I was wondering if anyone has a solution to this problem.
I have a the following box that sits between our router and switch:
Pentium 200, 64 Mbyte RAM, Linux version 2.4.18-3 (bhcompile@xxxxxxxxxxxxxxxxxxxxxxxxxx)
(gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-110)), iptables v1.2.5
I almost never reboot this box, but lately I have noticed a dramatic increase in memory consumption.
I start out on bootup with about 40 MB or so free and in a weeks time its down to about 800KB.
When iptables is restarted and the rules flushed and reloaded I reclaim about 6024 KB, which then gradually
decreases back to about a meg in a 16 hour period.
I run about 400 rules on this box and ipt_conntrack_max is set at 4096.
I do want to add more memory to the box, but i have this strange feeling that it will just consume all of that aswell until
it reaches some kind of lower limit on allowable free memory.
Unfortunately I am not sure of how to count the number of simultaneous connection
but since we run a few mail and web-servers and also a few busy dns servers.
I estimate that there are about 300 connections per second.
My questions, if anyone has payed attention thus far :)
Why does iptables consume so much memory ?
Why does iptables appear to loose so much memory ? When regarding this question, consider the following:
On reboot and before loading of rules there is about 40 MB free ram. After loading the rules, and about two weeks uptime
there is about 800KB of free memory. After flushing the rules, theres only 6024 KB free.
Is there a slight possibility that this may be due to a memory leak of some sort ?
Thanks in advance for your help. Keep up the good work Netfilter .
Regards,
Cilliiè Burger SA-DOMAIN Internet Services
