Hi, I'm experiencing a weird problem here. I start use ip_conntrack for stateful packet filtering on a machine that mainly does ftp server. it accepts state == NEW connections to port 21, and ESTABLISHED,RELATED to all hiports (1024-65535 TCP). The machine is highly unstable since then. I notice that the number of cat /proc/net/ip_conntrack | grep ESTABLISHED | grep UNREPLIED | wc -l is steadily rising, and when it reaches something close to 65500 (the max_ip_conntrack limit), the machine crashes. Can anyone explain me what the purpose of a ESTABLISHED UNREPLIED connection is? It doesn't make any sense to me (how can a connection be established when its unreplied) ? Thanks in advance, Dirk (PS iptables script available off-list)
