On 10/17/08 14:46, Pranav Desai wrote:
Too many clients will have to change their settings. Not feasible in
our case.
*nod*
This is where auto-configure scripts come in to play.
If you can't, you cant. No point in ruffling any feathers over it. If
transparent proxying is working for you then go for it.
There is no info there, and the tables are not getting full. Here are
the conntrack settings.
net.ipv4.ip_conntrack_max = 1048576
net.ipv4.netfilter.ip_conntrack_buckets = 1048576
net.ipv4.netfilter.ip_conntrack_count = 63908
net.ipv4.netfilter.ip_conntrack_max = 1048576
If conntrack is not getting full I wonder if some packets are
accidentally not being associated and thus not being handled correctly.
Dare I say it, you may be looking at setting up TCPDump (or the likes)
to record all packets. That way when you do have packets that did not
get handled correctly you can go back and look at the rest of the
packets that should have been associated but were not.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
