On Wednesday 12 November 2003 10:35 am, Julien Didron wrote:
> Hello list,
>
> I wish to use GnomeMeeting, for which I assume the only port that needs
> opening is 1720.
> Now, how can I forward all incoming traffic to port 1720 on the router, to
> one machine on the network that doesn't have a fixed IP (DHCP), but has
> name on the domain thanks to DDNS (ex : abox.mydomain.net).
netfilter can only redirect packets to known IP addresses.
> Another question regarding ip_conntrack. After 5 days of use, I get the
> following error in syslog : "ip_conntrack table full, dropping packet.". I
> then increased the value in /proc/sys/net/ipv4/ip_conntrack_max, from 3048
> to 8192, but I think this is a quick fix that won't get me too far ...
Several thousand active connections is a *lot*. Unless you have a very
large network (maybe you do?), this would suggest something sinister, such as
a worm-infected machine attempting to connect to other machines out on the
Internet and leaving lots of half-open connections in the conntrack table.
Look at the entries in the conntrack table and identify what the problem is
instead of simply making the table larger and allowing the problem to get
bigger.
> Is there a mean of flushing that table ? If not, how can I lower the TCP
> connection timeouts ?
Again, not really the right solution. Find out what machine/s is/are
filling upyour conntrack tableand fix them so that they don't. A healthy
network in normal operation doesn't fill up a conntrack table.
Antony.
--
When do you expect the official release of the 2.6.0 kernel?
Rusty Russell: From previous releases, a pattern has emerged: exactly 6
months before it's ready.
Please reply to the list;
please don't CC me.
