote in my previous mail (should have written it here, too), this router does asymetric routing, i.e. the packets for a connection come in over it but the answer packets go out via another router. So it will almost never see a real 3way tcp handshake or the like. Fitting to this explanation, the kind of traffic in the /proc/net/ip_conntrack is 99.9% "UNREPLIED" but apart from that absolutely normal traffic (mostly port 80 and usual IPs). > Regards, > Filip bye, -christian- -- Christian Hammers WESTEND GmbH | Internet-Business-Provider Technik CISCO Systems Partner - Authorized Reseller Lütticher Strasse 10 Tel 0241/701333-11 ch@westend.com D-52064 Aachen Fax 0241/911879