Bernhard Bock wrote: > Jan, > > Jan Engelhardt schrieb: >> Vague guess.. >> You have too few memory and/or your connection table is full, hence >> connections are dropped and future packets can't find their >> original connection, resulting in INVALID. (Though I'd say they >> should become NEW again) > > Thanks for your answer. How can I check and/or increase the memory limit > for the netfilter connection tracking? > > The machine has 4G of RAM, so I guess the overall memory should not be a > problem. This document is a nice kick off: http://www.wallfire.org/misc/netfilter_conntrack_perf.txt -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
