On Wed, 12 Nov 2003, Julien Didron wrote: > I wish to use GnomeMeeting, for which I assume the only port that needs > opening is 1720. False. gnomemeeting uses H.323, which requires quite a lot of dynamic ports besides TCP port 1720. Unfortunately the current H.323 helper in patch-o-matic isn't compatible with GnomeMeeting, so the only way to go is to install a H.323 (gatekeeper/)proxy. > Now, how can I forward all incoming traffic to port 1720 on the router, to > one machine on the network that doesn't have a fixed IP (DHCP), but has name > on the domain thanks to DDNS (ex : abox.mydomain.net). No way. > Another question regarding ip_conntrack. After 5 days of use, I get the > following error in syslog : "ip_conntrack table full, dropping packet.". I > then increased the value in /proc/sys/net/ipv4/ip_conntrack_max, from 3048 to > 8192, but I think this is a quick fix that won't get me too far ... Is there > a mean of flushing that table ? If not, how can I lower the TCP connection > timeouts ? Remove the ip_conntrack module and all entries will be flushed. :-) If you have to keep track many connections it's better to tune the maximal number by setting a proper hashsize parameter when loading in the ip_conntrack module. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
