Hi there, thx for the answer, but it seems as this doesnt fix my problem. It seems as if the value in "ip_conntrack_tcp_timeout_established" isnt interpreted, cause i see lots of entries like this in the ip_conntrack table: tcp 6 231752 ESTABLISHED src=yyy.yyy.yyy.yyy dst=xxx.xxx.xxx.xxx sport=3139 dport=6881 src=xxx.xxx.xxx.xxx dst=zzz.zzz.zzz.zzz sport=6881 dport=3139 [ASSURED] use=1 The third field is the timeout value i think? So this would be 231752 seconds, which is much larger then the value in ip_conntrack_tcp_timeout_established. Im running a 2.4.27 kernel with iptables 1.2.11. Is the value ignored in this versions by design? Any advices? Regards Bjoern Moritz Gartenmeister <moritz@xxxxxxxxxxxxxxxx> schrieb am 27.03.05 19:36:21: > > hi bjoern > > i changed this value to ten minutes. this reduced the ip_conntrack_count from 8000 to 3000 and it > saves memory. > > i don't notice any problems. it's possible that if you are using connections without keepalive > function, that they will probably suffer. but i assume, that connections without traffic for ten > minutes are anormal closed. > > regards > moritz > > Björn Eberth wrote: > > Hi there, > > > > the default value for "ip_conntrack_tcp_timeout_established" is set to 5 days. > > My problem is, that after about 2 days of using a filesharing client the ip_conntrack table runs full. > > Im using a dial-up connection with 24 hours reconnect. > > So my question is: Could i run into problems, if i set this value to 24 hours or something like this? > > > > Regards > > Bjoern > > > > ______________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
