Hi, On Tue, 1 Mar 2005, Matthew Schumacher wrote: > Since upgrading to 2.6.10 I have been having problems with my > ip_conntrack table filling up. It appears it is full of razor > (http://razor.sf.net) requests from my internal mail server. > > I raised the ip_conntrack_max to 8192 and there are only a few hosts > behind nat so I am certain something isn't getting flushed out. > > How do I go about diagnosing this. What specifically does ip_conntrack > need to see in the tcp session to mark the session as expired in the table? Run tcpdump and record at least one full session of the razor traffic. Best is if you capture the traffic on both side of the firewall in order to make sure nothing got lost. Collect anything relevant from the kernel log file and attach the /proc/net/ip_conntrack lines referring to the session. Post the collected data and then we can start to hunt down the reason of the problem. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
