RE: ip_conntrack problems with a dlink DSL504T

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi,
it sounds like the router has not enough memory.
i would try to lower the conntrack_max and test again if it runs stable.

greetz

> -----Original Message-----
> From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of Jorge
> Salamero
> Sent: Tuesday, May 31, 2005 12:08 PM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: ip_conntrack problems with a dlink DSL504T
> 
> 
> hi all,
> 
> i've a dlink dsl504T, a dsl router with linux embedded:
> # cat /proc/version
> Linux version 2.4.17_mvl21-malta-mips_fp_le 
> (victor@xxxxxxxxxxxxxxxxxxxxx) 
> (gcc version 2.95.3 20010315 (release/MontaVista)) #62 ¶g¤@ 
> 4¤ë 4 23:04:57 
> CST 2005
> 
> i've rised ip_conntrack_max because default was 512
> # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
> 2048
> 
> but after a while of using p2p (mldonkey) it seems it can't 
> handle more 
> connections ... even it takes a while to connect to it by telnet ...
> 
> i don't know how to count the number of stablished 
> connections because it uses 
> BusyBox v0.61.pre (2005.04.04-15:09+0000) and it doesn't have 
> netstat neither 
> wc :-/
> 
> i've take a look at /proc/net/ip_conntrack and i can see 
> this: (a few lines)
> tcp      6 205962 ESTABLISHED src=80.37.182.178 
> dst=81.34.11.12 sport=1985 
> dport=4662 [UNREPLIED] src=192.168.1.2 dst=80.37.182.178 sport=4662 
> dport=1985 [ASSURED] use=1
> tcp      6 30576 CLOSE_WAIT src=83.35.78.48 dst=81.34.11.12 
> sport=16451 
> dport=4662 src=192.168.1.2 dst=83.35.78.48 sport=4662 
> dport=16451 [ASSURED] 
> use=1
> tcp      6 24789 CLOSE_WAIT src=80.36.59.185 dst=81.34.11.12 
> sport=1530 
> dport=4662 src=192.168.1.2 dst=80.36.59.185 sport=4662 
> dport=1530 [ASSURED] 
> use=1
> tcp      6 188615 ESTABLISHED src=192.168.1.2 
> dst=62.162.220.71 sport=4662 
> dport=1434 [UNREPLIED] src=62.162.220.71 dst=81.34.11.12 sport=1434 
> dport=4662 [ASSURED] use=1
> 
> as far as i know, an assured connection can't be unreplied, true ?
> 
> do you know what's the problem ?
> 
> if you need more information about rules, modules loaded or 
> anything, ask for 
> it.
> 
> thanks in advance !
> 
> -- 
> Jorge Salamero Sanz (bencer)
> mail: <bencer@xxxxxxxxxxxxxx>
> blog: <http://bys.cauterized.net/>
> http: <http://www.cauterized.net/>
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux