Jan, Jan Engelhardt schrieb:
Vague guess.. You have too few memory and/or your connection table is full, hence connections are dropped and future packets can't find their original connection, resulting in INVALID. (Though I'd say they should become NEW again)
Thanks for your answer. How can I check and/or increase the memory limit for the netfilter connection tracking?
The machine has 4G of RAM, so I guess the overall memory should not be a problem.
best regards Bernhard -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
