Hi, On Wed, Mar 24, 2004 at 05:04:20PM +0100, Björn Reese wrote: > I have a strange Problem with (I guess) the Netfilter. I have a Proxy-Server running, that is dual-homed with a transparent Squid on one Interface listening. After some time, the syslog lists these messages: > > Mar 24 15:36:18 Proxy kernel: LIST_DELETE: net/ipv4/netfilter/ip_conntrack_core.c:299 `&ct->tuplehash[IP_CT_DIR_REPLY]'(e96c0d64) not in &ip_conntrack_hash[hr]. > Mar 24 15:36:39 Proxy kernel: LIST_DELETE: net/ipv4/netfilter/ip_conntrack_core.c:299 `&ct->tuplehash[IP_CT_DIR_REPLY]'(dd67fd24) not in &ip_conntrack_hash[hr]. > Mar 24 15:36:55 Proxy kernel: LIST_DELETE: net/ipv4/netfilter/ip_conntrack_core.c:299 `&ct->tuplehash[IP_CT_DIR_REPLY]'(dc976864) not in &ip_conntrack_hash[hr]. > > 5 seconds more... > and the server freezes... Although without your kernel config and exact iptables ruleset I cannot be sure, but I think you've found the same bug as Jonathan Cooper (and a few others). See the thread about the problem on netfilter-devel: http://lists.netfilter.org/pipermail/netfilter-devel/2004-March/014532.html Basically, you should try two things: - check if using CONFIG_IP_NF_NAT_LOCAL (NAT of local connections) solves the problem - if i does, please try if Henrik's patch at http://lists.netfilter.org/pipermail/netfilter-devel/2004-March/014616.html solves your problem To try the patch would be especially useful. -- KOVACS Krisztian
